Cybersecurity responsibilities for more complex PSaaS deployments are simply extended across the vendors and cloud infrastructure providers involved. It is possible, for example, to have two or three PSaaS vendors — for example, one each for access control, video management, video analytics and visitor management.
Each PSaaS vendor may have a different cloud infrastructure provider. There may be both cloud-level integrations and on-premises integrations between the various PSaaS offerings. All of the cybersecurity issues must be identified and the responsibilities accounted for to ensure that there are no gaps in cybersecurity protection. This should be reflected in the documentation of the various product and service offerings.
Assurance of continuous conformance to cybersecurity requirements should be provided by the chain of Service Level Agreements from cloud infrastructure provider, to PSaaS vendor, to security systems integrator, to cloud service customer.
Whether the picture is simple or complex, it is important to ensure the cybersecurity of a PSaaS offering by determining, fully agreeing on, documenting, and verifying who is responsible for what, and how those responsibilities will be lived up to.