S4E16: Alfredo Hickman - SaaS Security & Third-Party Risk Management
Chris - Why do you think SaaS security is so overlooked in the conversation around cloud security, despite SaaS being so pervasive?Chris - SaaS obviously involves a lot of third-party integrations. What are the risks o f these ungoverned integrations and can they have a cascading impact if one of the providers has an incident?Nikki - Chris and I have talked a lot about software security, SBOM's, and what does open source security look like. As a leader in the cybersecurity community, what are you most concerned with when it comes to third-party risk and software supply chain?Nikki - When we talk about SaaS and application management at organizations, what do you think about how SaaS applies to building relationships and working together with other organizations? Nikki - When it comes to integration between SaaS products and a cloud infrastructure, what do you think about as far as risk and how to manage risk within organizations? Chris - If we're trying to handle threats, how important is it to understand integrations from the perspective of who created it, why, what data it involves etc?Chris - How do organizations start to get a handle on governing SaaS and their third-party integrations to mitigate these risks? Nikki - I see you posting recently about exercise/fitness - this is a topic Chris and I discuss often. The balance of physical well-being and being present at work. What do you think about the balance of physical and mental pursuits? Nikki - What does cyber resilience mean to you?