« Back

Track 2

-
Adopting Effective SaaS Portfolio Security Strategies
Software-as-a-service (SaaS) applications fuel productivity, improve accessibility, and provide flexibility. But because organizations are using hundreds, or even thousands, of these apps every day, IT complexity has increased exponentially. Without full visibility into an organization’s SaaS stacks, it’s impossible to ensure that critical data processed by and stored in SaaS apps is protected. Security vulnerabilities multiply even more when app ownership spans multiple departments. In this environment, security and IT professionals need to partner with app owners to ensure the SaaS environment is properly managed. This is why the Cybersecurity and Infrastructure Security Agency (CISA) published the Secure Cloud Business Applications (SCuBA) project – the agency was looking to properly address SaaS security risks, including visibility gaps that have hampered the collective ability to effectively understand and manage cyber risk across federal civilian agencies. This session will explore best practices in SaaS security strategies, from full-stack visibility to prioritization and remediation, which agencies can use to establish long-term, collaborative, and proactive SaaS security approaches.

Speakers

Bruce Crawford
Former Chief Information Officer (Ret.)
U.S. Army
cpoland
Product Manager, Cybersecurity Shared Services Office
Cybersecurity and Infrastructure Security Agency
-
Simplify SWAM to Build Resiliency
Software asset management (SWAM) increases visibility and control over software assets on networks. SWAM is a foundational capability of cybersecurity and underpins both the Department of Homeland Security’s (DHS’) Continuous Diagnostics and Mitigation (CDM) Program and the Department of Defense’s (DoD’s) Information Technology Asset Management (ITAM) framework. SWAM helps enterprises understand the security considerations for the software itself, the configurations, and even users with access to it. SWAM enables agencies to proactively reduce software vulnerabilities, mitigate software misuse, and have a better understanding of the overall security of their networks. As software-related cybersecurity strategies evolve, IT teams are navigating software management challenges such as license reconciliation, end of life (EOL), and end of service (EOS), all while collaborating with IT, finance, security, and risk teams to effectively identify and manage unwanted software in a scalable and automated way. Join this breakout session to learn how to navigate – and simplify – the intricate landscape of SWAM.

Speakers

John Schneider
John Schneider [moderator]
Senior Engineer
Axonius Federal Systems
David DiEugenio
Chief Information Officer
Marine Corps Recruiting
Grabowski
Acting Program Manager, CDM Program
Cybersecurity and Infrastructure Security Agency