Software as a Service (SaaS)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we're going to talk about our third
00:00
and final service model:
00:00
Software as a Service or SaaS.
00:00
It's one of the most commonly used versions
00:00
of cloud services out there.
00:00
You will find that you use SaaS application
00:00
probably every single day of
00:00
your life whether you know it or not.
00:00
The learning objectives are
00:00
>> define Software as a Service,
00:00
>> describe the common aspects of
00:00
>> software in this instance,
00:00
>> and identify whether SaaS
00:00
would be appropriate for a specific business case.
00:00
Software as a Service.
00:00
Basically, it's an application
00:00
that is accessible to a customer anytime
00:00
a customer is paying either a monthly or a usage
00:00
fee to utilize some application
00:00
that's out there hosted in the cloud.
00:00
That is an example of Software as a Service.
00:00
There are many large vendors out
00:00
there for a Software as a Service such as Salesforce,
00:00
Workday, ServiceNow.
00:00
>> These are some of the big guys.
00:00
>> Companies use them as
00:00
customer relationship management solutions.
00:00
They are putting their data and
00:00
leveraging the applications hosted by
00:00
these providers in cloud environments
00:00
to analyze their payroll, their sales data,
00:00
provide all kinds of analytics, you name it.
00:00
>> Also many common email solution,
00:00
>> such as G Suite, Microsoft 365.
00:00
These are also examples of cloud-based SaaS solutions.
00:00
The main thing is that the customer is
00:00
really only responsible for protecting their data
00:00
going into the cloud if they're utilizing APIs,
00:00
ensuring that they're sending
00:00
that data over an encrypted channel.
00:00
However, the cloud provider,
00:00
in this instance, for the SaaS product,
00:00
they have all the responsibility over
00:00
maintaining the security of the applications,
00:00
ensuring that the APIs are constructed in a secure way,
00:00
and protecting any data
00:00
that's processed within their app.
00:00
SaaS provider can also be
00:00
different than the platform provider,
00:00
than the infrastructure provider,
00:00
or it could all be the same
00:00
organization all the way down.
00:00
However, from a security perspective, when using SaaS,
00:00
the customer is really only responsible
00:00
for the data they put in the app and
00:00
adhering to any security guidelines
00:00
that the SaaS provider gives them.
00:00
Let's think about this. What are some of
00:00
the SaaS applications that you use every single day?
00:00
Many of the mobile apps on your phone are
00:00
SaaS if you're paying for
00:00
a service, such as using a mindfulness application
00:00
or a fitness app that charges you on a monthly basis,
00:00
you're using a SaaS application.
00:00
Some apps are free,
00:00
but they sell the data from your usage.
00:00
That's also SaaS in [inaudible] way.
00:00
In terms of the dividing line of the relationship,
00:00
the SaaS provider is really responsible
00:00
for maintaining the application,
00:00
making sure any data that customers put in there
00:00
is handled in a secure and appropriate manner,
00:00
and the customer really just puts in their data.
00:00
Now, they should be
00:00
a good steward of that data in
00:00
the way that they put it in,
00:00
or not misusing the app in
00:00
any way that are against its terms of service.
00:00
The advantages are, SaaS applications,
00:00
they help businesses focus on what they do best.
00:00
The applications for many of these large ERP providers,
00:00
they provide all these: tax calculations, payroll,
00:00
>> sales, or all of these other analytic capabilities.
00:00
>> The business doesn't really have to focus on that.
00:00
They can focus on whatever their core mission is.
00:00
However, the disadvantages over
00:00
security and a configuration perspective,
00:00
you give up a lot of
00:00
the control when you are putting
00:00
your data in that SaaS application.
00:00
Any business organization should be very
00:00
wary to vet an application
00:00
very thoroughly before engaging with
00:00
a SaaS provider to
00:00
ensure that their controls are appropriate.
00:00
Because once you start using the solution,
00:00
there's very little you can do other than
00:00
periodically reviewing the controls
00:00
of that SaaS provider.
00:00
In summary, we talked about the components of SaaS,
00:00
we talked about some of the common uses
00:00
of SaaS applications,
00:00
and also talked about some degree
00:00
of shared responsibility for
00:00
security that comes with using Software as a Service.
00:00
I'll see you in the next lesson.
Up Next