The past year was a learning curve on Cloud Computing, especially on SaaS providers. More and more ASPs are coming back rebranded as SaaS provider. As a security practitioner, it would be good to have a must have check list that we need to use to assess them. I prepared the following must have check… Continue reading Security Must Haves in a SaaS Provider
ASP to SaaS
A discussion on business model transition from ASP to SaaS
Placing a Vulnerability Assessment Scanner
Where do you put vulnerability assessment (VA) scanners in a very distributed network? Consider a scenario where a company has a presence in North America, Europe, and South Asia. As part of its annual penetration testing environment, the company wants to conduct vulnerability assessment at all its demilitarized zones (DMZ). North America may have DMZs… Continue reading Placing a Vulnerability Assessment Scanner
Unauthentication
by Bruce Schneier In computer security, a lot of effort is spent on the authentication problem. Whether it’s passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated — and hopefully more secure — ways for you to prove you are who you say you are over… Continue reading Unauthentication
Saas as a Strategy
Should we adopt SaaS as a Strategy? A discussion.