Enterprise Applications in the Cloud: A SaaS Security Perspective
The security challenges and mitigation strategies to help you migrate your enterprise applications to the cloud while ensuring your data’s safety.
by Pradnyesh Rane
The software-as-a-service [SaaS] paradigm is rapidly emerging as the next big evolutionary step in software development and deployment. Enterprises are excited about the potential to reduce costs by adopting the SaaS model. At the same time, security has also emerged as the biggest challenge for adoption of SaaS/cloud applications. According to Forrester Inc. (see References), security concerns are the most commonly cited reason enterprises are not currently interested in adopting SaaS.
In the following sections, we will examine the security challenges and the mitigation strategies for migrating enterprise applications to the cloud and ensuring the safety of enterprise data.
Overview of SaaS
SaaS is a software deployment model in which an application is licensed for use as a service that is provided to customers on demand. The SaaS provider may host the application on his own private server farm or deploy it in on a third-party cloud computing infrastructure service such as Amazon, Google, etc. On-demand licensing and use alleviates the burden of equipping hardware with every application deployment.
It also reduces traditional software maintenance, ongoing operation patches, and patch support complexity in an enterprise. As a result, by using SaaS, enterprises can reduce the up-front expense of software purchases through less-costly on-demand pricing from hosting service providers.
The Need for SaaS Security
Enterprise applications have traditionally been deployed on-premise (that is, inside the enterprise perimeter). In such a deployment model, the enterprise data continues to reside within the enterprise boundary and is subject to its access control and compliance policies. In the SaaS model, enterprise data is stored along with the data of other enterprises at the hosting service’s data center. The data might also be replicated at multiple locations across multiple countries to provide high availability.
Most enterprises are uncomfortable with this lack of control and visibility into how their data is stored and secured. They are apprehensive about insider breaches and security vulnerabilities in the applications that can lead to loss of sensitive data and money. There are also significant concerns about the application/data center going offline or the SaaS vendor going out of business and leaving the enterprise stranded.
Consequently, enterprises demand that the security and integrity of their data be addressed if they are to adopt SaaS applications.
SaaS Security Challenges
The following major security issues must be carefully considered when migrating enterprise applications to the cloud.
In the SaaS model, enterprise data is stored along with the application at the SaaS vendor’s data center(s). Consequently, sufficient safeguards should be adopted for data security to prevent the leakage of sensitive information due to application vulnerabilities or malicious privileged users at the SaaS provider’s end.
The SaaS solution should use strong encryption to secure data at rest and fine-grained authorization to control access to data during processing. All access to data, including administrative access, should be logged and routinely audited. These checks are critical to ensure that the data cannot be accessed or tampered with by unauthorized parties.
In a multi-tenant SaaS deployment, the data of multiple enterprises may be co-located in the same data store. Sufficient safeguards should be adopted to ensure that data of one tenant is not accessible to other tenants. Leakage of sensitive business plans and data to competitors due to such vulnerabilities can lead to heavy financial losses.
The SaaS application architecture and data model should be designed to ensure correct data segregation. In case the SaaS application is deployed at a public cloud vendor, additional safeguards should be adopted so that data of one application is not accessible to other applications. A third-party SaaS security assessment is critical to identify such data segregation security issues and resolve them before they can be exploited.
SaaS Application Deployment Security
SaaS providers may choose to deploy their solutions either using a public cloud vendor or host it themselves (the private cloud). Public cloud providers such as Amazon provide infrastructure services that aid in ensuring perimeter and environment security. These, however, should be configured to ensure maximum security. A self-hosted SaaS deployment requires the vendor to assemble these services [firewalls, intrusion detection systems, etc.] and harden it themselves.
A third-party security audit of the SaaS application deployment can be conducted regularly to identify any security issues or threats to ensure the safety of your enterprise data.
In a SaaS deployment model, the data flows between enterprises and the SaaS provider. This data in transit must be secured to prevent leakage of sensitive information.
