THE SEC (Securities and Exchange Commission) demanded revelations about the cybersecurity that public companies, including software as a service (SaaS) companies, must comply with.
The new cybersecurity guidelines do not distinguish between data exposed to a breach and data stored in the cloud or in SaaS environments. According to the SEC itself, "We do not believe that a reasonable investor would consider a significant Oversight data as insignificant simply because the data is hosted in a cloud service."
See more: Strengthening cybersecurity with strategic defence in depth
Why are the risks of SaaS and SaaS-to-SaaS connectivity important to the SEC - and to your organization?
Security in SaaS presents significant contradictions between perception and reality. Reports from companies such as AppOmni and SEC reveal that many organizations rate security maturity in the SaaS sector highly, but at the same time are experiencing an increasing number of security incidents. SaaS-to-SaaS connections, often created to increase productivity, increase the risks of data leakage. Governance challenges and security risks are compounded by the complexity of these connections, as outside the firewall they are difficult to detect. Investors and the market need to take these risks into account as data affecting businesses is now vulnerable through interconnected digital pipes.
"Follow The Data" is the new "Follow The Money"
The Securities and Exchange Commission expands its cyber regulation, citing increasing attacks on services Software as a service (SaaS). The new regulations introduce requirements for risk assessment and risk management, boosting investor confidence. Incident disclosure and a proactive cybersecurity culture are critical. Risk assessment and management in SaaS systems is essential to prevent data breaches and their consequences.
How to protect and monitor SaaS systems and SaaS-to-SaaS connections
The SaaS security management tool (SSPM) is essential for reducing risks in SaaS applications. With SSPM, all connections and licenses are monitored and evaluated, and alerts are made for changes and suspicious activity. CISOs and security teams face challenges due to the lack of proper detection tools, however SSPM captures activity, providing ready response and alerts.
See also: Phishing: Rapidly increasing abuse of legitimate SaaS platforms
Strengthening SaaS security is very important, regardless of the possible imposition of new regulations by the SEC, as it ensures protection data and investments.
Source: thehackernews.com
 απαίτησε αποκαλύψεις για την κυβερνοασφάλεια που πρέπει να τηρούν οι δημόσιες εταιρείες, συμπεριλαμβανομένων των εταιρειών λογισμικού ως υπηρεσία (SaaS).){kind=link}