KEMBAR78
SaaS Security Checklist Guide | PDF | Cloud Computing | Security
Scribd
Upload
670 views3 pages

SaaS Security Checklist Guide

This document is a checklist for business managers to evaluate their organization's SaaS security practices across multiple domains, including use of multiple cloud providers, application performance, advanced security resources, data center locations, audit readiness, data security practices, access controls, and responsibilities. It recommends businesses contact their cloud provider for a risk assessment if they answer "no" to any questions or have commented answers, to help address risks.

Uploaded by

Santhanamariyan T
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
670 views3 pages

SaaS Security Checklist Guide

This document is a checklist for business managers to evaluate their organization's SaaS security practices across multiple domains, including use of multiple cloud providers, application performance, advanced security resources, data center locations, audit readiness, data security practices, access controls, and responsibilities. It recommends businesses contact their cloud provider for a risk assessment if they answer "no" to any questions or have commented answers, to help address risks.

Uploaded by

Santhanamariyan T
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SaaS Security Checklist

Business Manager’s Checklist for SaaS Security

YES NO OTHER CHOICES COMMENTS


MULTIPLE CLOUD PROVIDERS

Are you using cloud applications and services


from multiple cloud providers? How many?

Are you aware of possible increased risk


associated with every integration point with each
unique cloud provider?

Does your current cloud provider offer seamless


integration cloud services to help you connect
your applications easily and securely? If yes,
what services do they offer?

Does your cloud provider allow you to easily and


securely access your data across multiple cloud
environments?

How often do you meet with IT staff about Not often Weekly
security?
Monthly Quarterly

Annually

APPLICATION PERFORMANCE

Does your current cloud provider co-mingle


customer data causing slow system
performance and increased risk? (i.e. one
shared database for all customer data)

Have you experienced prolonged unexpected


cloud application downtime? At peak seasonal
business times?
(Comment)
What are current cloud provider's availability
guarantees? Is credit given for non-performance?

ADVANCED SECURITY RESOURCES

Do you have recently trained, experienced


cloud security staff and budget to
manage IT security?

Does your cloud provider continuously develop


advanced security options as threat tactics
change?

Does your cloud provider offer advanced


automated SaaS security monitoring services that
detect malicious users and alert across cloud
applications and cloud providers?
YES NO OTHER CHOICES COMMENTS
DATA CENTERS & DATA RESIDENCY

Do you run, manage, secure your own data


centers? Have you measured the cost?

Does your cloud provider have multiple data center


locations around the world?
(Comment)
What are your challenges for meeting GDPR
requirements? (i.e. citizens located or data located in
the European Union)

AUDIT READINESS

Do you have challenges in meeting regulatory,


policy and compliance requirements?

How do you currently manage governance, risk and


compliance requirements?
– Manually?

– Are spreadsheets and emails used?

– Fully automated

How often do you reference standards for security


compliance? (i.e. SOC, HiTrust, NIST,etc)
Not Often Quarterly Annually
Could you benefit from more logging and automation
for reporting during security audits?

KNOW YOUR DATA / MANAGING BREACHES

Do you have a risk assessment process


documented for cloud providers?

Only during Revisit


If yes, how often do you use?
buying process Regularly

Do you know what data types you currently have and


their level of security importance? (PII, credit card,
HR data, financial data)

What are you doing to raise employee awareness (Comment)


around security?

How often do you conduct regular security checks as Monthly Weekly


an organization?
Annually Quarterly

Are there policies in place for guidance on


phishing emails?

Are you aware of any sensitive data breaches within


your organization?
What are the reporting policies and timeframes,
(Comment)
if a breach occurs?
YES NO OTHER CHOICES COMMENTS
GLOBAL ACCESS CONTROLS

Can you consistently onboard and offboard


your global workforce as needed, with audit
tracking?

Does your cloud provider offer centralized


identity management and federated single
sign-on capabilities?

How do you currently manage access across (Comment)


multiple cloud applications?

Does your current cloud provider disallow data


visibility to all of its administrators?

Does your current cloud provider practice least


privilege practices (users see only data that’s
related to their job-specific duties) and denied by
default (automatically denied unless otherwise
modified)?

SOME COMPANY
RESPONSIBILITIES

Does your company have security policies,


standards and procedures, to protect your
data such as:

– Up-to-date antivirus and malware checks


performed on files before importing or uploading
data to the cloud

– Implement best practice processes to maintain


role-based user accounts and access

Adequate physical/network security and


monitoring to prevent unauthorized access and
reduce risk from real time threats such as:

– Intrusion detection software

– Global access controls

– Firewalls

– Autonomous management tools

Instructions: If you answered "no" to any of these questions or commented answers, you may be incurring additional risk for
your business. Consider a risk consultation or assessment from a qualified cloud provider.

Oracle is here to help you with answers to all your cloud provider questions.
Phone: +1.800.633.0738 or contact your Oracle Sales Representative at:
https://www.oracle.com/corporate/contact

For more information please visit: https://www.oracle.com/applications/

You might also like