SlideShare una empresa de Scribd logo

Security Architecture Best Practices for SaaS Applications

Descargar como PPTX, PDF
Techcello
Techcello

Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).

Tecnología
1 de 30
Security Architecture Best Practices for SaaS Applications 22-May-2014 www.techcello.com
© Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
© Techcello www.techcello.com TechCello Introduction  Cloud Ready, SaaS/Multi- Tenant SaaS Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way SaaS products are built and managed  Saves anywhere between 30%-50% of time and cost
© Techcello www.techcello.com Speaker Profiles Vittal Raj International VP, ISACA Founder, Pristine Consulting  Last two decades into Consulting, Assurance & Training in IS Security, IT Compliance/Governance, Enterprise Risk Management, Risk based Internal Audit and Digital Forensics.  Directed and managed projects in the areas of IS Security Implementation, Cyber Crime Forensics & Cyber Law Consulting, Network & Web Application Vulnerability Assessments  Specialist trainer in IT Risk Management and Information Security Jothi Rengarajan Chief Technical Architect TechCello  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing TechCello framework  Plays consultative role with customers in implementing technical solutions
• Saas market set to top $22 b by 2015 • Surge in software spends by 2015, Stratification of Saas • CRM, ERP and office & productivity SaaS on the lead • Multi-tenancy way to go supported by innovative tech • Customers concerns - Continuity, Security & Contractual Gartner forecasts on SaaS……
What’s slowing down SaaS adoption ? • Application Control & Security Governance • Contractual Transparency & SLA Assurance • Business Continuity & Resilience • Security Management – Security of Data in a multi-tenancy model – Risk driven Security management – Identity and access management (IAM) – Adequacy, Sustainability • Privacy and Regulatory concerns – Data location , Privacy Compliance, IAM, Licensing, legal & electronic discovery • Customisation & Transitioning out • Continual Independent Assurance • Pricing Indemnity 6
Goals to Results Framework based approach driven on Stakeholder Expectations Source: COBIT 5®, ITGI
Application & Interfaces Business Continuity & Operational Resilience Change Control & Configuration Management Data Security & Information Life Cycle Mngt Data Centre Security Encryption & Key Management Governance & Risk Management Identify & Access Management Infrastructure & Virtualisation Security SCM, Transparency & Accountability Human Resources Audit, Assurance & Compliance KeyControlDrivers Source: CCSA – CCS Matrix
Holistic approach for sustainable governance Source: COBIT 5®, ITGI
Managing Operational Risks in SaaS Services • SaaS Governance Framework - Client – Risk Assessment & Management – Service Level Management – Performance Management (Metrics & Mechanisms) – Auditability and Audits • Risk Management & Assurance • Standards & Certification • Assurance by CSP • Insurance • Contract Governance 10 • Security Management – Security Framework – Encryption, Data Exchange Controls • Transition Management • Monitoring Capabilities • Billing Control • Litigation Clauses • Regulatory Compliance
International Standards • COBIT 5 – Controls and Assurance in the Cloud • CSA Guides • AICPA Service Organization Control (SOC) 1 Report • AICPA/CICA Trust Services (SysTrust and WebTrust) • ISO 2700x— Information security management system (ISMS) • Cloud Security Matrix—By Cloud Security Alliance • NIST SP 800-53—The NIST IT security controls standards, Health Information Trust Alliance (HITRUST) • BITS—The BITS Shared Assessment Program – contains the Standardized Information Gathering (SIG) questionnaire and Agreed Upon Procedures (AUP). • European Network and Information Security Agency (ENISA) – Cloud Computing—Benefits, Risks and Recommendations for Information Security. 11
‘Trustworthy’ SaaS key to customer acquisition & loyalty
Feel free to contact me with your questions, comments & feedback: R Vittal Raj rvittalraj@gmail.com Linkedin: rvittalraj
