SaaS

Have you been Clickjacking lately? SAS70

 Clickjacking threatens all major internet browsers – internet explorer, Mozilla firefox, Safari and Opera. What is it? Clickjacking is not when your wife takes over the remote control. It is when a browser user puts his mouse on a sign button, but a tag is placed under the button that the user may not see. When the user clicks, he then sends information to an unauthorized source. This could destroy the legitimacy of your web application or you SaaS.

There are several possible solutions to this hacker attack, but only with updates by the browser vendors. Firefox has a stop-gap solution in place – “no-script.” It is a technical solution and not for everyone. If you process credit card information, your SAS 70 auditor will look to see what precautions you have taken. What measures do you have in place?  Trackback URL

Outsource with a Plan - SAS70

As more businesses outsource IT to third-party services, data privacy and integrity are paramount to the success of your operations. The SaaS small and medium businesses have a responsibility to ensure your data is processed correctly and that it is kept safe. SAS 70 audits are requirement.

Before outsourcing to save funds, make sure you have a defined plan. Without it, one small security breach of a politicians’ social security number can destroy your company reputation and your ability to generate new business. This plan should included:

1)definitions related to service levels. You will require your vendor to have uptime of at least 99%.

2) the ability to process your information quickly. Customers accesses your company website and purchasing items should occur relatively fast.

3) reporting functions which allow you monitoring capability and to  capture your data and analyze.

4) a Disaster Recovery plan, a single hardware failure can result in the loss of business.

 SAS70expert at gmail.com

SaaS and SAS70 – SAS70ExPERT

As more outsourcing of applications takes place in this economy by using SaaS(software-as-a-service), is Management producing costs savings? and how many SAS70’s will you be required to collect? From the Data Center operations, the IT support vendor, and the application provider?

When you perform your cost-benefit analysis items to consider are

• Who will benefit from access control for your application
• From where will your visitors/employees/customers be connecting to your information, vpn network, cellphone or pda, or other web enabled device
• Obtain more control over your licensing costs
  

As you develop a strategic plan to use SaaS, build fundamental close relationships with your vendors and define them carefully in your contracts. Constantly update your contracts or service level agreements to match your needs and develop tools to monitor the success of your vendor meeting your requirements.

SAS70 must be performed on your SaaS vendor to provide you with the reliability, confidentiality and integrity of service to be provided to you and your customers. Control objectives may be similar or different, but careful examination of the audit report should be performed in order to determine that your data is secure. SAS70ExPERT.biz