Access "Carefully evaluate providers' SaaS security model"
This article is part of the December 2009 issue of Step-by-step guide to avoiding basic database security risks
As the director of IT for a non-profit, Richard Navarro needed an affordable network monitoring application that would allow his small staff to quickly hunt down the root cause of email outages and other problems. He found what he was looking for from AccelOps, delivered via an outsourcing model that would give most IT administrators pause: software-as-a-service. Did he worry about security? Absolutely. "Who had access to their environment? Where was the environment being stored? What was the change control around it?" These were questions that Navarro, of the Jewish Home of San Francisco, a skilled nursing facility specializing in services for seniors, was asking. His concerns were allayed after conducting an assessment of AccelOps, which included looking at who would be accessing data, how that access would be secured, and what data the vendor would store--no personal health information, only network traffic data. He also made sure data transported from the nonprofit to the vendor was encrypted. SaaS is becoming increasingly attractive to enterprises ... Access >>>
Premium Content for Free.
Is New Google Chromium OS a Security Game-Changer?
Google says Chromium's process isolation and sandbox security features harden the OS from attack.
Carefully evaluate providers' SaaS security model
Enterprises need to make sure a SaaS provider has the proper security controls to protect sensitive data before a contract is signed
- Is New Google Chromium OS a Security Game-Changer?
Basic Database Security: Step by Step
by Adrian Lane, Contributor
Use this checklist to ensure you're following the basics for securing database systems.
Writing security policies using a taxonomy-based approach
by Ravila Helen White, Contributor
Forget structure-driven policy architecture; we'll show you how to build information security policy artifacts using a taxonomy approach that will help you build global policies in a snap.
- Basic Database Security: Step by Step by Adrian Lane, Contributor
Is HITECH Destined to be a Cybercrime Stimulus Act?
The HITECH Act, part of the economic stimulus bill, is intended to foster electronic medical records systems adoption, but will also introduce security and privacy risks to patient medical and billing data.
Editor's Desk: Apathy and the Cybersecurity Coordinator
Six months since President Obama announced he would appoint a cybersecurity coordinator, the position sits vacant. Do you care?
- Is HITECH Destined to be a Cybercrime Stimulus Act?
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...