Your SlideShare is downloading. ×
0
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SaaS (Software-as-a-Service) as-a-secure-service

331

Published on

Cloud computing and its services

Cloud computing and its services

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
331
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. A Review Of Security of SaaS
  • 2. » » » » » » Introduction Background Knowledge Key Security Attribute Problems with SaaS Security Contribution of Researchers Conclusion
  • 3. » » » » » » Introduction Cloud Computing Components SaaS Security Key Elements Security Concerns Conclusion
  • 4. » Cloud Computing: Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centres that provide those services. » Cloud Computing includes  SaaS  PaaS  IaaS
  • 5. • Software • Applications • Infrastructure SaaS TaaS • Testing of: • Software • Applications IaaS PaaS • Platform
  • 6. » Software as a Service (SaaS) refers to “the ability to ‘rent’ the use of software hosted by a third party so you don’t need to buy additional hardware or software to support it”
  • 7. • • • • Saas Vender • • SaaS User Development Testing Release Register Maintain Upgrade • Subscribe • Use
  • 8. » Security SaaS requires more care around security than any of other available delivery models. SaaS application utilize network to facilitate its customers. » Hackers sitting on Network can cause SaaS Applications and users at the same time » Security should be embedded on SaaS architecture, Database Servers, SaaS servers, applications, Network layers and on user side
  • 9. » In the SaaS model, the enterprise data is stored outside the enterprise boundary, at the SaaS vendor end. Consequently, the SaaS vendor must adopt additional security checks to ensure data security .This involves the use of strong encryption techniques for data security and fine-grained authorization to control access to data.
  • 10. » In a SaaS deployment model, sensitive data is obtained from the enterprises, processed by the SaaS application and stored at the SaaS vendor end. All data flow over the network needs to be secured in order to prevent leakage of sensitive information. This involves the use of strong network traffic encryption techniques such as Secure Socket Layer (SSL) and the Transport Layer Security (TLS) for security.
  • 11. » In a SaaS model of a cloud environment, the consumers use the applications provided by the SaaS and process their business data. But in this scenario, the customer does not know where the data is getting stored. In many a cases, this can be an issue.
  • 12. » Data integrity is one of the most critical elements in any system. Data integrity is easily achieved in a standalone system with a single database. Data integrity in such a system is maintained via database constraints and transactions. Transactions should follow ACID (atomicity, consistency, isolation and durability) properties to ensure data integrity.
  • 13. » In SaaS, multiple users can store their data using the applications provided by SaaS. In such a situation, data of various users will reside at the same location. Intrusion of data of one user by another becomes possible in this environment. This intrusion can be done either by hacking through the loop holes in the application or by injecting client code into the SaaS system.
  • 14. » Data access issue is mainly related to security policies provided to the users while accessing the data. The security policies may entitle some considerations wherein some of the employees are not given access to certain amount of data.
  • 15. » Authentication Only Register can get access into the system. This is accomplish by assigning usernames and passwords to registered and trusted users.
  • 16. » Authorization User can access only that components or application for which they are authorized.
  • 17. » The SaaS application needs to ensure that enterprises are provided with service around the clock. This involves making architectural changes at the application and infrastructural levels to add scalability and high availability. Request Service Available
  • 18. » Identity management (IdM) or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system by placing restrictions on the established identities.
  • 19. » SaaS suffers From several security risk as it uses internet for data transmission » In SaaS, the client has to depend on the provider for proper security measures. The provider must do the work to keep multiple users’ from seeing each other’s data. So it becomes difficult to the user to ensure that right security measures are in place and also difficult to get assurance that the application will be available when needed
  • 20. » Injection » Cross Site Scripting » Broken Authentication and Session Management » Insecure Direct Reference Objects » Cross Site Request Forgery » Insecure Cryptography » Invalid Redirects and Forwards
  • 21. » Any query send to the interpreter containing unsecure data is what an injection is. The injection caused application to execute commands which will in turn allow hacker to access sensitive data of the application.
  • 22. » Improper validation of data sent to the application from untrusted source and is uploaded on the application cause cross scripting Site. Due to insufficient validation of data, attacker can miss use users information when users session is active. Attackers access to users session can cause hijacking of users session,
  • 23. Hacker
  • 24. Access Server Hacker
  • 25. Access Server Hacker
  • 26. Access Server Hacker Hacker
  • 27. Access Granted Access Server Hacker Hacker tends to be registered user
  • 28. Hacker using Application Access Granted Access Server Hacker Hacker tends to be registered user
  • 29. » Broken Sessions and Session management point out the problem when session ids of users are visible. Data Sent and received in not traveling on SSL/TSL which can cause insecure data transmission
  • 30. » In this kind of attacks hackers queries insist and force users browser to submit requests as per hackers desire. Application receiving queries from victims system assumes that request is from authenticated user. Hacker can process any command on the behalf of the victim as application is unable to recognized hackers activity
  • 31. » Whenever data is sent or received over web/Internet, it is encrypted to secure actual content and to protect sensitive information from stealers. When sensitive data is notproperly encrypted using efficient encryption techniques or week encryption and hashing is implemented, there is a chance of hackers attack and it may lead to risk of information lose, hacked or misused.
  • 32. Public Key infrastructure
  • 33. » Hashing
  • 34. » Researchers Identify cloud computing as the emerging and beneficial IT Invention » SaaS is Cost Effective and Reduce efforts of user » Researchers point out security concerns in SaaS applications and enforce SaaS vender to apply high security mechanisms on SaaS. » Security Tests implication to figure out vulnerabilities and repair before hacker penetrate into thy system
  • 35. » SaaS is Software-as-a-Service » SaaS unable business organization to sell their software and applications to users over internet on subscription or pay-as-you-go bases. » SaaS along with all its benefit, suffers from uncertainty due to security concerns » Security Issues can be resolved by emphasizing on security configuration management

×