SaaS VPC management focuses on managing vulnerabilities, security patching, and system configuration in the CSP-managed infrastructure, as well as the customer infrastructure interfacing with the SaaS service.
Since the SaaS delivery model is anchored on the premise that the application service is delivered over the Internet to a web browser running on any computing device (personal computer, virtual desktop, or mobile device), it is important to secure the endpoints from which the cloud is accessed.
Hence, a VPC management program should include endpoint VPC management requirements and should be tailored to the corporate environment. It is standard practice for most companies to institute a standard OS image for personal computers that include security tools such as antivirus, anti-malware, firewall, and automatic patch management from a central management station.
SaaS provider responsibilities
- Systems, networks, hosts, applications, and storage that are owned and operated by the CSP
- Systems, networks, hosts, applications, and storage that are managed by third parties
- Personal computers and smartphones owned by the SaaS employees and contractors
SaaS customer responsibilities
- Personal computers of a SaaS user.
- Applications or services that interface with the SaaS service.
- Security testing of the SaaS service. Although SaaS providers are responsible for vulnerability management of the software delivered as a service, some enterprise