The SaaS provider should use network encryption techniques such as secure socket layer (SSL) for securing data flow over the Internet and within the SaaS deployment. Sufficient safeguards should be adopted against network security issues such as man-in-the-middle (MITM) attacks, IP spoofing, port scanning, packet sniffing, etc.
A periodic third-party governance, risk, and compliance (GRC) audit of the SaaS application is critical to assess conformance to regulatory standards. This helps identify any compliance issues and ensures that correct business processes are in place.
The SAS 70 standard covers regulatory and security for data centers and service providers. Regulations such as ISO-27001, SOX, GLBA, HIPAA and industry standards such as PCI-DSS mandate controls over the processing of sensitive data. Apart from these, a number of countries have data privacy regulations related to the processing and storage of data.
The SaaS application needs to support high availability to ensure 24/7 services for enterprises. This involves architecting the application and infrastructure so that they are resilient to hardware/software failures as well as to denial of service attacks. Additionally, appropriate business continuity [BC] and disaster recovery [DR] plan needs to be adopted to ensure minimal downtime and meet SLA guarantees committed to the enterprises.
Enterprises should ensure that the SLA contains adequate guarantees covering secure backup and recovery services.
Proven backup and recovery services at the SaaS application, infrastructure and the cloud level are necessary to facilitate disaster recovery and mitigate risks against the loss of sensitive data due to failures.
The backup data should be protected, similar to operational data, using strong encryption mechanisms. These checks are essential to reduce the risk of unauthorized access and leakage of sensitive data.
Identity Management and Sign-on Security
Identity management (IdM) and sign-on components provide services for user-account processing, password management, and secure authentication. The security challenges differ depending upon the IdM and sign-on model used.
A SaaS vendor may provide the complete stack of IdM and sign-on services. In such a scenario, the user information, passwords, etc., are maintained at the SaaS vendor’s site and should be securely stored and processed. The vendor should be able to support the password strength and password expiration policies of the enterprise to comply with regulatory demands.
Alternatively, a SaaS vendor can provide support for user account and credential replication. In such a scenario, the user account processing is done separately by each provider’s customer within the customer’s own boundary. Relevant portions of user-account information are replicated to the SaaS vendor for authentication and authorization capabilities. The SaaS vendor needs to ensure the sanctity of these credentials and prevent their leakage.
In a federated IdM model, the user-account information (including credentials) is managed and stored independently by each customer. The user authentication occurs within the enterprise boundary. The user identities and certain attributes are propagated to the SaaS vendor using federation for authentication and access control. The SaaS vendor and tenants need to ensure that proper trust relationships and validations are established to ensure secure federation of user identities.
Securing SaaS Applications
The following key mitigation strategies can help the SaaS providers ensure the security and integrity of their application and data.
- Secure Deployment: Adopt safeguards against network penetration, denial of service (DoS), etc. Applications deployed on public cloud providers need to harden their deployment configurations.
- Third-party SaaS Security Assessment: Conduct regular application and network vulnerability assessments. These help validate the security and integrity of the SaaS application and its deployment.
- Third-party Governance and Regulatory Compliance Audits: Conduct regular GRC audits that validate conformance to government regulations and industry standards.
Adoption of these SaaS security practices are critical to ensure the security and integrity of enterprise data and lead to wider and faster adoption of the SaaS application.
Forrester Inc., Press Release: “Top Corporate Software Priority Is Modernizing Legacy Applications”, June 8, 2009
Pradnyesh Rane is a domain expert at the Security Competency Center of Persistent Systems (www.persistentsys.com) where he manages the engineering development of security products. He brings over 7 years of security domain experience working in several strategic roles and senior level positions. Pradnyesh graduated from the University of Bombay and earned a masters degree from the Indian Institute of Technology, Bombay (IIT) in Computer Science and Engineering. You can contact the author at firstname.lastname@example.org.