© Techcello www.techcello.com  Data Storage and Segregation • Is it a dedicated or a shared environment? • If it a shared environment, how is the data segregated from other shared environments? • How is security managed in the shared environment? What controls are in place?  ACL • What type of identity management solution is provided? • Is Single Sign-On (SSO) provided? What types of SSO options are available? SAML, Open Auth etc? • What type of user store is available? Can this user store be integrated with Active Directory or any other user store database? • What type of user security, authentication and authorization options are available? SaaS Customer Concerns
© Techcello www.techcello.com  Data Security • How is the primary data encrypted? What encryption schemes are used? Who has access to the decryption keys? How often is this tested?  Audits • What application & data access audit logs are available? How often can you get this? • What type of investigative support is provided in cases of breach? SaaS Customer Concerns
© Techcello www.techcello.com Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data.  Robust Tenant data isolation  Flexible RBAC – Prevent unauthorized action  Proven Data security  Prevention of Web related top threats as per OWASP  Strong Security Audit Logs SaaS Security Architecture Goals
© Techcello www.techcello.com Tenant Data Isolation Design for a Hybrid Approach
© Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
© Techcello www.techcello.com ACL Architecture
© Techcello www.techcello.com Authentication • Separate Common Identity Provider • Identity Provider Support Options • Custom Username Password Authentication • AD Integrated SSO • Open ID Authentication • Multi factor authentication • Hybrid Authentication Support Role Based Access Control (RBAC)
© Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • ACL Metadata • Use privileges • Map with roles • Roles should be defined by business users • Role mapped to privileges and user mapped to roles • Access Check Services • Control at a URL, Action, Data and Field level • Configuration based privilege control
© Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • Rest API Implementation • External Application Integration • Oauth2.0 • HMAC • Internal Application Integration • Session Token • Cookie
© Techcello www.techcello.com OWASP – TOP 10 Threats 2013 A1 Injection A2 Broken Authentication and Session Management (was formerly A3) A3 Cross-Site Scripting (XSS) (was formerly A2) A4 Insecure Direct Object References A5 Security Misconfiguration (was formerly A6) A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) A8 Cross-Site Request Forgery (CSRF) (was formerly A5) A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) A10 Unvalidated Redirects and Forwards
© Techcello www.techcello.com Security Testing Dynamic Testing Static Testing Security Verification
© Techcello www.techcello.com Event Audit • Audit positive events, more importantly audit negative events • Should cover, • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Audit details stored in a separate datastore for better performance • Real-time audit details – audit cache server Security Audit
© Techcello www.techcello.com Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread. Security Audit
© Techcello www.techcello.com User Action Audit • Audit all user actions • Capture the entry url, time, location details, browser details, response status, any exceptions • Provide analysis on the user actions • Can be customized at application layer or can use the webserver logs Security Audit
© Techcello www.techcello.com Security Audit
How does it work? Cloud Ready, Multi-Tenant Application Development Framework Tenant Provisioning Licensing Metering Billing Data Backup Administrative Modules User Management Role/Privilege Mgmt. Single Sign-on Dynamic Data Scope Auditing Security Modules Business Rules Workflow Dynamic Forms Enterprise Engines Events Notification Templates Integration Modules Query Chart Reports Ad-hoc Builders Code Templates Master Data Mgmt. Forms Generation Productivity Boosters Application Multi-Tenancy & Tenant Data Isolation Custom Fields Custom LoV Settings Template Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters Cello Stack – At a Glance
© Techcello www.techcello.com Contact Details Jothi Rengarajan (jothi.r@techcello.com) Vittal Raj (rvittalraj@gmail.com) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello- product-demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello- resources-white-papers Thank You

