SaaS Governance
  • Subject matter experts are also welcomed to join the SaaS Governance WG by submitting your request HERE.
  • Read more about SaaS Governance WG on our CSA Global page HERE.

Security and privacy are the primary concerns for organizations considering SaaS adoption, and recent research indicates that 77% of SaaS-adopting organizations have experienced SaaS-specific security incidents. SaaS services account for the bulk of the cloud industry market, and any security incident could critically impact cloud customers.

SaaS services present unique risks to their cloud customers:
  • they are highly business process specific
  • they handle and store critical business and personal data
  • they integrate a broad array of service components, operating over a deep application stack
  • they may depend on multiple cloud service providers

​Due to heavy competitive pressure in the SaaS market today, security is too often not a top priority for SaaS providers – especially for the smaller providers that may not have the necessary security expertise to identify and manage the risks that could impact cloud customers and the cloud provider’s own operations.

The SaaS Governance Working Group will encourage and define mechanisms for customers and service providers to cooperate and work closely with each other to manage SaaS risks and ensure the security of customer data and the resilience of the SaaS cloud infrastructure.

Scope
The scope for the SaaS Governance working group includes, but is not limited to:
  • Develop a baseline set of fundamental SaaS governance practices for SaaS Providers and Customers.
  • Develop a library and mitigation measures of SaaS-specific risks for SaaS Providers and Customers.
  • Develop a practical security guide to help SaaS Providers implement secure SaaS delivery to best protect cloud customer data.
  • To share any newly developed security controls other relevant CSA initiatives.

Goals
The objectives of SaaS Governance will include:
  • Encourage and define mechanisms for customers and service providers to cooperate and work closely with each other to manage SaaS risks
  • Ensure the security of customer data and the resilience of the SaaS cloud infrastructure