Patrick Opet, CISO of JPMorgan Chase, warns that the increasing adoption of the Software as a Service (SaaS) model poses significant risks to cybersecurity and the global economy. In an open letter, he calls for SaaS providers to focus more on security rather than rushing feature development. Mark Townsend emphasizes that customers must trust vendors with their data, yet the opacity of security measures can be troubling. The letter sparks necessary dialogue about the inadequacy of current security practices among software providers.
The modern 'software as a service' (SaaS) delivery model is quietly enabling cyber attackers and – as its adoption grows – is creating a substantial vulnerability that is weakening the global economic system.
When buying SaaS, you're buying a system deployed by a vendor that you are trusting your data to. Many will provide an annual pen test report and demonstrate alignment with SOC2 and other standards, but as the author points out, a lot happens within these apps, and the infrastructure that enables them, over the course of a year.
The security of these systems is fairly opaque and requires a bit more transparency between the vendor and the consumer as to how the data is secured.
It inspires constructive conversations that I think are necessary and important to have. It points to a frustration among consumers that vendors are simply not doing enough and must address these security concerns.
Collection
[
|
...
]