• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
PaaS security challenges and solutions (salesforce vision)
 

PaaS security challenges and solutions (salesforce vision)

on

  • 1,317 views

Andrey Bosak, VRP Cloud Services Delivery Director – PaaS security challenges and solutions (salesforce vision).

Andrey Bosak, VRP Cloud Services Delivery Director – PaaS security challenges and solutions (salesforce vision).

Statistics

Views

Total Views
1,317
Views on SlideShare
1,317
Embed Views
0

Actions

Likes
2
Downloads
18
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    PaaS security challenges and solutions (salesforce vision) PaaS security challenges and solutions (salesforce vision) Presentation Transcript

    • PaaS security challenges andsolutions** vision VRP Cloud Andrey Bosak Technical Architect
    • Andrey Bosak• 8 years experience in IT• .Net, Java, ABAP, C++ hands-on development >2 years each• SAP NetWever trainer at SAP CIS partner academy• 4 years experience in project management and solutions architecture design• Now inspired by Salesforce.com• Head of VRP Cloud Minsk
    • PaaS security challenges• Is IT infrastructure reliable?• Is data channel secured?• Who can access my data?• What data is accessible?• Is 3rd party application from App Exchange secure?• Is my custom code secure?• …• What are the long term costs?
    • Force.com PaaS solutionoverview• Shared database and middleware• Proprietary programming and markup languages (APEX & Visualforce)• Governor limits• Standard objects from Sales and Service cloud• APIs: REST, SOAP, BULK, Metadata• Configurable layouts, views, workflows and approval• Reports & Dashboards
    • Force.com pros & CONSPros:• Easy to start (free environment, workbooks, examples, declarative approach)• Standard business objects and functionality• Declarative point & click tools• Proven scalability• Transparent security• App Exchange• Governor limits• Powerful API
    • Force.com pros & CONSCons:• Proprietary language• Governor limits• Less powerful development tools than mainstream technologies provide
    • Force.com: PaaS security visionof Salesforce• Infrastructure and network• Users and security• API security• Platform security• Limits• Custom applications security
    • trust.salesforce.com Infrastructure security • Success is built on trust. And trust starts with transparency. • Trust.salesforce.com is the salesforce.com community’s home for real-time information on system performance and security. On this site youll find: • Live and historical data on system performance • Up-to-the minute information on planned maintenance • Phishing, malicious software, and social engineering threats • Best security practices for your organization • Information on how we safeguard your dataInformation is taken from trust.salesforce.com site
    • Users and security Users are managed centrally by administrator User Authentication • Delegated Authentication • Federated Authentication (based on SAML) Network-based Security Session Security System Auditing Data Auditing
    • Platform security: User Profile• System Permissions • Administrative Permissions • Reports • Data• Component Permissions • Applications • Tabs • Record types • Apex classes • Visualforce pages• Record-based Sharing
    • API and programmaticsecurity• Security tokens• OAuth 2.0• API-enabled and API-Only permissions• Crypto library
    • Governor limits as securitymechanism• Heap size• Attachment size• Page size• Number of code-lines• Outbound calls• Page requests• API calls• Database queries• … and other possibilities of your application are limited thus limiting security vulnerabilities
    • Force.com Security Scanner• Force.com Security Source Scanner• Web Application Security Scanner
    • Summary• Force.com uses industry standards and best practices to provide centralized, powerful and flexible security architecture for cloud solutions• Reliable and distributed IT infrastructure, energy-effectiveness and transparency are considered now to be a MUST for PaaS providers• Security in all its aspects now is among the most important things why customers choose Cloud. And taking into account emerging information security threats soon it might become the most important. So build your cloud right or choose right PaaS provider
    • Questions?