Comments on: SaaS Brings Increased Responsibilities http://blog.simeonov.com/2007/02/08/saas-brings-increased-responsibilities/ Simeon Simeonov on entrepreneurship, innovation & venture capital Fri, 12 Mar 2010 19:03:30 +0000 http://wordpress.com/ hourly 1 By: Amazon Web Services Outage: Causes And Remedies « HighContrast http://blog.simeonov.com/2007/02/08/saas-brings-increased-responsibilities/#comment-17124 Amazon Web Services Outage: Causes And Remedies « HighContrast Sat, 16 Feb 2008 18:13:21 +0000 http://simeons.wordpress.com/2007/02/08/saas-brings-increased-responsibilities/#comment-17124 [...] Jesse Robbins over at O’Reilly has a good post comparing how Amazon dealt with the situation to how Salesforce responded to its infamous outage a couple of years ago. I’ve also blogged before about how SaaS brings increases responsiblities. [...] [...] Jesse Robbins over at O’Reilly has a good post comparing how Amazon dealt with the situation to how Salesforce responded to its infamous outage a couple of years ago. I’ve also blogged before about how SaaS brings increases responsiblities. [...]

]]> By: Simeon Simeonov http://blog.simeonov.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3612 Simeon Simeonov Wed, 14 Feb 2007 00:43:20 +0000 http://simeons.wordpress.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3612 Ken, valid points. Totally agree with (2). Re: (1), it's necessary but not sufficient. Manual pen testing doesn't have sufficient coverage to ensure solid vulnerability analysis. Ken, valid points. Totally agree with (2). Re: (1), it’s necessary but not sufficient. Manual pen testing doesn’t have sufficient coverage to ensure solid vulnerability analysis.

]]> By: Ken Rudin http://blog.simeonov.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3602 Ken Rudin Mon, 12 Feb 2007 14:37:33 +0000 http://simeons.wordpress.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3602 Simeon -- Thanks for bringing up an extremely important topic for SaaS vendors. As the CEO of LucidEra (a company providing a complete Business Intelligence On Demand solution), a lot of my waking hours are spent ensuring that out customers' data is safe and secure. There are two important points I'd like to add: 1) At a minimum, every SaaS vendor should engage the "good guys" by hiring a team of "good guy" hackers to perform penetration testing. There are several firms (sometimes called "white hat hacker" firms) that for a fee they will attack your system and give you an audit report of the results. At LucidEra, we have hired firms like this and set up a clone of our production environment for them to attack (with dummy data, so no real customer data will be compromised), and then we make the audit report available. 2) There is a trend with traditional software vendors to take their software and host it so they can take part in the trend towards on-demand software. The problem is that their software was designed to have the kind of security that's appropriate for software that is going to be installed in a customer's data center, behind the customer's firewall. But, the security requirements for software delivered as a service to thousands of separate customers simultaneously are very different and much more stringent. Trying to retrofit on-premise software to make it secure in an on-demand world is very complicated and risky. That's why at LucidEra we built a brand new Business Intelligence platform from the ground up, and the security requirements that are unique to the SaaS world are core to the design. Simeon — Thanks for bringing up an extremely important topic for SaaS vendors. As the CEO of LucidEra (a company providing a complete Business Intelligence On Demand solution), a lot of my waking hours are spent ensuring that out customers’ data is safe and secure. There are two important points I’d like to add:

1) At a minimum, every SaaS vendor should engage the “good guys” by hiring a team of “good guy” hackers to perform penetration testing. There are several firms (sometimes called “white hat hacker” firms) that for a fee they will attack your system and give you an audit report of the results. At LucidEra, we have hired firms like this and set up a clone of our production environment for them to attack (with dummy data, so no real customer data will be compromised), and then we make the audit report available.

2) There is a trend with traditional software vendors to take their software and host it so they can take part in the trend towards on-demand software. The problem is that their software was designed to have the kind of security that’s appropriate for software that is going to be installed in a customer’s data center, behind the customer’s firewall. But, the security requirements for software delivered as a service to thousands of separate customers simultaneously are very different and much more stringent. Trying to retrofit on-premise software to make it secure in an on-demand world is very complicated and risky. That’s why at LucidEra we built a brand new Business Intelligence platform from the ground up, and the security requirements that are unique to the SaaS world are core to the design.

]]> By: SaaS Brings Increased Responsibilities : Lance Tracey http://blog.simeonov.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3590 SaaS Brings Increased Responsibilities : Lance Tracey Sat, 10 Feb 2007 19:56:44 +0000 http://simeons.wordpress.com/2007/02/08/saas-brings-increased-responsibilities/#comment-3590 [...] SaaS Brings Increased Responsibilities: “ [...] [...] SaaS Brings Increased Responsibilities: “ [...]

]]>