Recomendados

SaaS Architecture Past and Present
SaaS Architecture Past and PresentSaaS Architecture Past and Present
SaaS Architecture Past and PresentTechcello
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Webinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsWebinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsTechcello
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 

Recomendados

SaaS Architecture Past and Present
SaaS Architecture Past and PresentSaaS Architecture Past and Present
SaaS Architecture Past and PresentTechcello
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Webinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsWebinar How to Achieve True Scalability in SaaS Applications
Webinar How to Achieve True Scalability in SaaS ApplicationsTechcello
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsJavier Mijail Espadas Pech
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS OverviewMaganathin Veeraragaloo
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCaroline Hsieh
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Giovanni Mazzeo
 
Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Techcello
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...Amazon Web Services
 
Leveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancyLeveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancyTechcello
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Design Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS ModelDesign Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS ModelTechcello
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityYusuf Hadiwinata Sutandar
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 

Más contenido relacionado

La actualidad más candente

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsJavier Mijail Espadas Pech
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCaroline Hsieh
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Techcello
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...Amazon Web Services
 
Leveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancyLeveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancyTechcello
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Design Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS ModelDesign Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS ModelTechcello
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 

La actualidad más candente (20)

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service Applications
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS Overview
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Cloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service ManagementCloud Adoption - Journey of IT Service Management
Cloud Adoption - Journey of IT Service Management
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
 
Leveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancyLeveraging azure and cello for multi tenancy
Leveraging azure and cello for multi tenancy
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Design Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS ModelDesign Strategy for Data Isolation in SaaS Model
Design Strategy for Data Isolation in SaaS Model
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure Practice
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 

Destacado

Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceGaurav "GP" Pal
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 

Destacado (8)

Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & Countermeasures
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Similar a Security Architecture Best Practices for SaaS Applications

Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...kanimozhin
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshopkanimozhin
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Zeeve
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWSKrzysztof Kąkol
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 

Similar a Security Architecture Best Practices for SaaS Applications (20)

Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshop
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 

Más de Techcello

Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...Techcello
 
Whitepaper - Building a scalable & Profitable Saas Business
Whitepaper - Building a scalable & Profitable Saas BusinessWhitepaper - Building a scalable & Profitable Saas Business
Whitepaper - Building a scalable & Profitable Saas BusinessTechcello
 
9 Quotable Quotes About Multi Tenancy
9 Quotable Quotes About Multi Tenancy9 Quotable Quotes About Multi Tenancy
9 Quotable Quotes About Multi TenancyTechcello
 
10 features to check out in your subscription management solution
10 features to check out in your subscription management solution10 features to check out in your subscription management solution
10 features to check out in your subscription management solutionTechcello
 
Engineering and Operational Services for Cloud Providers
Engineering and Operational Services for Cloud ProvidersEngineering and Operational Services for Cloud Providers
Engineering and Operational Services for Cloud ProvidersTechcello
 
Single vs. Multi Tenant Cost Comparison
Single vs. Multi Tenant Cost ComparisonSingle vs. Multi Tenant Cost Comparison
Single vs. Multi Tenant Cost ComparisonTechcello
 
Benchmark Maturity of your SaaS Solution
Benchmark Maturity of your SaaS SolutionBenchmark Maturity of your SaaS Solution
Benchmark Maturity of your SaaS SolutionTechcello
 
Saas Challenges and Solutions
Saas Challenges and SolutionsSaas Challenges and Solutions
Saas Challenges and SolutionsTechcello
 
Cello saas scalability architecture
Cello saas scalability architectureCello saas scalability architecture
Cello saas scalability architectureTechcello
 
Cello Saas Brochure
Cello Saas BrochureCello Saas Brochure
Cello Saas BrochureTechcello
 
Techcello at a glance
Techcello at a glanceTechcello at a glance
Techcello at a glanceTechcello
 
Benefits of cello framework
Benefits of cello frameworkBenefits of cello framework
Benefits of cello frameworkTechcello
 
CelloSaaS Getting Started
CelloSaaS Getting StartedCelloSaaS Getting Started
CelloSaaS Getting StartedTechcello
 
Cloud ready Multi-tenant SaaS Application Platform
Cloud ready Multi-tenant SaaS Application PlatformCloud ready Multi-tenant SaaS Application Platform
Cloud ready Multi-tenant SaaS Application PlatformTechcello
 

Más de Techcello (14)

Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
 
Whitepaper - Building a scalable & Profitable Saas Business
Whitepaper - Building a scalable & Profitable Saas BusinessWhitepaper - Building a scalable & Profitable Saas Business
Whitepaper - Building a scalable & Profitable Saas Business
 
9 Quotable Quotes About Multi Tenancy
9 Quotable Quotes About Multi Tenancy9 Quotable Quotes About Multi Tenancy
9 Quotable Quotes About Multi Tenancy
 
10 features to check out in your subscription management solution
10 features to check out in your subscription management solution10 features to check out in your subscription management solution
10 features to check out in your subscription management solution
 
Engineering and Operational Services for Cloud Providers
Engineering and Operational Services for Cloud ProvidersEngineering and Operational Services for Cloud Providers
Engineering and Operational Services for Cloud Providers
 
Single vs. Multi Tenant Cost Comparison
Single vs. Multi Tenant Cost ComparisonSingle vs. Multi Tenant Cost Comparison
Single vs. Multi Tenant Cost Comparison
 
Benchmark Maturity of your SaaS Solution
Benchmark Maturity of your SaaS SolutionBenchmark Maturity of your SaaS Solution
Benchmark Maturity of your SaaS Solution
 
