SaaS Challenges & Security Concerns
-
Upload
kannan-subbiah -
Category
Technology
-
view
2.575 -
download
0
description
Transcript of SaaS Challenges & Security Concerns
![Page 1: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/1.jpg)
SAAS – SECURITY & CHALLENGES
Kannan SubbiahKnowledge Universe Technologies India Pvt Ltd
![Page 2: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/2.jpg)
Services in real life
Own a houseVs
Rent a house
Own a CarVs
Engage Call Taxi
![Page 3: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/3.jpg)
SaaS – What is it?
Software
Services
Business Model
Operating
Model
Application
Architecture
•Chargeable unit•Geographical boundary•Business Domain•Implementation Partners•…
•On-boarding / Exit•Customer Support•Service Level•Contract terms•…
•Hosting infrastucture•Support Multi-tenancy•Scalability•Internationalization•…
![Page 4: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/4.jpg)
SaaS - Evolution
In-houseH/W, S/W
owned and managed.
HostedSoftware
Owned and Managed,
Infrastructure rented
Hosted (ASP)Software
rented, but not
designed to scale
SubscribedSelf
subscribe to the software or parts of software.
Customizable by tenants to an extent
Time
Aff
ord
ab
ility
![Page 5: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/5.jpg)
Characteristics of SaaS
Multi Tenancy Subscription based service Scalability Manageability Self Service Sign-up Tenant specific customization
![Page 6: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/6.jpg)
How does it differ
Attribute Traditional SaaS
Application Delivery Installed Hosted
Updates / Release Cycle
Larger / Longer Smaller / Shorter
Pricing One Time + Maintenance
Subscription
Accounting CAP-EX OP-EX
Implementation Engage Partners / consultants
Simple, end user configurable
Operating Platform Multiple Single
Value proposition Once at the time of selling
Continuous
![Page 7: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/7.jpg)
Benefits for Consumers
Pay per use Any where Access Subscription to service not software Least or no investment on infrastructure
![Page 8: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/8.jpg)
Benefits to Vendors
Stronger protection for IPR Operational control of the environment Recurring revenue stream Shared Infrastructure – PaaS / IaaS
![Page 9: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/9.jpg)
SaaS Maturity Levels
Microsoft – 4 level Scalability, Multi- Tenancy and Configuration
Forrester – 6 Level SEI – for assessing the organization and
not the application Euro Cloud Star Audit None of them are popular
![Page 10: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/10.jpg)
SaaS Maturity Levels by Forrester Level 0 – Outsourcing Level 1 – Manual ASP Level 2 – Industrial ASP Level 3 – Single-app SaaS Level 4 – Business Domain SaaS Level 5 – Dynamic Business Apps
![Page 11: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/11.jpg)
SAAS – CHALLENGES
![Page 12: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/12.jpg)
Design & Development
Solution Design to address Internationalization Cloud Infrastructure Support business & operating model Multi-tenancy Extensibility Security and Audit Wider scope - cover industry needs
![Page 13: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/13.jpg)
Support & Maintenance
Must Support Larger impact SLA driven Disclaimers Increased Focus on
Reliability Availability Extensibility Scalability Quality, etc
![Page 14: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/14.jpg)
Customer On-boarding
Migration from existing software Application Integration Data Integration Data Mining Authentication, Single Sign-on Network infrastructure
![Page 15: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/15.jpg)
Customer Service
Areas of support to include Hosting infrastructure Data center operations Systems and network monitoring Billing Customer education
Longer customer retention for better RoI
![Page 16: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/16.jpg)
Research & Product Improvement Agile approach Rapid releases and upgrades Primary focus on
Rapid action on feedbacks Usage statistics Predict industry trends Platform and tools used Automated testing Service aggregation
![Page 17: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/17.jpg)
Legal
Driving Contracts online Termination and Migration Security, Privacy and related risks Country specific regulations SLAs
![Page 18: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/18.jpg)
Security Concerns
SaaS Security
Data Security
IdM & SSOData
Seggregation
Deployment Model
Deployment
Environment
Network Security
Regulatory
Compliance
Availability
Back up & Recovery
![Page 19: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/19.jpg)
Data Security
Data Location Data Encryption Data Integration APIs Access Logs Return / destruction of data upon exit
Data Security
![Page 20: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/20.jpg)
Data Segregation
Understand the Data & Application Architecture Separate Physical / Virtual Server(s) Separate Instance on shared hardware Separate Database Shared Database
Authentication and Authorization
Data Seggregat
ion
![Page 21: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/21.jpg)
Development Model
Security aware developers Application Design
Application / Data Partitioning Information Sensitivity Design for Performance & Scalability
Configuration Management Security Testing Threat Remediation Build & Release Cycles
Deployment Model
![Page 22: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/22.jpg)
Deployment Environment Boundary Protection Resource Priority Configuration Management Cloud Infrastructure
Certification / accreditation Continuous Monitoring Audit
Deployment
Environment
![Page 23: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/23.jpg)
Network Security
Transmission Integrity Secure Data in transit (SSL)
Intrusion Detection & Prevention Other standard security measures
Man-in-the-middle IP Spoofing Port Scanning Packet Sniffing
Network Security
![Page 24: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/24.jpg)
Regulatory Compliance
Global Legal compliance SAS 70 SOX HIPAA …
Contractual obligations Need for Logs and Audit Trails Data Retention needs
Regulatory
Compliance
![Page 25: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/25.jpg)
Availability
Application Design and Architecture Design for performance Graceful exits Instance Isolation Custom Code Modules
SLA Uptime Guarantees Maintenance / Outage Notifications Documented BC & DRP plans
Code Escrow
Availability
![Page 26: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/26.jpg)
Back up & Recovery
Infrastructure Protection of back up location
Encryption Access control to Backup location
Recovery Documented process Drills
Back up & Recovery
![Page 27: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/27.jpg)
Identity Management
Who manages it? Checks & Controls
Id provisioning Secure storage Password Policies
Federated IdM Trust relationships with tenants Secure federation of user identities
IdM & SSO
![Page 28: SaaS Challenges & Security Concerns](https://reader035.fdocuments.in/reader035/viewer/2022062616/548f47f8b479591e1d8b4c62/html5/thumbnails/28.jpg)
Thank You
Follow Me Email: [email protected] Facebook: http://
www.facebook.com/kannan.subbiah LinkedIn: http://in.linkedin.com/in/ksubbiah Blog: http://www.kannan-subbiah.com