Managing SaaS risks for cloud customers CSA Congress EMEA 2016 16 November 2016

Erick Borsboom Security lead, Ribose © 2016 Ribose. Public.

© 2016 Ribose. Public.

PROBLEM

There are 100’s of SaaS for every IaaS/PaaS SaaS spending is almost 80% of global cloud service spending (US $204bn1)

PaaS 4%

SaaS nearly 60% of cloud workloads, and increasing in share2

IaaS 17%

SaaS (+BPaaS +SecaaS) 79%

Vendors numbers worldwide3: IaaS + PaaS (less than 500) vs SaaS (>12,000) [1] Gartner, 2016; [2] Cisco, 2014, [3] Quora, 2015

© 2016 Ribose. Public.

PROBLEM

SaaS has penetrated every organization and is increasingly important 84% have adopted at least one SaaS organization-wide1

25% of SaaS adopters are already heavily reliant on SaaS2

SaaS adoption strengthening by year3 SaaS adoption attitudes

Pure SaaS, 4%

Mostly SaaS, 20%

SaaS Adopter 84%

Under half, 76%

Increasing

25%

In place

24% 22% 8% 4%

Implementing

10% 14%

Considering

22%

No activity 0%

SaaS is increasingly important [1] CSA 2016; [2] CSA 2016; [3] Computer Economics 2015, 2016

36%

20%

2016

35% 40%

2015

© 2016 Ribose. Public.

PROBLEM

Yet SaaS services are black boxes, and are often the weakest link in security ⬣ ⬣ ⬣

⬣

Security/privacy is the #1 concern in SaaS adoption1 SaaS services are often black boxes ⬣ No transparency = no control Often the weakest link ⬣ Over 77% have experienced SaaS security incidents2 Lack of visibility3 ⬣ 28% have no access into user logins ⬣ 29% have no audit logs ⬣