I love Fibery however I am hesitant to recommend it to some of my customers in the more regulated industries because I know how stringent their security vetting procedures are for Saas products. By vetting I mean where the data is stored, pen testing procedures, who has access to the code and any documents stored within Fibery. There are many other questions and check points that such vetting procedures delve into.
Some other key areas are:
- Review SaaS patching policies
- Check alignment of SaaS and internal security controls
- Identity and access management (IAM)
- Encryption and key management
- Security monitoring
- Make sure you own your data
- Ensure the SaaS provider complies with relevant regulations
- Know where the data is stored
- Check for data loss or corruption provisions
- Identify sub-services the SaaS provider uses
- Review SaaS provider’s third-party audits
Do you have the answer to such questions so that regulated industries can move forward with Fibery?