Welcome
This website tries to provide guidance on several topics regarding Software-as-a-Service applications. First, we provide guidance for security and privacy challenges regarding a new and existing publisher - SaaS provider, both from and end user perspective (the SaaS platform being hosted in the cloud) as from a provider perspective. Secondly, we offer guidelines on securing the applications and services themselves, from the perspective as a software vendor : considerations on software development, authentication and identity, publishing and licensing, software protection, reverse engineering protection, application server security, (in) payment processing, key management, etc. Finally, we try to provide guidelines for developing SaaS models for security vendors which are becoming part of the architecture of the cloud itself, similar to traditional security.
zaterdag, 09 mei 2015 00:00
Compliance Guidance workshop for SaaS Providers
Written by Ulrich Seldeslachts
Join the Nebucom SaaSification Security Bootcamp June 23rd on Compliance. Regulations, certifications, standards from different perspectives are not only a constant challenge for enterprise organizations, but increasingly so for SaaS providers. SaaS customers are rightfully extending their liabilities to their cloud providers. Or not? Join the debate, learn about the major challenges and deep dive into managing the challenges and issues with the Nebucom team.
Protecting the source code of an application can originate from several motivations. Modern applications are becoming more and more the result of an expensive, intensive development cycle and should be protected against adversaries. You don't leave high profile assets unprotected, neither should your source code be. Besides the economical factor, it is also a problem for security. Source code is often the place where crackers or adversaries in general will look when they want to bypass some sort of authentication. The general rule however, still holds: "Never rely on security through obscurity". Nevertheless,you should not make it too easy, it…
Tagged under
zondag, 14 december 2014 00:00
First SaaSification Security Bootcamp Activities
Written by Ulrich Seldeslachts
On December 1st, the SaaSificationSecurity.com as part of the Nebucom.be activities organized its first SaaSification Security bootcamp. Intended to starters of Software as a Service companies, starting or enhancing their applications, by providing them guidance on the technical and business challenges related to security and privacy in their SaaS platforms. The first bootcamp dived into the challenges related to the cloud, general infrastructure security challenges, touched upon data protection issues, distribution of keys and securing data and applications and protection code based upon OWASP challenges and other. Participants joined us mainly from developers and operators of private clouds, being…
zaterdag, 13 december 2014 00:00
ENISA: European approach towards secure cloud adoption
Written by Dario Incalza
An interesting presentation to follow was the one where ENISA highlighted what actions the European Union is taking to ensure a guided form of cloud adaption for governments and to put a firm and secure cloud strategy implementation into place. It does this by providing frameworks and procurement guidelines for adopting cloud services. We go into more detail regarding risk assessment and management for Small and Medium Enterprises (SMEs). We end with the challenges that are still present for the financial and e-Health sectors. ENISA is active and operational in several fields being: providing recommendations to member states on security…
Tagged under
The adaption of Software-as-a-Service and cloud solutions in general, is starting to become popular. However we are trusting these cloud providers with our most valuable asset, our data. Data breaches are happening all the time, as cloud providers are interesting targets for hackers who are after creditcard information or other sensitive information. Certain questions arise when you migrate your applications, and by doing this also your data, to the cloud. What can we do with data migrating to the cloud? What type of security measures can be taken? It is obvious that we (the good guys) need to be right…
Tagged under
zaterdag, 13 december 2014 00:00
Security and Transparency: How Google Handles Data by Eran Feigenbaum
Written by Dario Incalza
A company like Google has a lot of challenges to tackle when it comes to security. Not only due to the scale of their services but also the complex structure of their applications makes it hard to implement a good security strategy. Nevertheless they seem to do a pretty good job in securing their platforms. So it is interesting to know how they do this. Eran Feigenbaum, Director of Security at Google Apps, gave a keynote presentation on this topic and what follows is a summarized article. First and for most, as a Chief Information Security Officer (CISO) at a…
Tagged under
donderdag, 20 november 2014 00:00
Understanding the Risk of Shadow IT: How to Enable Secure Cloud Adoption by James Todd
Written by Dario Incalza
A lot of different consumer services in the cloud are available nowadays. If you want to have a good data driven IT management strategy in your company, you will need to acknowledge that besides the sanctioned IT cloud solutions there is also something we call "shadow IT". These are consumer services running in your company network without being sanctioned by the IT department. The fact that these employees bring these services into their workplace can pose significant security issues. It is estimated that today, 72% of the IT professionals do not know the scope of shadow IT at their companies.…
Tagged under
Things get interesting when you put some of the biggest cloud providers together on stage and you basically give the crowd control on the questions to ask. This interactive Q&A had a lot of interesting people on board: Eran Feigenbaum, Director of Security, Google Apps Tim Rains, Director, Trustworthy Computing, Microsoft Kay Hooghoudt, Director Business Development Managed Cloud, Atos/Canopy Cory Louie, Trust, Safety & Security, Dropbox David Lenoe, Director, Secure Software Engineering, Adobe Here is a summary of the (short) Q&A: Q: What are your opinions about information sharing of user data? Adobe: Information sharing in a responsible way should…