Video blog | Augmentt talks SaaS Security with Chief Information Security Officer (CISO)

In today’s interview Derik Belair and Co-Founder and CEO of Augment Technologies sits down with Gennady Soloviev, Chief Information Security Officer (CISO) to discuss what does all of this SaaS usage and SaaS adoption mean from a security and a CISO perspective.

Why is understanding and controlling SaaS usage so important?


Video Transcript

Q: Maybe you can give us a quick intro and tell us about your security background and how you got into this CISO role.

A: I see myself as a new generation of security professionals. I’ve done my studies oriented towards information security and right away I had a security analyst position at one of the biggest insurance companies in Canada. That’s how I started in information security. Then I saw the potential for creating a new consultancy offering. There was a shortage of expertise, of security talents, not just in Canada, but internationally. So I saw the potential to start consulting companies around the world and today it’s actually going pretty well.


Q: As I talk to more and more MSPs and customers, the security problem used to be addressed at a very high level by very large organization. Now it’s very clear that organization of all sizes, if they’re dealing with data and customers, security is top of mind for everyone. One of the questions I get asked a lot by our MSPs, what’s the size and the type of customers that you typically deal with as a CISO?

A: Honestly I’d say that any company has information security needs. But most of the time when customers actually need an external consultant or specific information security oriented expertise, is when they actually start being asked by their clients or they need it from a regulatory perspective. That’s when they actually start to consider some additional external consulting expertise. So I’d say that most of the time it’s because companies get to a stage where it is either a client requirement or it’s regulatory.

Certainly in this day and age if you’re dealing with customers and their private information, or even employee private information, I would say that security applies to everyone, nobody is immune to it.


At what point do you need a CISO?

Q: Maybe you can give us a bit of an idea for what are the types of engagements like, at what point does somebody say “I’m interested in bringing a CISO full-time” and what does the engagement looks like between yourself and those organizations?

A: Most of the time companies start being aware of the need for some external consultancy when they’re asked, or if there’s a trust issue going in the relationship between the client and the service provider. So when a potential client is asked: What are your practices regarding information security management? Do you have any kind of documentation? Do you perform any kind of a security controls, for example pen testing or security policy reviews or access control reviews? Are you able to demonstrate those things in a more formal manner? That’s when it sort of hits the potential clients or prospects saying “okay maybe we need somebody to help us establish an initial framework, to help us to document security policies, to help us to go through maybe the initial cycle of internal auditing, to help us document those security controls.

I see the typical engagement as a three-phase approach where we document security policies, we establish an initial framework for security control implementation and we go through the initial cycle of a risk assessment and the following security controls.


Check out the full interview to find out:

  • Why is understanding and controlling SaaS usage so important?
  • What are the top concerns when it comes to SaaS and how to address them?
  • Does these concerns affect companies of certain size or specific verticals?
  • What is the impact of Shadow IT (un-approved SaaS Usage) on security?
  • How do organization “secure” SaaS?
  • How MSPs could help their clients understand, control and secure their SaaS environments?

[maxbutton id=”1″ url=”” text=”Check out full video” ]


Check out our Content Library for more on-demand webinars.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick [...]

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to [...]
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.