Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Intersection of Enterprise SaaS Adoption and Information Security

  • Tuesday, March 10, 2015 at 1:00 PM EDT (2015-03-10 17:00:00 UTC)
  • Danelle Au, Dave Shackleford


  • Adallom

You can now attend the webcast using your mobile device!



There is a perception from the business that, if it adopts a cloud service, the provider will take care of security. This is true to some degree, because cloud providers are responsible for all the infrastructure that drives SaaS applications. When using a sanctioned cloud service, users do not need to run the networking, servers, storage, firewalls, intrusion prevention systems (IPSs), distributed denial of service (DDoS), infrastructure access control and security operations centers (SOCs). With SaaS, these security elements are "built-in," with a simple per-user, per-month billing model that enterprise SaaS applications deliver. For the large SaaS providers, such as Salesforce, Microsoft, IBM, Google, the business can also make the entirely valid claim that these providers have a bigger and better resourced security team.

However, there are many aspects of SaaS security that most organizations may not know about or pay attention to. Examples of questions organizations may need to ask include:

  • Do you have visibility into which users are sharing data, and what data are they sharing
  • From where are users accessing SaaS services and data?
  • Can you enforce policy that can prevent, restrict or detail access from undesirable devices, unwanted behavior, geographic regions and IP addresses?
  • If a business wants to run a category of SaaS application (CRM, storage or productivity), how can you ensure your organization are proactively recommending one that is business-ready?
  • How can I detect (and then deny) malicious actors who have accessed my applications yet have valid user credentials?
  • If your organization selects a cloud service that might not have the compensating controls I need (encryption, tokenization or data loss prevention), how can you mitigate this?

In this webcast, we'll cover a variety of controls and considerations related to SaaS security, with recommendations on how to improve the security posture of your SaaS implementations.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Danelle Au

Danelle Au is VP of Marketing at Adallom, a SaaS security company. Danelle has more than 15 years of experience bringing new and innovative security technologies to market, and is a frequent speaker at conferences. Prior to Adallom, Danelle was responsible for solutions marketing at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. She was also co-founder of a high-speed networking chipset startup. She is co-author of an IP Communications Book, "Cisco IP Communications Express: Operation, Implementation and Design Guide for the Small and Branch Office" and holds 2 U.S. Patents.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.