A Review Of Security of SaaS
»
»
»
»
»
»

Introduction
Background Knowledge
Key Security Attribute
Problems with SaaS Security
Contribution of Research...
»
»
»
»
»
»

Introduction
Cloud Computing Components
SaaS
Security Key Elements
Security Concerns
Conclusion
» Cloud Computing:
Cloud computing refers to both the applications
delivered as services over the Internet and the
hardwar...
• Software
• Applications

• Infrastructure

SaaS
TaaS
• Testing of:
• Software
• Applications

IaaS
PaaS
• Platform
» Software as a Service (SaaS) refers to “the
ability to ‘rent’ the use of software hosted by a
third party so you don’t n...
•
•
•
•
Saas Vender •
•

SaaS User

Development
Testing
Release
Register
Maintain
Upgrade

• Subscribe
• Use
» Security
SaaS requires more care around security than any
of other available delivery models. SaaS
application utilize n...
» In the SaaS model, the enterprise data is stored
outside the enterprise boundary, at the SaaS
vendor end. Consequently, ...
» In a SaaS deployment model, sensitive data is
obtained from the enterprises, processed by
the SaaS application and store...
» In a SaaS model of a cloud environment, the
consumers use the applications provided by the
SaaS and process their busine...
» Data integrity is one of the most critical
elements in any system. Data integrity is easily
achieved in a standalone sys...
» In SaaS, multiple users can store their data
using the applications provided by SaaS. In such
a situation, data of vario...
» Data access issue is mainly related to security
policies provided to the users while accessing
the data. The security po...
» Authentication
Only Register can get access into the system. This
is accomplish by assigning usernames and
passwords to ...
» Authorization
User can access only that components or
application for which they are authorized.
» The SaaS application needs to ensure that
enterprises are provided with service around
the clock. This involves making a...
» Identity management (IdM) or ID management
is a broad administrative area that deals with
identifying individuals in a s...
» SaaS suffers From several security risk as it uses
internet for data transmission
» In SaaS, the client has to depend on...
» Injection
» Cross Site Scripting
» Broken Authentication and Session
Management
» Insecure Direct Reference Objects
» Cr...
» Any query send to the interpreter containing
unsecure data is what an injection is. The
injection caused application to ...
» Improper validation of data sent to the
application from untrusted source and is
uploaded on the application cause cross...
Hacker
Access Server
Hacker
Access Server
Hacker
Access Server
Hacker

Hacker
Access Granted

Access Server
Hacker

Hacker tends
to be
registered user
Hacker using
Application
Access Granted

Access Server
Hacker

Hacker tends
to be
registered user
» Broken Sessions and Session management point
out the problem when session ids of users are
visible. Data Sent and receiv...
» In this kind of attacks hackers queries insist and
force users browser to submit requests as per
hackers desire. Applica...
» Whenever data is sent or received over
web/Internet, it is encrypted to secure actual
content and to protect sensitive i...
Public Key infrastructure
» Hashing
» Researchers Identify cloud computing as the
emerging and beneficial IT Invention
» SaaS is Cost Effective and Reduce eff...
» SaaS is Software-as-a-Service
» SaaS unable business organization to sell their
software and applications to users over ...
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
SaaS (Software-as-a-Service) as-a-secure-service
Upcoming SlideShare
Loading in …5
×

SaaS (Software-as-a-Service) as-a-secure-service

907 views

Published on

Cloud computing and its services

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
907
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
37
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

