slider2

Welcome

This website tries to provide guidance on several topics regarding Software-as-a-Service applications. First, we provide guidance for security and privacy challenges regarding a new and existing publisher - SaaS provider, both from and end user perspective (the SaaS platform being hosted in the cloud) as from a provider perspective. Secondly, we offer guidelines on securing the applications and services themselves, from the perspective as a software vendor : considerations on software development, authentication and identity, publishing and licensing, software protection, reverse engineering protection, application server security, (in) payment processing, key management, etc. Finally, we try to provide guidelines for developing SaaS models for security vendors which are becoming part of the architecture of the cloud itself, similar to traditional security.

Join the Nebucom SaaSification Security Bootcamp June 23rd on Compliance. Regulations, certifications, standards from different perspectives are not only a constant challenge for enterprise organizations, but increasingly so for SaaS providers. SaaS customers are rightfully extending their liabilities to their cloud providers. Or not? Join the debate, learn about the major challenges and deep dive into managing the challenges and issues with the Nebucom team. 
%AM, %18 %041 %2015 %00:%feb

Protecting Code in the Cloud

Written by
Protecting the source code of an application can originate from several motivations. Modern applications are becoming more and more the result of an expensive, intensive development cycle and should be protected against adversaries. You don't leave high profile assets unprotected, neither should your source code be. Besides the economical factor, it is also a problem for security. Source code is often the place where crackers or adversaries in general will look when they want to bypass some sort of authentication. The general rule however, still holds: "Never rely on security through obscurity". Nevertheless,you should not make it too easy, it…
On December 1st, the SaaSificationSecurity.com as part of the Nebucom.be activities organized its first SaaSification Security bootcamp.  Intended to starters of Software as a Service companies, starting or enhancing their applications, by providing them guidance on the technical and business challenges related to security and privacy in their SaaS platforms.  The first bootcamp dived into the challenges related to the cloud, general infrastructure security challenges, touched upon data protection issues, distribution of keys and securing data and applications and protection code based upon OWASP challenges and other.    Participants joined us mainly from developers and operators of private clouds, being…
An interesting presentation to follow was the one where ENISA highlighted what actions the European Union is taking to ensure a guided form of cloud adaption for governments and to put a firm and secure cloud strategy implementation into place. It does this by providing frameworks and procurement guidelines for adopting cloud services. We go into more detail regarding risk assessment and management for Small and Medium Enterprises (SMEs). We end with the challenges that are still present for the financial and e-Health sectors.  ENISA is active and operational in several fields being:  providing recommendations to member states on security…
%AM, %22 %041 %2014 %00:%nov

Anatomy of a data breach

Written by
The adaption of Software-as-a-Service and cloud solutions in general, is starting to become popular. However we are trusting these cloud providers with our most valuable asset, our data. Data breaches are happening all the time, as cloud providers are interesting targets for hackers who are after creditcard information or other sensitive information. Certain questions arise when you migrate your applications, and by doing this also your data, to the cloud. What can we do with data migrating to the cloud? What type of security measures can be taken? It is obvious that we (the good guys) need to be right…
A company like Google has a lot of challenges to tackle when it comes to security. Not only due to the scale of their services but also the complex structure of their applications makes it hard to implement a good security strategy. Nevertheless they seem to do a pretty good job in securing their platforms. So it is interesting to know how they do this. Eran Feigenbaum, Director of Security at Google Apps, gave a keynote presentation on this topic and what follows is a summarized article.  First and for most, as a Chief Information Security Officer (CISO) at a…
A lot of different consumer services in the cloud are available nowadays. If you want to have a good data driven IT management strategy in your company, you will need to acknowledge that besides the sanctioned IT cloud solutions there is also something we call "shadow IT". These are consumer services running in your company network without being sanctioned by the IT department. The fact that these employees bring these services into their workplace can pose significant security issues. It is estimated that today, 72% of the IT professionals do not know the scope of shadow IT at their companies.…
%AM, %19 %041 %2014 %00:%nov

Interactive Q&A with Cloud Providers

Written by
Things get interesting when you put some of the biggest cloud providers together on stage and you basically give the crowd control on the questions to ask. This interactive Q&A had a lot of interesting people on board: Eran Feigenbaum, Director of Security, Google Apps Tim Rains, Director, Trustworthy Computing, Microsoft Kay Hooghoudt, Director Business Development Managed Cloud, Atos/Canopy Cory Louie, Trust, Safety & Security, Dropbox David Lenoe, Director, Secure Software Engineering, Adobe  Here is a summary of the (short) Q&A: Q: What are your opinions about information sharing of user data? Adobe: Information sharing in a responsible way should…
Pagina 1 van 2

@Saasifisecured on twitter