Designing User Security Controls in SaaS Shared Security Model

Eetu Korhonen, Threat Research Manager for Netskope

Eetu Korhonen

Complex productivity tools delivered as Software-as-a-Service (SaaS) such as Salesforce, Microsoft 365 or Zoom often implement their own versions of a Shared Responsibility Model usually encountered in Public Cloud operations. This is often necessitated by the nature of complex SaaS productivity tools, where the platform provider inherently lacks control over the vast amounts of content being produced, manipulated, and shared by users. In such environments, effective user-facing security controls become paramount. This talk delves into the critical aspects of designing these controls within SaaS applications, emphasizing patterns that allow for centralized management and automation of security policies. Drawing upon the analysis of numerous SaaS platforms across diverse functionalities, we will explore common patterns observed in user security control implementations, highlight frequently encountered pitfalls, and present actionable solutions.


Explore the conference agenda

Workshops
Thursday Track 1
Thursday Track 2
Register now!
Friday Track 1
Friday Track 2
Open Source Security Foundation
OWASP Foundation
Open regulatory compliance working group (ORCWG.ORG)

Register today!