Testing the Foundation for Secure Access to SaaS Products

Chris Williams SaaS, Security, SMB, SME

Encryption is the first line of defense for data accessed through publicly accessible web applications. That’s why it’s so important to validate that your public web applications are configured as securely as possible when it comes to SSL and TLS. The good news is that Qualys SSL Labs offers a free, easy to use web-based tool that tests public web servers for SSL, TLS and PKI configuration issues. The service has been around since 2009 and continues to quickly incorporate checks for known vulnerabilities like Heartbleed. Chances are that your customers are using similar tools to perform non-intrusive checks against …

The SaaS Provider Dilemma

Chris Williams Executive Leave a Comment

It used to be that SaaS providers could deal with security and compliance related items a couple times a year with limited focus and effort while attempting to check the most common customer-facing Information Security check boxes. This learned behavior evolved more out of necessity than anything else. Many SaaS providers can’t afford the cost to hire dedicated security personnel so existing IT staff are expected to take on Information Security responsibilities, in addition to their existing duties, with little to no further training or mentoring. This is “that” topic neither side wants to talk to the other about. Management …

Taking The Pragmatic Approach to Compliance-Related Security for SaaS Providers – Pt. 1

Scott DeGuilo Security Leave a Comment

You probably know this even if you have never vocalized it; cyber threats to businesses and individuals will continue to evolve and adapt to whatever defensive measures we employ and therefore there is no achievable end-game approach for your security and compliance program. For large businesses with mature security and IT departments the allocation of funds and time to protect their resources is a given. For small to medium businesses (SMBs) it’s just not as simple. When SMBs try to address their security and compliance needs, they are often diverting much-needed resources from their core business objectives, and that’s a …

Taking The Pragmatic Approach to Compliance-Related Security for SaaS Providers – Pt. 2

Scott DeGuilo Security Leave a Comment

Part 2, read Part 1 here In my previous post, I pointed out that because of the evolving nature of security today there is no end-game that a business could prepare for.  Businesses must focus on their core objectives and minimize the security and compliance distractions and try to engineer their security and compliance efforts directly into their intellectual property. With all of that in mind a leader must decide what to do.  Much of the advertising for security services and products portend an imminent calamity about to befall your business, a la, a crime suspense drama you might see …