Authors :
Rachelle De Los Santos
Volume/Issue :
Volume 6 - 2021, Issue 11 - November
Google Scholar :
http://bitly.ws/gu88
Scribd :
https://bit.ly/3GELwyh
Abstract :
The adoption of Software as a Service (SaaS) is
becoming prevalent. With its ease of use and cost savings
in time and management, many customers are shifting to
usage of third- party applications to help them streamline
and manage their business processes efficiently and
effectively. SaaS providers must ensure that customer data
is secure. To effectively manage the risks surrounding
SaaS provider’s IT infrastructure, a risk management
framework was developed to identify, mitigate and
evaluate potential impact of risks. This framework
provided visibility into infrastructure security risks. It
mapped the infrastructure of SaaS provider in compliance
with ISO 31000:2018 and NIST Cyber security
Framework. The risk management framework helped the
SaaS provider better understand the security risks
surrounding its SaaS solution. It also helped in the secure
deployment of SaaS projects to drive improved user
experience and high customer satisfaction. The gap
assessment showed the areas where improvement must be
made. Additional scenarios and continuous monitoring are
needed to avoid a false sense of security
Keywords :
SaaS; risk management framework; security controls
The adoption of Software as a Service (SaaS) is
becoming prevalent. With its ease of use and cost savings
in time and management, many customers are shifting to
usage of third- party applications to help them streamline
and manage their business processes efficiently and
effectively. SaaS providers must ensure that customer data
is secure. To effectively manage the risks surrounding
SaaS provider’s IT infrastructure, a risk management
framework was developed to identify, mitigate and
evaluate potential impact of risks. This framework
provided visibility into infrastructure security risks. It
mapped the infrastructure of SaaS provider in compliance
with ISO 31000:2018 and NIST Cyber security
Framework. The risk management framework helped the
SaaS provider better understand the security risks
surrounding its SaaS solution. It also helped in the secure
deployment of SaaS projects to drive improved user
experience and high customer satisfaction. The gap
assessment showed the areas where improvement must be
made. Additional scenarios and continuous monitoring are
needed to avoid a false sense of security
Keywords :
SaaS; risk management framework; security controls