SaaS Challenges & Security Concerns

3,541
-1

Published on

This presentation is made out for the Chartered Accountants community at Chennai in the last week of January 2011. Comments and feedback are welcome.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,541
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
138
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SaaS Challenges & Security Concerns

  1. 1. Kannan SubbiahKnowledge Universe Technologies India Pvt Ltd
  2. 2. Own a house Vs Rent a house Own a Car VsEngage Call Taxi
  3. 3. •Chargeable unit •Geographical boundary •Business Domain •Implementation Partners •…•Hosting infrastucture•Support Multi-tenancy •On-boarding / Exit•Scalability •Customer Support•Internationalization •Service Level•… •Contract terms •…
  4. 4. Subscribed Self subscribe Hosted to the software or parts of Hosted (ASP)Affordability software. Software Software Customizable In-house Owned and rented, but by tenants to an H/W, S/W Managed, not designed extent owned and Infrastructure to scale managed. rented Time
  5. 5.  Multi Tenancy Subscription based service Scalability Manageability Self Service Sign-up Tenant specific customization
  6. 6. Attribute Traditional SaaSApplication Delivery Installed HostedUpdates / Release Cycle Larger / Longer Smaller / ShorterPricing One Time + Maintenance SubscriptionAccounting CAP-EX OP-EXImplementation Engage Partners / Simple, end user consultants configurableOperating Platform Multiple SingleValue proposition Once at the time of selling Continuous
  7. 7.  Pay per use Any where Access Subscription to service not software Least or no investment on infrastructure
  8. 8.  Stronger protection for IPR Operational control of the environment Recurring revenue stream Shared Infrastructure – PaaS / IaaS
  9. 9.  Microsoft – 4 level  Scalability, Multi- Tenancy and Configuration Forrester – 6 Level SEI – for assessing the organization and not the application Euro Cloud Star Audit None of them are popular
  10. 10.  Level 0 – Outsourcing Level 1 – Manual ASP Level 2 – Industrial ASP Level 3 – Single-app SaaS Level 4 – Business Domain SaaS Level 5 – Dynamic Business Apps
  11. 11.  Solution Design to address  Internationalization  Cloud Infrastructure  Support business & operating model  Multi-tenancy  Extensibility  Security and Audit  Wider scope - cover industry needs
  12. 12.  Must Support Larger impact SLA driven Disclaimers Increased Focus on  Reliability  Availability  Extensibility  Scalability  Quality, etc
  13. 13.  Migration from existing software Application Integration Data Integration Data Mining Authentication, Single Sign-on Network infrastructure
  14. 14.  Areas of support to include  Hosting infrastructure  Data center operations  Systems and network monitoring  Billing  Customer education Longer customer retention for better RoI
  15. 15.  Agile approach Rapid releases and upgrades Primary focus on  Rapid action on feedbacks  Usage statistics  Predict industry trends  Platform and tools used  Automated testing  Service aggregation
  16. 16.  Driving Contracts online Termination and Migration Security, Privacy and related risks Country specific regulations SLAs
  17. 17. Data Security IdM & SSO Data SeggregationBack up & DeploymentRecovery Model SaaS SecurityAvailability Deployment Environment Regulatory Network Compliance Security
  18. 18. Data Security Data Location Data Encryption Data Integration APIs Access Logs Return / destruction of data upon exit
  19. 19. Data Seggregation Understand the Data & Application Architecture  Separate Physical / Virtual Server(s)  Separate Instance on shared hardware  Separate Database  Shared Database Authentication and Authorization
  20. 20. Deployment Model Security aware developers Application Design  Application / Data Partitioning  Information Sensitivity  Design for Performance & Scalability Configuration Management Security Testing Threat Remediation Build & Release Cycles
  21. 21. Deployment Environment Boundary Protection Resource Priority Configuration Management Cloud Infrastructure  Certification / accreditation  Continuous Monitoring  Audit
  22. 22. Network Security Transmission Integrity  Secure Data in transit (SSL) Intrusion Detection & Prevention Other standard security measures  Man-in-the-middle  IP Spoofing  Port Scanning  Packet Sniffing
  23. 23. Regulatory Compliance Global Legal compliance  SAS 70  SOX  HIPAA  … Contractual obligations Need for Logs and Audit Trails Data Retention needs
  24. 24. Availability Application Design and Architecture  Design for performance  Graceful exits  Instance Isolation  Custom Code Modules SLA  Uptime Guarantees  Maintenance / Outage Notifications  Documented BC & DRP plans Code Escrow
  25. 25. Back up & Recovery Infrastructure Protection of back up location  Encryption  Access control to Backup location Recovery  Documented process  Drills
  26. 26. IdM & SSO Who manages it? Checks & Controls  Id provisioning  Secure storage  Password Policies Federated IdM  Trust relationships with tenants  Secure federation of user identities
  27. 27.  Follow Me  Email: kanna@vsnl.com  Facebook: http://www.facebook.com/kannan.subbiah  LinkedIn: http://in.linkedin.com/in/ksubbiah  Blog: http://www.kannan-subbiah.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×