In an anonymous journal presented on Computer World, the author discusses issues in his new role as security manager. He says the company’s use of more than 30 SaaS offerings is a nightmare from a security perspective. In addition he states that an important task he is undertaking immediately is implementing a SIEM (security incident and event management) tool.
“For example, each SaaS relationship requires connecting some aspect of our trusted network infrastructure with the vendor’s network. In doing this, security has been an afterthought. We’re using a VPN, but that only addresses encryption. The associated firewall rules are pathetically weak, and in some cases the connections are wide open.”