August 30, 2022
Magicians work by misdirection. The same is true in managing federal in federal information technology.
Let’s say you have done your work with compliance on your Infrastructure as a Service Platform and your Platform as a Service. Malicious actors know this all too well. As a result, they look at the weak spot – the apps themselves. It is possible that your eyes were on the wrong part of the system.
Some pay lip service to app security. For example, when an Authority to Operate is granted, security of your apps may be given an overview, then ignored. Sometimes, a review of app security does not take place until the three-year expiration
"So 'S-S-P-M' stands for SaaS Security, Posture Management. It is a somewhat unfortunate acronym or name given to the category because it focuses on only one aspect of SaaS security""
If not continuously monitored, mismanaged apps can put your agency’s system out of control. Line of business users may decide to sign up for a SaaS product without the security people being informed. Systems can be misconfigured. Data can be misclassified. You may have people who have left your agency and there are unnecessary user accounts extant.
Securing apps on a hybrid cloud needs regular posture assessment. In the commercial world there are products classified as SaaS Security Resource Management systems. During the interview, Brandon Conley, details how a platform that examines apps can eliminate configuration issues, structure user permissions, and assist with changed in compliance requirements.
If you enjoyed this podcast, you may want to listen to episode #17 Forms, Friction, Feds: How the Federal Government can Reduce Cost and Increase Security by Forms Management
John Gilroy
Has been behind a microphone since 1991. He can help you structure, launch, and promote your company podcast. johngilroy@theoakmontgroupllc.com
Leave a Reply