Intelligent CIO North America Issue 22 | Page 44

CIO OPINION
Today , organizations must introduce a modern security policy that extends to SaaS providers as well .
Colin Murphy , CIO at KnowBe4

The future of security policy

Colin Murphy , CIO at KnowBe4 , tells us how with the shift to using third-party , public cloud service providers there follows an urgency to update security policies . He asks : “ Today , organizations must introduce a modern security policy that extends to SaaS providers as well . But what does that mean ?”

For years , the world has been advancing towards greater interconnectivity on what has seemed to be an inevitable trajectory . The pandemic has expedited this , but equally , it has driven the use of interconnected applications outside of company perimeters . Most companies are now outsourcing their needs to third-party , public cloud service providers ; be it Software-as-a-Service ( SaaS ), Platform-as-a-Service ( PaaS ) or Infrastructure-as-a- Service ( IaaS ). With this shift , follows an urgency to update security policies .

As everything becomes delegated externally , we have to consider how we are interacting with these applications . Traditionally , it was up to the organizations themselves to enforce the rules that would govern how security events are logged , how data should be backed up , what devices are authorized to connect to one ’ s network , how user access is granted and removed etc .
Today , organizations must introduce a modern security policy that extends to SaaS providers as well . But what does that mean ?
Defining the modern security policy
The modern security policy should ensure that all applications utilized incorporate a number of basic features and integrations .
This should include things like access / change log shipping to guarantee that user activity can be
44 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com