SaaS products have exploded in popularity in recent years as they have matured and added functionality. You’re probably already aware of the shared responsibility model which says that although the SaaS provider will take responsibility for securing their infrastructure, you’re still responsible for securing your data.
How much control you have over the SaaS platform is highly dependent on the product itself and what levers the vendor exposes that can be configured. Our SaaS Security Architecture service will assess areas such as:
Salesforce is a widely used cloud-based Customer Relationship Management (CRM) platform that has been around for over 20 years, which means there are many great controls and features available for protecting your data.
A common problem we discover is that although Salesforce provides the appropriate controls, those controls are either not implemented or misconfigured and this can foster a false sense of security. We have worked with large Salesforce deployments at Telco and Financial Services customers that have implemented our recommended configuration and processes, which was then audited by the vendor. The result of the audit was that Salesforce informed our client that their instance was one of the most secure deployments they have observed, worldwide.
Mulesoft is a platform that enables you to design, build, and manage APIs, integrations, and microservices across any cloud or on-premise environment. It allows you to create reusable and scalable components that connect data, processes, and systems using a low-code approach.
API security is a crucial aspect of any API gateway and it’s important to architect your deployment correctly, so APIs that are deployed onto the platform can be secure by design and enforce the appropriate security controls such as tokenization of sensitive data.
ServiceNow is a cloud-based platform that provides IT service management, IT operations management, and IT business management solutions. ServiceNow enables organizations to automate workflows, integrate systems, and optimize processes across various domains, such as IT, HR, security, customer service, and more. ServiceNow also offers a rich set of APIs and tools for developing custom applications and integrations – and it’s that extensibility that introduces security risk.