Saas Challenges and Solutions
Saas Challenges and SolutionsSaas Challenges and Solutions
Saas Challenges and Solutions
 
Cello saas scalability architecture
Cello saas scalability architectureCello saas scalability architecture
Cello saas scalability architecture
 
Cello Saas Brochure
Cello Saas BrochureCello Saas Brochure
Cello Saas Brochure
 
Techcello at a glance
Techcello at a glanceTechcello at a glance
Techcello at a glance
 
Benefits of cello framework
Benefits of cello frameworkBenefits of cello framework
Benefits of cello framework
 
CelloSaaS Getting Started
CelloSaaS Getting StartedCelloSaaS Getting Started
CelloSaaS Getting Started
 
Cloud ready Multi-tenant SaaS Application Platform
Cloud ready Multi-tenant SaaS Application PlatformCloud ready Multi-tenant SaaS Application Platform
Cloud ready Multi-tenant SaaS Application Platform
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Security Architecture Best Practices for SaaS Applications

  • 1. Security Architecture Best Practices for SaaS Applications 22-May-2014 www.techcello.com
  • 2. © Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
  • 3. © Techcello www.techcello.com TechCello Introduction  Cloud Ready, SaaS/Multi- Tenant SaaS Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way SaaS products are built and managed  Saves anywhere between 30%-50% of time and cost
  • 4. © Techcello www.techcello.com Speaker Profiles Vittal Raj International VP, ISACA Founder, Pristine Consulting  Last two decades into Consulting, Assurance & Training in IS Security, IT Compliance/Governance, Enterprise Risk Management, Risk based Internal Audit and Digital Forensics.  Directed and managed projects in the areas of IS Security Implementation, Cyber Crime Forensics & Cyber Law Consulting, Network & Web Application Vulnerability Assessments  Specialist trainer in IT Risk Management and Information Security Jothi Rengarajan Chief Technical Architect TechCello  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing TechCello framework  Plays consultative role with customers in implementing technical solutions
  • 5. • Saas market set to top $22 b by 2015 • Surge in software spends by 2015, Stratification of Saas • CRM, ERP and office & productivity SaaS on the lead • Multi-tenancy way to go supported by innovative tech • Customers concerns - Continuity, Security & Contractual Gartner forecasts on SaaS……
  • 6. What’s slowing down SaaS adoption ? • Application Control & Security Governance • Contractual Transparency & SLA Assurance • Business Continuity & Resilience • Security Management – Security of Data in a multi-tenancy model – Risk driven Security management – Identity and access management (IAM) – Adequacy, Sustainability • Privacy and Regulatory concerns – Data location , Privacy Compliance, IAM, Licensing, legal & electronic discovery • Customisation & Transitioning out • Continual Independent Assurance • Pricing Indemnity 6
  • 7. Goals to Results Framework based approach driven on Stakeholder Expectations Source: COBIT 5®, ITGI
  • 8. Application & Interfaces Business Continuity & Operational Resilience Change Control & Configuration Management Data Security & Information Life Cycle Mngt Data Centre Security Encryption & Key Management Governance & Risk Management Identify & Access Management Infrastructure & Virtualisation Security SCM, Transparency & Accountability Human Resources Audit, Assurance & Compliance KeyControlDrivers Source: CCSA – CCS Matrix
  • 9. Holistic approach for sustainable governance Source: COBIT 5®, ITGI
  • 10. Managing Operational Risks in SaaS Services • SaaS Governance Framework - Client – Risk Assessment & Management – Service Level Management – Performance Management (Metrics & Mechanisms) – Auditability and Audits • Risk Management & Assurance • Standards & Certification • Assurance by CSP • Insurance • Contract Governance 10 • Security Management – Security Framework – Encryption, Data Exchange Controls • Transition Management • Monitoring Capabilities • Billing Control • Litigation Clauses • Regulatory Compliance
  • 11. International Standards • COBIT 5 – Controls and Assurance in the Cloud • CSA Guides • AICPA Service Organization Control (SOC) 1 Report • AICPA/CICA Trust Services (SysTrust and WebTrust) • ISO 2700x— Information security management system (ISMS) • Cloud Security Matrix—By Cloud Security Alliance • NIST SP 800-53—The NIST IT security controls standards, Health Information Trust Alliance (HITRUST) • BITS—The BITS Shared Assessment Program – contains the Standardized Information Gathering (SIG) questionnaire and Agreed Upon Procedures (AUP). • European Network and Information Security Agency (ENISA) – Cloud Computing—Benefits, Risks and Recommendations for Information Security. 11
  • 12. ‘Trustworthy’ SaaS key to customer acquisition & loyalty
  • 13. Feel free to contact me with your questions, comments & feedback: R Vittal Raj rvittalraj@gmail.com Linkedin: rvittalraj
