Are document storage/sharing SaaS providers doing enough to protect sensitive data, in your opinion?

Collaboration SolutionsSecurity
823 viewscircle icon13 Comments
Sort by:
CISO in Banking3 years ago

SAAS Providers can never do enough their security protocols need constantly revising as the threats develop.

Founder & CISO in Education3 years ago

I’m inclined more towards saying a “No” here. The providers are not doing enough. There are some bits which have been introduced over the years that can help safeguard the data privacy and exfiltration by implemented some defaults but it is nearly not enough. I’d prefer more controls, more intelligence based insights and some telemetry on how the files are used (example shared further) on once they are shared.

Chief Information Security Officer in Finance (non-banking)3 years ago

Not really. When we store data in the cloud/SaaS platform, our files/data are encrypted and continuously monitored to protect against cybersecurity threats. All SaaS service providers are doing their best to secure the documents/data but can't ensure that. 

Director, Strategic Security Initiatives in Software3 years ago

No - It's never enough!! We need to keep getting better as hackers keep getting smarter! :)

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CSP could do more. Rule and Role based access in addition to default control implementation 

Content you might like

Has your organization implemented OneDrive Known Folder Move (KFM)?

If so, would you do it again? If not, what concerns or alternatives led to that decision?

We’re evaluating KFM and are especially interested in issues like file path dependencies, duplicate folders, and broken shortcuts.

What are the common security issues you have encountered in MS Fabric and how have you mitigated them?

Are you active on Discord?

Very active10%

Occasional user49%

No, but I want to be13%

No, and I'm not interested21%

What is Discord?4%

View Results

Entra MFA for Internal Colleagues (not remote access):  What time period do you set for reauthentication? What conditional access / refresh token expiry time frame do you have in place? i.e - MFA every log in, every 24hrs, every 15 days etc.

Does your org use Protection-level agreements (PLAs) when planning cybersecurity investments?

Yes, always20%

Sometimes63%

No, never11%

Not yet, but we're going to start1%

What's a PLA?3%

View Results