SaaS PaaS IaaS

What Is It?

The “as a service” triplet covers the various engagement models with a suppliers computing resources. Software as a Service (SaaS) is where a supplier manages the entire environment for your organisation, with you only needing to put data into the service and use it. Platform as a Service (PaaS) is where a supplier manages most of the environment for you, with the exception of the applications, which you will need to create, and data which your organisation needs to manage. Infrastructure as a Service (IaaS) is where the supplier manages the underlying physical computing infrastructure up to and including the virtualisation layer, everything from the operating system upwards topographically speaking is your organisations responsibility.

Why Assess It?

There are many reasons to conduct a SaaS / PaaS / IaaS security assessment, five of which are below.

Due Diligence

Suppliers of services provide security confirmations but this typically involves configuring of options and is not the baseline. It is important to understand the risks posed to your usage of the service and how to protect your organisation and its users.

Clarify Security Responsibilities

When procuring services, it is a good idea to understand exactly where your organisations responsibilities reside in securing the solution and sometimes this can differ from expectations. By conducting a security assessment, you will uncover any security vulnerabilities present and exactly who owns the responsibility to mitigate or remediate them.

Build Resilience

One of the benefits of using service providers is that your organisations requirements can be met quickly. It is important to ensure that your future capability is built in a resilient fashion, so that growth can progress further and should any adverse security conditions happen that you can recover quickly.

Obtain Visibility

Your organisation may have chosen to utilise a service provider solution because of timescales needing to be met or because it simply is not cost effective to procure and house the experience required. It is important to have an independent security assessment in these cases, as it will give you the confidence in the underlying offerings security that you are building your business critical functions on top of, without detracting from your timescales or forcing you to recruit the relevant expertise.

Avoid Fines

As an organisation you are required to process data, especially personally identifiable information, in line with relevant guidance, as in the event of a security incident the UK’s Information Commissioners Office (ICO) can issue fines up to £17.5m or 4% of global annual turnover, whichever is higher. It is also important to ensure that your usage of services factors in data sovereignty, as well as protects individuals’ data sufficiently.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your SaaS / PaaS / IaaS security assessment and we do this by:

Customer First

We work for you and your organisation and believe that if you are consuming a service from a provider they should evidence their adherence to security best practice and show the results of a comprehensive security assessment. We will always focus on the areas that are your organisations responsibility but if you need underlying assurance from the vendor we will help you work with them, as a customer should not be assuring what they are procuring into their organisation.

Independent Mediator

We know that there is a customer and supplier relationship between your organisation and the service provider. We help progress the security of both the suppliers offering and your security posture by remaining independent and proposing reasonable recommendations.

Validate Incident Response Capability

Your organisation already monitors on premise and cloud infrastructure but managed services bought in often go without such monitoring. We will assist you in capturing any relevant logging from the service provider, whether this is directly from the resources you are using or if this is an aggregate feed they may supply for your wider environment.

Accurate Risk Insight

We pride ourselves on understanding your risk and with a managed service some areas are going to be outside of your control. We are always clear about the real, tangible risks of any security vulnerability identified.

Focused Recommendations

Every security vulnerability we find is given alongside a clear recommendation which guides your teams through remediation. There are no high level abstract suggestions. We will show you where to get to the setting and what we think it should be.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top