SaaS (Software-as-a-Service) as-a-secure-service

  1. 1. A Review Of Security of SaaS
  2. 2. » » » » » » Introduction Background Knowledge Key Security Attribute Problems with SaaS Security Contribution of Researchers Conclusion
  3. 3. » » » » » » Introduction Cloud Computing Components SaaS Security Key Elements Security Concerns Conclusion
  4. 4. » Cloud Computing: Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centres that provide those services. » Cloud Computing includes  SaaS  PaaS  IaaS
  5. 5. • Software • Applications • Infrastructure SaaS TaaS • Testing of: • Software • Applications IaaS PaaS • Platform
  6. 6. » Software as a Service (SaaS) refers to “the ability to ‘rent’ the use of software hosted by a third party so you don’t need to buy additional hardware or software to support it”
  7. 7. • • • • Saas Vender • • SaaS User Development Testing Release Register Maintain Upgrade • Subscribe • Use
  8. 8. » Security SaaS requires more care around security than any of other available delivery models. SaaS application utilize network to facilitate its customers. » Hackers sitting on Network can cause SaaS Applications and users at the same time » Security should be embedded on SaaS architecture, Database Servers, SaaS servers, applications, Network layers and on user side
  9. 9. » In the SaaS model, the enterprise data is stored outside the enterprise boundary, at the SaaS vendor end. Consequently, the SaaS vendor must adopt additional security checks to ensure data security .This involves the use of strong encryption techniques for data security and fine-grained authorization to control access to data.
  10. 10. » In a SaaS deployment model, sensitive data is obtained from the enterprises, processed by the SaaS application and stored at the SaaS vendor end. All data flow over the network needs to be secured in order to prevent leakage of sensitive information. This involves the use of strong network traffic encryption techniques such as Secure Socket Layer (SSL) and the Transport Layer Security (TLS) for security.
  11. 11. » In a SaaS model of a cloud environment, the consumers use the applications provided by the SaaS and process their business data. But in this scenario, the customer does not know where the data is getting stored. In many a cases, this can be an issue.
  12. 12. » Data integrity is one of the most critical elements in any system. Data integrity is easily achieved in a standalone system with a single database. Data integrity in such a system is maintained via database constraints and transactions. Transactions should follow ACID (atomicity, consistency, isolation and durability) properties to ensure data integrity.
  13. 13. » In SaaS, multiple users can store their data using the applications provided by SaaS. In such a situation, data of various users will reside at the same location. Intrusion of data of one user by another becomes possible in this environment. This intrusion can be done either by hacking through the loop holes in the application or by injecting client code into the SaaS system.
  14. 14. » Data access issue is mainly related to security policies provided to the users while accessing the data. The security policies may entitle some considerations wherein some of the employees are not given access to certain amount of data.
  15. 15. » Authentication Only Register can get access into the system. This is accomplish by assigning usernames and passwords to registered and trusted users.
  16. 16. » Authorization User can access only that components or application for which they are authorized.
  17. 17. » The SaaS application needs to ensure that enterprises are provided with service around the clock. This involves making architectural changes at the application and infrastructural levels to add scalability and high availability. Request Service Available
  18. 18. » Identity management (IdM) or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system by placing restrictions on the established identities.
  19. 19. » SaaS suffers From several security risk as it uses internet for data transmission » In SaaS, the client has to depend on the provider for proper security measures. The provider must do the work to keep multiple users’ from seeing each other’s data. So it becomes difficult to the user to ensure that right security measures are in place and also difficult to get assurance that the application will be available when needed
  20. 20. » Injection » Cross Site Scripting » Broken Authentication and Session Management » Insecure Direct Reference Objects » Cross Site Request Forgery » Insecure Cryptography » Invalid Redirects and Forwards
  21. 21. » Any query send to the interpreter containing unsecure data is what an injection is. The injection caused application to execute commands which will in turn allow hacker to access sensitive data of the application.
  22. 22. » Improper validation of data sent to the application from untrusted source and is uploaded on the application cause cross scripting Site. Due to insufficient validation of data, attacker can miss use users information when users session is active. Attackers access to users session can cause hijacking of users session,
  23. 23. Hacker
  24. 24. Access Server Hacker
  25. 25. Access Server Hacker
  26. 26. Access Server Hacker Hacker
  27. 27. Access Granted Access Server Hacker Hacker tends to be registered user
  28. 28. Hacker using Application Access Granted Access Server Hacker Hacker tends to be registered user
  29. 29. » Broken Sessions and Session management point out the problem when session ids of users are visible. Data Sent and received in not traveling on SSL/TSL which can cause insecure data transmission
  30. 30. » In this kind of attacks hackers queries insist and force users browser to submit requests as per hackers desire. Application receiving queries from victims system assumes that request is from authenticated user. Hacker can process any command on the behalf of the victim as application is unable to recognized hackers activity
  31. 31. » Whenever data is sent or received over web/Internet, it is encrypted to secure actual content and to protect sensitive information from stealers. When sensitive data is notproperly encrypted using efficient encryption techniques or week encryption and hashing is implemented, there is a chance of hackers attack and it may lead to risk of information lose, hacked or misused.
  32. 32. Public Key infrastructure
  33. 33. » Hashing
  34. 34. » Researchers Identify cloud computing as the emerging and beneficial IT Invention » SaaS is Cost Effective and Reduce efforts of user » Researchers point out security concerns in SaaS applications and enforce SaaS vender to apply high security mechanisms on SaaS. » Security Tests implication to figure out vulnerabilities and repair before hacker penetrate into thy system
  35. 35. » SaaS is Software-as-a-Service » SaaS unable business organization to sell their software and applications to users over internet on subscription or pay-as-you-go bases. » SaaS along with all its benefit, suffers from uncertainty due to security concerns » Security Issues can be resolved by emphasizing on security configuration management

×