Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, March 26, 2010

A Security Checklist for Deploying Software-as-a-Service

In recent years, software-as-a-service (SaaS) has emerged as a viable application delivery method, and most enterprises are now including some SaaS software in their portfolios.  The most important shift is looking at your software vendor not as a product company, but rather as a service provider.  This guide will help you compare your organization’s risk management and compliance priorities to the SaaS provider’s security policies and procedures.

When you convert to SaaS, your data will be transported across the Internet to the SaaS vendor site.  If their application is not secure, your critical business information will potentially be exposed to anyone who can take advantage of such a vulnerability.

- Review the vendor’s service history
- Application and infrastructure security requirements
- Solid Service Level Agreements
- No silent fixing
- Data recovery
- Encryption standards and key management
- No weak links in the security access chain
- Ownership

Finally, you need to remember that software is secure only when it’s built that way, so when choosing a sound SaaS solution, be sure that the security has been checked for all vulnerabilities so that it’s secure for all of today’s distributed software portfolios.

Posted on 03/26