The requirement is for our SaaS based intelligent document management system. (www.myofficedocs.com)
In Software as a Service (SaaS) model, end customers must depend on the service provider for proper security measures. The provider should ensure that multiple users don’t get to see each other’s data. So, it becomes important to the user to ensure that right security measures are in place and difficult to get an assurance that the application will be available when needed. Also, the focus is not upon portability of applications, but on preserving or enhancing the security functionality provided by the legacy application and achieving successful data migrations. Below is a list of key security issues which have been taken into consideration for myOfficeDocs product.
- Authentication and Authorization
- Data Confidentiality
- Network Security
- Data Access
- Data Segregation
- Application Security
Achieving optimal security is like a moving target. New security threats are constantly popping up every single day. The following best practices have been implemented as part of the overall solution.
Leverage Multi-Factor Authentication
Using a standard username and password combo as the sole gatekeeper between your data and hackers is no longer the safest bet. As data from many highly publicized hacks in recent years reveals the facts, login credentials are not that hard for hackers to get. With multi-factor authentication (MFA), an extra roadblock in front of your critical data is placed. MFA requires users to take an extra step like receiving an access code on their phone or one-time passwords to complete the login process so that even if a hacker obtains login credentials, they can’t log in.
Identity and Access Management (IAM)
Users expect two things from SaaS applications. They want access to be fast with as few roadblocks as possible, and they want you to keep their data secure. As much as users expect their personal data to be secure, they simply can’t be relied on to create and protect strong, unique passwords. Identity and access management (IAM) combines the three elements that are needed to achieve this namely identification, authentication, and authorization.
Cloud security should be more proactive than reactive. Encrypting data end-to-end is a proactive move that ensures that even if the worst happens i.e. in-transit data getting into the wrong hands — it’ll still be secure and unreadable. This is achieved by turning plain text into an unreadable code. It is only converted back to plain text with a carefully guarded encryption key. End-to-end encryption keeps data protected at every point across the communication chain.
Secure Sockets Layer (SSL) certificates enable encrypted communications between a web server and browser. This protects sensitive data such as credit card information, data files from being stolen or tampered with. SSL certificates are issued by Certificate Authorities (CAs), which are organizations that are trusted to verify both the identity and the legitimacy of the entities requesting the certificate. Part of importance of SSL certificates is producing a layer of user trust in SaaS applications. When users enter the application URL with an expired SSL certificate or without one at all, their browser could alert them that the it may not be safe.
Safe Access to Production
Securing and monitoring activity across production servers is critical. monitoring for events that could be suspicious, such as package installations and updates, to ensure that configuration management (CI server) system is the only entity managing the production hosts. Also tracking and monitoring code that configures systems to check if users are manually installing packages on hosts which presents unknown security risks.
- Compliance and Security
- Economies of scale apply
- Customer focus on systems and applications due to shared responsibility model
- Visibility, homogeneity, and automation
- Usage based cost
- Low Upfront Infrastructure investments
AWS – Certificate Manager, IAM, Route 53, Codebuild, CloudFront, Elastic Load Balancer.