PaaS security challenges and solutions (salesforce vision)
Upcoming SlideShare
Loading in...5

PaaS security challenges and solutions (salesforce vision)



Andrey Bosak, VRP Cloud Services Delivery Director – PaaS security challenges and solutions (salesforce vision).

Andrey Bosak, VRP Cloud Services Delivery Director – PaaS security challenges and solutions (salesforce vision).



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

PaaS security challenges and solutions (salesforce vision) PaaS security challenges and solutions (salesforce vision) Presentation Transcript

  • PaaS security challenges andsolutions** vision VRP Cloud Andrey Bosak Technical Architect
  • Andrey Bosak• 8 years experience in IT• .Net, Java, ABAP, C++ hands-on development >2 years each• SAP NetWever trainer at SAP CIS partner academy• 4 years experience in project management and solutions architecture design• Now inspired by• Head of VRP Cloud Minsk
  • PaaS security challenges• Is IT infrastructure reliable?• Is data channel secured?• Who can access my data?• What data is accessible?• Is 3rd party application from App Exchange secure?• Is my custom code secure?• …• What are the long term costs?
  • PaaS solutionoverview• Shared database and middleware• Proprietary programming and markup languages (APEX & Visualforce)• Governor limits• Standard objects from Sales and Service cloud• APIs: REST, SOAP, BULK, Metadata• Configurable layouts, views, workflows and approval• Reports & Dashboards
  • pros & CONSPros:• Easy to start (free environment, workbooks, examples, declarative approach)• Standard business objects and functionality• Declarative point & click tools• Proven scalability• Transparent security• App Exchange• Governor limits• Powerful API
  • pros & CONSCons:• Proprietary language• Governor limits• Less powerful development tools than mainstream technologies provide
  • PaaS security visionof Salesforce• Infrastructure and network• Users and security• API security• Platform security• Limits• Custom applications security
  • Infrastructure security • Success is built on trust. And trust starts with transparency. • is the community’s home for real-time information on system performance and security. On this site youll find: • Live and historical data on system performance • Up-to-the minute information on planned maintenance • Phishing, malicious software, and social engineering threats • Best security practices for your organization • Information on how we safeguard your dataInformation is taken from site
  • Users and security Users are managed centrally by administrator User Authentication • Delegated Authentication • Federated Authentication (based on SAML) Network-based Security Session Security System Auditing Data Auditing
  • Platform security: User Profile• System Permissions • Administrative Permissions • Reports • Data• Component Permissions • Applications • Tabs • Record types • Apex classes • Visualforce pages• Record-based Sharing
  • API and programmaticsecurity• Security tokens• OAuth 2.0• API-enabled and API-Only permissions• Crypto library
  • Governor limits as securitymechanism• Heap size• Attachment size• Page size• Number of code-lines• Outbound calls• Page requests• API calls• Database queries• … and other possibilities of your application are limited thus limiting security vulnerabilities
  • Security Scanner• Security Source Scanner• Web Application Security Scanner
  • Summary• uses industry standards and best practices to provide centralized, powerful and flexible security architecture for cloud solutions• Reliable and distributed IT infrastructure, energy-effectiveness and transparency are considered now to be a MUST for PaaS providers• Security in all its aspects now is among the most important things why customers choose Cloud. And taking into account emerging information security threats soon it might become the most important. So build your cloud right or choose right PaaS provider
  • Questions?