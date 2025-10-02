The Cloud Security Alliance has introduced the SaaS Security Capability Framework, the first industry standard designed to help organizations navigate the complex security responsibilities tied to Software as a Service platforms, reports SecurityWeek

Under the shared responsibility model, providers secure the infrastructure and applications, while customers must safeguard data, user accounts, and access. But with each SaaS vendor offering unique and often inconsistent configuration settings, organizations using dozens, or even hundreds, of applications face mounting complexity and risk.

"The SSCF addresses a critical gap in SaaS security by establishing the first industry standard for customer-facing security controls," said Lefteris Skoutaris, AVP at CSA. Version 1.0 outlines six core security domains, including controls for access management and malicious file blocking, which providers must implement and customers must apply.

CSA leaders argue the framework reduces risk, fosters trust, and eases compliance burdens, with Brian Soby of AppOmni warning that outdated SaaS controls have left sensitive data dangerously exposed.