Security and governance metrics related to network access for SaaS offerings
This section contains the following metrics:
Security, compliance, and vulnerability management
It is critical that you evaluate the security aspects of the network access approach, including compliance with security standards and the management of vulnerabilities.
High-score criteria
The network access approach helps your team adhere to security frameworks, such as International Organization for Standardization (ISO) 27001, System and Organization ControlsĀ 2 (SOCĀ 2), or NIST. It makes it easy to conduct regular security audits. Strong encryption and authentication mechanisms are in place. Networks are isolated, and only the necessary resources are exposed to the customer's infrastructure. You can spot networking anomalies in near real-time, without excessive overhead.
Low-score indicators
The network access approach is prone to recurrent security breaches or vulnerabilities, and it is not compliant with key security standards. You frequently observe delayed detection and responses to security incidents.
Self-assessment questions
-
Are there any recent security breaches linked to selected network access approach, and what have we learned from them?
-
How does your network access approach comply with global security standards?
-
How long does it take to detect and respond to security threats? How does the network access help or limit this ability?
-
How frequently are security assessments conducted on the network access approaches? Can you use commonly tooling to assess the security of the network access approach, or is specialized software required?
-
What level of security is inherent in the network access approach, and how does it align with industry best practices and regulatory requirements?
