SaaS vendors must build ecosystem-driven security integration capabilities

It is not a surprise to see that compliance, privacy, incident response, configuration and monitoring capabilities are the top factors that organizations consider when assessing the security capabilities of SaaS vendors. But our recent cybersecurity survey also revealed quite a surprising finding: ecosystem-driven integration entered the list of top five factors. Two out of three cybersecurity executives highlighted that the ability of SaaS vendors to provide advanced integration capabilities with a wide partner ecosystem is now a critical factor when evaluating the security capabilities of SaaS vendors.

• Seventy-nine percent (79%) of cybersecurity executives consider that the ability to meet regulatory and compliance requirements is a very important factor when assessing the security capabilities of SaaS vendors. To obtain this assurance, organizations usually require proof that SaaS vendors have proper controls in place, reviewed periodically by an independent firm (the System and Organization Controls report, SOC 2, is typically the most appropriate for SaaS solutions).
• Seventy-five percent (75%) consider that the ability of SaaS vendors to meet their local data-privacy and data-residency requirements is a very important factor too.
• Seventy-three percent (73%) flagged that well-defined incident response policies and plans, that cover a wide range of cloud security incidents, are critical factors when assessing the security of SaaS vendors.
• Seventy-two percent (72%) of cybersecurity executives mentioned that advanced configuration and monitoring capabilities are very important factors that they take into account during the security assessment of SaaS vendors.
• Last but not least, sixty-eight percent (68%) mentioned that advanced integration capabilities are among the top five critical factors when evaluating the security of SaaS vendors. The ability to integrate SaaS products with a wide range of IT and security platforms (for data consumption and both inbound/ outbound actions) is becoming a must-have requirement, as organizations actively look to unify security orchestration, automation, and response activities across the enterprise.

The Bottom Line: Organizations must look now at “partner enablement” as a growing priority for assessing security capabilities of SaaS products.

SaaS vendors have historically been “vague” about security, but organizations have played a great role in pushing them to be much more transparent about their capabilities.

Nowadays, SaaS vendors that fail to meet critical security requirements, such as compliance, privacy, incident response and monitoring, will simply not go beyond the RFI (request for information) stage. But organizations must also look now at “partner enablement” as a growing priority for assessing security capabilities of SaaS products. It’s high time for organizations to force the hand of SaaS vendors to accelerate the deployment of an ecosystem-driven integration approach.

Explore the HFS Pulse Dashboard

Take a look at the breadth of data in our Pulse Dashboard, which showcases data about current and future demand trends for technology and business services and related emerging technologies. See more here.