Converting Cybersecurity From a Cost Center to a Revenue Source - Ascent Conference

Converting Cybersecurity From a Cost Center to a Revenue Source

Nov 15th, 2022 @3:00 pm

With great SaaS power comes great responsibility. As of 2022, SaaS is said to be worth over $170 billion and the SaaS industry has increased in size by around 500% over the past seven years. SaaS apps are ruling the world – and now it is time to rule it more securely. SaaS security is based on a shared responsibility model. While preventing DDos or Brute Force attacks may be your responsibility, what a user does with the platform once they’re in may need to be the responsibility of the customer. This shared responsibility model represents an enormous burden for most customers, as they need to manage security across numerous SaaS platforms. SaaS companies have a choice to make: either undertake expensive development to extend their internal security or partner with external cybersecurity providers that will concentrate on security for them through APIs.

In this session, Dror will discuss the financial impact of opening APIs to third party security providers, converting cybersecurity from a cost center to a new revenue stream. Effective security APIs enable 3rd party security providers to provide robust security monitoring and protection without the need to build costly security infrastructure directly into the SaaS applications being protected. As such, offering security through APIs can eliminate software bloat and provide value-added features that can drive revenue.

Dror will map out best practices for SaaS companies to construct security APIs that will ultimately enable third-party security providers to help alleviate the shared responsibility model. He will share battled-tested security API development lessons and tips he has learned from going through integrations with SaaS leaders such as Microsoft, Google, Salesforce, and Dropbox. Specifically, Dror will delve into how to create security APIs for scale across three core areas – Collaboration Controls, Activity Monitoring, and Data Loss Prevention. He will also give examples of how to address Access APIs (e.g. access requests, handshakes, and access approvals/denials), SaaS APIs spanning Collaboration and Content Control (such as file controls, file inspection (including malware, regulatory compliance), and user actions (e.g.logging, suspicious behavior).


Dror Liwer
Co-Founder & CMO

Sponsored by

Privacy Notice

This privacy notice discloses the privacy practices for ( This privacy notice applies solely to information collected by this website. It will notify you of the following:

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].