Security Considerations for Software as a Service (SaaS)

Previous article in series – Security Considerations for PaaS

When SaaS is consumed from a public cloud service provider, the security options that the customer can control may be only at the application level. In that model, application security is the responsibility of the cloud service provider, but the customer retains responsibility for identity access and authorization processes. In a public cloud scenario, this requires a high degree of trust in the cloud vendor because they have complete control of the infrastructure and platform layers. While network security is not typically considered a part of SaaS, customer due diligence efforts should clarify all security responsibilities and use SLAs and contracts to define cloud vendor and cloud customer responsibilities.

It is important to note that many SaaS applications are offered from an environment that has independent PaaS or IaaS service providers. They also may be part of an app store. Customers should investigate all subcontracting and service supplier relationships to ensure sufficient attention is paid to security requirements and responsibilities. Customers should also guard against malware maliciously posted into an app store. Although SaaS is not concerned directly with storage, you should ensure that data is encrypted as it travels across the internet, and if the data is stored at a public cloud vendor facility, you should do due diligence on storage encryption mechanisms and the overall storage architecture.

SaaS: Data Segregation

Multitenancy is one of the major characteristics of cloud computing. As a result of multitenancy, multiple users can store their data using the applications provided by SaaS. Within these architectures, the data of various users will reside at the same location or across multiple locations and sites. With the appropriate permissions, or falling prey to attack methods, the data of customers may become visible or possible to access.

Typically, in SaaS environments, this can be achieved by exploiting code vulnerabilities or injecting code within the SaaS application. If the application executes this code without verification, then there is a high potential of success for the attacker to access or view other customers’ / tenants’ data. A SaaS model should therefore ensure a clear segregation for each user’s data. The segregation must be ensured not only at the physical level but also at the application level. The service should be intelligent enough to segregate the data from different users. A malicious user can use application vulnerabilities to handcraft parameters that bypass security checks and access sensitive data of other tenants.

SaaS: Data Access and Policies

When allowing and reviewing access to customer data, the key aspect to structuring a measurable and scalable approach begins with the correct identification, customization, implementation, and repeated assessments of the security policies for accessing data. The challenge associated with this is mapping existing security policies, processes, and standards to meet and match the policies enforced by the cloud provider. This may mean revising existing internal policies or adopting new practices where users can only access data and resources relevant to their job function and role.

The cloud must adhere to these security policies to avoid intrusion or unauthorized users viewing or accessing data. The challenge from a cloud provider perspective is to offer a solution and service that is flexible enough to incorporate the specific organizational policies put forward by the organization, while also being positioned to provide a boundary and segregation among the multiple organizations and customers within a single cloud environment.

First article in series – Cloud Computing: Shared Security Model