Publication Date: 2021/12/13
Abstract: The adoption of Software as a Service (SaaS) is becoming prevalent. With its ease of use and cost savings in time and management, many customers are shifting to usage of third- party applications to help them streamline and manage their business processes efficiently and effectively. SaaS providers must ensure that customer data is secure. To effectively manage the risks surrounding SaaS provider’s IT infrastructure, a risk management framework was developed to identify, mitigate and evaluate potential impact of risks. This framework provided visibility into infrastructure security risks. It mapped the infrastructure of SaaS provider in compliance with ISO 31000:2018 and NIST Cyber security Framework. The risk management framework helped the SaaS provider better understand the security risks surrounding its SaaS solution. It also helped in the secure deployment of SaaS projects to drive improved user experience and high customer satisfaction. The gap assessment showed the areas where improvement must be made. Additional scenarios and continuous monitoring are needed to avoid a false sense of security
Keywords: SaaS; risk management framework; security controls
DOI: No DOI Available
PDF: https://ijirst.demo4.arinfotech.co/assets/upload/files/IJISRT21NOV694.pdf
REFERENCES