When buying a SaaS software having the requirement of BYOK to protect your data into the SaaS? How would you prefer to implement it?

ArchitectureStrategy

Pass the keys to be applied periodically to the SaaS provider 21%

Have a third party tool to manage an intermediate keys model 71%

Let SaaS applications call your Key Vault or HSM 5%

No need if SaaS provider use CSP key managed services (let hyperscaler do and manage keys)3%

66 PARTICIPANTS
722 viewscircle icon1 Comment
Sort by:
CISO2 years ago

You mitigate risk by having a third-party. If you get attacked, they are not. If they get attacked. You isolate them and create a new key.

Content you might like

Has your organization purchased an embedded analytics tool?

Yes63%

No31%

Not yet, but we are planning to in 20214%

View Results

Do you need a single platform for financial data privacy, analysis, and anonymization?

Is "serverless" a term that is actively being used or evaluated within your organization? Comment with your stories...

Yes35%

Yes, but not enough, we want/need to ramp up38%

No20%

No, but I expect this will change soon5%

View Results

Are you still relying on written AI policies, or do you have visibility into how AI is actually being used across your organization?

Looking to deploy a proof of value discovery of Microsoft Copilot to ~150 back-office staff. My question is for organization who have successfully delivered to a similar scale: What size and make up of delivery team did you have? What is the typical investment of time from a general copilot user/consumer, in order for them to derive value from the tool?

Read More Comments