Be certain that application and infrastructure security requirements are written into your contract with any SaaS provider. Include an audit clause whereby you or a third-party can periodically verify that the required controls are in place.
SaaS brings with it a unique set of challenges for those responsible for security. Barmak Meftah, senior vice president at Fortify Software, says the most important shift is looking at your software vendor not as a product company, but rather as a service provider in a guest commentary over at our CTO Edge site. Sound vendor management practices dictate that any third-party software is at least as secure as in-house packages, Meftah advises.
We've taken his checklist of steps to ensure that a SaaS vendor's solution is secure and listed them in this handy slideshow, but do be sure to check out Meftah's full column. His final piece of advice? Remember that software is secure only when it’s built that way.
When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ... More >>