"The cause of the latter may be the shared security responsibility model. Security for SaaS is delivered by the shared responsibility model. The provider is responsible for the security the cloud - it secures the core application and the infrastructure it runs on. The customer is responsible for security the cloud - their own data, user accounts and access, and correctly configuring the security settings offered by the individual provider."
"The problem is little conformity from the providers. Each may offer different settings in a different manner requiring a different level of effort from the customer - and this applies to each SaaS in use, placing a heavy load on the customer. If the customer uses just one SaaS product, it is manageable. But most companies have adopted many, and sometimes hundreds of, SaaS applications - each of which must be configured separately."
SaaS security operates under a shared responsibility model where providers secure cloud infrastructure and core applications while customers secure in-cloud elements such as data, user accounts, access, and configuration. Providers expose disparate security settings and tools, forcing customers to configure each SaaS separately. Organizations often use dozens or hundreds of SaaS applications, multiplying configuration effort and increasing risk because complexity undermines security. The Cloud Security Alliance SaaS Working Group developed the SaaS Security Capability Framework (SSCF) to define standardized customer-facing configuration hooks. Standardized hooks aim to reduce time, effort, and complexity and help customers meet shared-responsibility obligations more effectively.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]