archive.wewear.org

Download Report

Transcript archive.wewear.org 

SaaS Data Security
Experiences From a Provider Point of View
Nestor Zwyhun
[email protected]
What is SaaS?
• ASP?
– Not Really
• SOA, Web Service, On-Demand?
– Answer should be yes to all of above
• Big differences from ASP:
– “Shared Tenant” database
– Single codebase, yet configurable
• Release schedule dictated by provider
• Sometimes daily patch cycles
– Some Examples:
• Salesforce.com, NetSuite, TradeCard
• Ebay, Amazon
What is TradeCard?
Coverage
Payment Protection – Electronic Letter of Credit Factoring – L/C Application
Financing
Automated Pre/ Post Export Early Payment Programs: Buyer/Third Party Funded
Procurement
Purchase Order Order Amendment –
Negotiation
Fulfillment
Invoice/Packing List Customs Invoice Proof of Delivery Data Compliance
Event Management & Notification:
• Workflow
•Event Notifications
• Task Flow
• Reporting
Settlement
Goods Receipt
Adjustments
Buyer Payment
Reconcile Pre/Post Payment Consolidation - Single
Invoice Matching Debit, Multi-Party
Data Compliance Credits
Link to Adjustments
Add-on features:
• Pre-Compliance Checks
• Line Item Data storage &
population
Customization:
• Data Compliance Templates
• Document Validations
• Document Print Versions
Std. Reason Codes Negotiation - Charge
Storage - Auto Allocate to
next Payment
Connectivity:
• EDI Integration
• Customer mapping
New for 2006:
Event Tracking
Vendor Desktop
Business Intelligence &
Analytics
Some TradeCard Statistics
–
–
–
–
$4B Processed in 2005, $7B forecast for 2006
99.981% 2005 Availability - 24/7
18th Release (since Nov 1999)
40 Countries (120 buyers, 1600 factories, 150 service providers)
PROCESSING VOLUME OVERVIEW
Docs Processed: 236881 Com pliance: 38956
300
200
100
0
Msgs Processed: 84676 STP Msg %97
60
40
20
0
3 6
05
9 12 3
06
Thousands of Docs
100
100
95
90
85
80
50
0
3
05
6
9
12
3
06
Thousands of Compliances
DB Size: 899 GB
3 6
05
9 12 3
06
Thousands of M sgs
1000
500
0
3
05
6
9 12
3
06
Percent of M sgs
3 6
05
9 12 3
06
Billions of Bytes
GLOBAL PERFORMANCE - commerce.tradecard.com / commerce.tradecard.cn (Beijing only)
Beijing - 11975m s
Hong Kong - 6643m s
Seoul - 6154m s
Taipei - 6094m s
40000
30000
20000
10000
0
10000
10000
10000
5000
5000
5000
0
0
3 6
05
milliSeconds
9 12 3
06
3 6
05
milliSeconds
9 12 3
06
6000
4000
2000
0
0
3 6
05
milliSeconds
9 12 3
06
Brussels - 3692m s
3 6
05
milliSeconds
9 12 3
06
3 6
05
milliSeconds
9 12 3
06
Third Party Audits
• Sarbanes Oxley Act - Section 404
– In order for management to make its annual assertion on the
effectiveness of its internal control, management will be required to
document and evaluate all controls that are deemed significant to the
financial reporting process. If the organization uses a service
provider to process transactions, host data, or other significant
services, management will look to the service organization for
information on the design and operating effectiveness of the service
organization's controls.
• Audit Types:
– AICPA (American Institute of Certified Public Accountants)
• SAS-70 Type II (www.sas70.com)
• WebTrust (www.webtrust.org)
• Penetration Tests
• Social Engineering Tests
WebTrust Controls
• Security
– The system is protected against unauthorized access (both physical and
logical)
• Availability
– The system is available for operation and use as committed or agreed
• Processing Integrity
– System processing is complete, accurate, timely, and authorized
• Privacy
– Information is collected, used, retained, and disclosed in conformity with the
commitments in the entity’s privacy notice and with the AICPA/CICA Trust
Services Privacy Criteria
• Confidentiality
– Information designated as confidential is protected as committed or agreed
Security
• Physical
–
–
–
–
–
–
Primary Data Center location (away from HQ)
DR (~100 miles away from primary datacenter)
SAS-70 Type II audits for all data centers
Security “air lock”, cameras, access logs
Locked cages
Offsite backup storage
• Logical
–
–
–
–
–
–
Data model level separation
Authentication: two factor
Passwords, Two-factor schemes
Firewalls, Routers, IDS
Full time Internet Security Director
Internal scanning tools
Availability
• Data Center
–
–
–
–
–
Load balancers (F5)
Stateless sessionless architecture
HA (high availability) hardware, N+1
Business Continuity, Disaster Recovery, CERT Teams
Regular Drills
• Internet
–
–
–
–
Great Firewall of China
IP accelerator services (Internap, Akamai)
Keynote Systems
DDOS resistance
• Organized extortion rings (Big deal for name companies)
• ISP assistance
Processing Integrity
• Who’s to Stop Whomever From Fiddling With Your Data?
– Use digital signatures
– Assign all users/systems keypairs
• Validate Signature Upon All Document Accesses
– XML Signed Documents
– Don’t trust the DBA
• Certificate Management
– Server based key storage for usability
– Smartcard / browser based cert issues (complexity)
• User Level Audit
• Versioning / History
Privacy
• Browser
– Simple (128 bit SSL)
• The Back Door
– Messaging
• AS2, S-FTP
– FTP, Email weakness
• Privacy Policy
– Dissemination of information
– Data aggregation
Confidentiality
• Confidentiality
– Information designated as confidential is protected as committed or
agreed
• Information is not just data
– Paper Files
– Overheard voice
• Is customer information protected from employees
who have no reason to see it?
• Is customer data provided to any other sources, or
used for any other purposes within the registering
company?
Conclusion: Simple SaaS Rule of Thumb
• Remember One Word: PAINful
• Privacy
– 128 bit SSL (Browser)
– AS2, S-FTP (Secure File Xfer Protocol)
• Authentication, Authorization
– Two-Factor is best
• Integrity
– Digital Signatures on Stored Data
• = Non-Repudiation
– Legal Framework
The End
[email protected]