SaaS Challenges & Security Concerns

3,715 views

Published on

This presentation is made out for the Chartered Accountants community at Chennai in the last week of January 2011. Comments and feedback are welcome.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,715
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
148
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SaaS Challenges & Security Concerns

  1. 1. Kannan SubbiahKnowledge Universe Technologies India Pvt Ltd
  2. 2. Own a house Vs Rent a house Own a Car VsEngage Call Taxi
  3. 3. •Chargeable unit •Geographical boundary •Business Domain •Implementation Partners •…•Hosting infrastucture•Support Multi-tenancy •On-boarding / Exit•Scalability •Customer Support•Internationalization •Service Level•… •Contract terms •…
  4. 4. Subscribed Self subscribe Hosted to the software or parts of Hosted (ASP)Affordability software. Software Software Customizable In-house Owned and rented, but by tenants to an H/W, S/W Managed, not designed extent owned and Infrastructure to scale managed. rented Time
  5. 5.  Multi Tenancy Subscription based service Scalability Manageability Self Service Sign-up Tenant specific customization
  6. 6. Attribute Traditional SaaSApplication Delivery Installed HostedUpdates / Release Cycle Larger / Longer Smaller / ShorterPricing One Time + Maintenance SubscriptionAccounting CAP-EX OP-EXImplementation Engage Partners / Simple, end user consultants configurableOperating Platform Multiple SingleValue proposition Once at the time of selling Continuous
  7. 7.  Pay per use Any where Access Subscription to service not software Least or no investment on infrastructure
  8. 8.  Stronger protection for IPR Operational control of the environment Recurring revenue stream Shared Infrastructure – PaaS / IaaS
  9. 9.  Microsoft – 4 level  Scalability, Multi- Tenancy and Configuration Forrester – 6 Level SEI – for assessing the organization and not the application Euro Cloud Star Audit None of them are popular
  10. 10.  Level 0 – Outsourcing Level 1 – Manual ASP Level 2 – Industrial ASP Level 3 – Single-app SaaS Level 4 – Business Domain SaaS Level 5 – Dynamic Business Apps
  11. 11.  Solution Design to address  Internationalization  Cloud Infrastructure  Support business & operating model  Multi-tenancy  Extensibility  Security and Audit  Wider scope - cover industry needs
  12. 12.  Must Support Larger impact SLA driven Disclaimers Increased Focus on  Reliability  Availability  Extensibility  Scalability  Quality, etc
  13. 13.  Migration from existing software Application Integration Data Integration Data Mining Authentication, Single Sign-on Network infrastructure
  14. 14.  Areas of support to include  Hosting infrastructure  Data center operations  Systems and network monitoring  Billing  Customer education Longer customer retention for better RoI
  15. 15.  Agile approach Rapid releases and upgrades Primary focus on  Rapid action on feedbacks  Usage statistics  Predict industry trends  Platform and tools used  Automated testing  Service aggregation
  16. 16.  Driving Contracts online Termination and Migration Security, Privacy and related risks Country specific regulations SLAs
  17. 17. Data Security IdM & SSO Data SeggregationBack up & DeploymentRecovery Model SaaS SecurityAvailability Deployment Environment Regulatory Network Compliance Security
  18. 18. Data Security Data Location Data Encryption Data Integration APIs Access Logs Return / destruction of data upon exit
  19. 19. Data Seggregation Understand the Data & Application Architecture  Separate Physical / Virtual Server(s)  Separate Instance on shared hardware  Separate Database  Shared Database Authentication and Authorization
  20. 20. Deployment Model Security aware developers Application Design  Application / Data Partitioning  Information Sensitivity  Design for Performance & Scalability Configuration Management Security Testing Threat Remediation Build & Release Cycles
  21. 21. Deployment Environment Boundary Protection Resource Priority Configuration Management Cloud Infrastructure  Certification / accreditation  Continuous Monitoring  Audit
  22. 22. Network Security Transmission Integrity  Secure Data in transit (SSL) Intrusion Detection & Prevention Other standard security measures  Man-in-the-middle  IP Spoofing  Port Scanning  Packet Sniffing
  23. 23. Regulatory Compliance Global Legal compliance  SAS 70  SOX  HIPAA  … Contractual obligations Need for Logs and Audit Trails Data Retention needs
  24. 24. Availability Application Design and Architecture  Design for performance  Graceful exits  Instance Isolation  Custom Code Modules SLA  Uptime Guarantees  Maintenance / Outage Notifications  Documented BC & DRP plans Code Escrow
  25. 25. Back up & Recovery Infrastructure Protection of back up location  Encryption  Access control to Backup location Recovery  Documented process  Drills
  26. 26. IdM & SSO Who manages it? Checks & Controls  Id provisioning  Secure storage  Password Policies Federated IdM  Trust relationships with tenants  Secure federation of user identities
  27. 27.  Follow Me  Email: kanna@vsnl.com  Facebook: http://www.facebook.com/kannan.subbiah  LinkedIn: http://in.linkedin.com/in/ksubbiah  Blog: http://www.kannan-subbiah.com

×