Security Ideas for SaaS Apps

Software-as-a-Service (SaaS) apps have the same security challenges as any other web-based products. The good news is that many SaaS apps are more secure than installed enterprise apps due to more timely roll outs of security enhancements and better economies of scale for vulnerability testing.

Here are some simple best practice security-related ideas for SaaS apps:

  • Require more complicated passwords for users (e.g. at least eight characters with upper case, lower case, and numbers included)
  • Enforce two-factor authentication for any power users
  • Audit the application quarterly with vulnerability scans, cross site scripting scans, and SQL injection scans
  • Limit server access to as few people as possible and enforce IP address white listing
  • Authorize individual machine access after email confirmation
  • Expire user passwords on a regular basis

SaaS security best practices are well known at this point and should be implemented early on for apps that contain confidential information.

What else? What are some other security ideas for SaaS apps?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.