In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud, including the state of software-as-a-service (SaaS) application security services as well as what enterprises need to know when securing their own applications in a platform-as-a-service (PaaS) environment.
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve.
In this part:
Security services delivered from the cloud remove the management burden from organizations overburdened by day to day IT chores and those lacking the capital and human resources to adequately address information security. Messaging security, vulnerability management and antimalware SaaS are among the security services that make perfect sense for enterprises and smaller organizations looking to offload commodity security solutions to a cloud-based provider. Despite the relative business sense these services make, there are still pros and cons of security SaaS versus an on-premise solution managed in-house. In this session, learn the features and architecture options you have with security SaaS, as well as the benefits and cautions you need to consider, and learn what questions to ask internally to determine if this option makes sense for your business.
Many organizations are transitioning portions of their application infrastructure to PaaS providers, but are quickly learning that traditional IT security methods won’t always be the most effective for securing cloud applications and their data. This tip offers a brief overview of the unique challenges of securing applications on a cloud-based platform, and an analysis of the new technologies and techniques emerging to help organizations reduce the risk associated with a cloud application platform that they are securing themselves.
Podcast: Elements of SaaS security
In this podcast, Diana Kelley examines the feature-set options available from SaaS security service providers today, including Web access management, malware and vulnerability scanning, log management and SIM, storage/backup and payment system security.
Quiz: Cloud application security best practices
Reinforce your knowledge of the key concepts of this lesson by taking this five-question quiz.