  • 14. © Techcello www.techcello.com  Data Storage and Segregation • Is it a dedicated or a shared environment? • If it a shared environment, how is the data segregated from other shared environments? • How is security managed in the shared environment? What controls are in place?  ACL • What type of identity management solution is provided? • Is Single Sign-On (SSO) provided? What types of SSO options are available? SAML, Open Auth etc? • What type of user store is available? Can this user store be integrated with Active Directory or any other user store database? • What type of user security, authentication and authorization options are available? SaaS Customer Concerns
  • 15. © Techcello www.techcello.com  Data Security • How is the primary data encrypted? What encryption schemes are used? Who has access to the decryption keys? How often is this tested?  Audits • What application & data access audit logs are available? How often can you get this? • What type of investigative support is provided in cases of breach? SaaS Customer Concerns
  • 16. © Techcello www.techcello.com Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data.  Robust Tenant data isolation  Flexible RBAC – Prevent unauthorized action  Proven Data security  Prevention of Web related top threats as per OWASP  Strong Security Audit Logs SaaS Security Architecture Goals
  • 17. © Techcello www.techcello.com Tenant Data Isolation Design for a Hybrid Approach
  • 18. © Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
  • 20. © Techcello www.techcello.com Authentication • Separate Common Identity Provider • Identity Provider Support Options • Custom Username Password Authentication • AD Integrated SSO • Open ID Authentication • Multi factor authentication • Hybrid Authentication Support Role Based Access Control (RBAC)
  • 21. © Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • ACL Metadata • Use privileges • Map with roles • Roles should be defined by business users • Role mapped to privileges and user mapped to roles • Access Check Services • Control at a URL, Action, Data and Field level • Configuration based privilege control
  • 22. © Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • Rest API Implementation • External Application Integration • Oauth2.0 • HMAC • Internal Application Integration • Session Token • Cookie
  • 23. © Techcello www.techcello.com OWASP – TOP 10 Threats 2013 A1 Injection A2 Broken Authentication and Session Management (was formerly A3) A3 Cross-Site Scripting (XSS) (was formerly A2) A4 Insecure Direct Object References A5 Security Misconfiguration (was formerly A6) A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection) A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access) A8 Cross-Site Request Forgery (CSRF) (was formerly A5) A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration) A10 Unvalidated Redirects and Forwards
  • 24. © Techcello www.techcello.com Security Testing Dynamic Testing Static Testing Security Verification
  • 25. © Techcello www.techcello.com Event Audit • Audit positive events, more importantly audit negative events • Should cover, • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Audit details stored in a separate datastore for better performance • Real-time audit details – audit cache server Security Audit
  • 26. © Techcello www.techcello.com Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread. Security Audit
  • 27. © Techcello www.techcello.com User Action Audit • Audit all user actions • Capture the entry url, time, location details, browser details, response status, any exceptions • Provide analysis on the user actions • Can be customized at application layer or can use the webserver logs Security Audit
  • 29. How does it work? Cloud Ready, Multi-Tenant Application Development Framework Tenant Provisioning Licensing Metering Billing Data Backup Administrative Modules User Management Role/Privilege Mgmt. Single Sign-on Dynamic Data Scope Auditing Security Modules Business Rules Workflow Dynamic Forms Enterprise Engines Events Notification Templates Integration Modules Query Chart Reports Ad-hoc Builders Code Templates Master Data Mgmt. Forms Generation Productivity Boosters Application Multi-Tenancy & Tenant Data Isolation Custom Fields Custom LoV Settings Template Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters Cello Stack – At a Glance
  • 30. © Techcello www.techcello.com Contact Details Jothi Rengarajan (jothi.r@techcello.com) Vittal Raj (rvittalraj@gmail.com) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello- product-demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello- resources-white-papers Thank You

Notas del editor

  1. Custom Store Password encryption/ hashing Password change policy externalization Active Directory Integration Identity Federation
  2. Custom Store Password encryption/ hashing Password change policy externalization Active Directory Integration Identity Federation