So far, I’ve explored some of the ways physical and application security contribute to a secure and robust SaaS offering. In this, the third part of my 4-part series, I’ll discuss network security.
To get this article started, I think we need to define what a network is. To put it simply, the network in a SaaS offering is the infrastructure by which the web browser communicates with the web application. A simple example is connecting to Facebook... where Internet Explorer is the web browser and Facebook is the application. Most networks include physical components like routers, firewalls, switches and even the actual wires. It also includes the "language" of communication like TCP/IP, HTTPS or SMTP.
The networking infrastructure that impacts a SaaS offering can be divided into two parts, the part of the infrastructure inside the data center and the part outside the data center. To put it another way, some parts of the network is in the sole control of the SaaS vendor and some parts are not.
Networking outside of the data center involves transmitting data over the Internet. To achieve this, various security mechanisms have been developed to send your information as it moves through the internet:
- SSL or Secure Sockets Layer was developed so that information could securely pass through the Internet in an encrypted format. SSL works by encoding all information sent over the Internet - from the sender to the recipient. Even if a hacker were to access the transmission, they would not be able to decipher it. Ask your SaaS vendor about their ability to provide SSL.
- VPN or Virtual Private Network is another way to make sure the information passed over the Internet is secure. Essentially a VPN connection creates a dedicated network pipe that only your transmitted Internet data passes through. For the highest level of security between your office and your SaaS vendor, ask about a dedicated VPN connection, this option will often be over and above the normal level of security provided by your SaaS vendor and so it will cost a bit more.
As is true for many things, you're only as secure as your weakest link. Keep in mind that if you spend the money to have a secure connection from your SaaS vendor to your office, be sure that you don't open up a doorway to that information like an open WiFi connection or a physical network jack that anyone can connect to.
Networking inside the data center
The security built into the network within the data center is primarily focused on one thing; prevent potential attacks from getting inside the SaaS vendor's infrastructure and to your data. Although most of the methods of securing a network within a SaaS vendors offering are quite involved and require a high level of expertise I will go over some of the basics:
- Network architecture is the actual design of the network infrastructure within the data center, think of good network architecture like a well designed bank vault, vaults usually have more than one lock and each one is more complex as you get closer to the inner vault. Secure networks usually include various traps and pitfalls to turn away hackers, devices such as Firewalls and techniques like VLANs or network segregation keep the network within your SaaS vendor's data center safe.
- Monitoring network traffic coming into the data center for abnormal access allows your SaaS vendor to react and deter Denial of Service (DoS) attacks or "zero day" attacks by recognizing the footprint of an attack before it can become a problem.
- Preventative maintenance keeps everything running smoothly, your SaaS vendor should perform regular firmware updates to all networking equipment and regular updates to other parts of the network including the operating systems running the application.
Finally, I would like you to take a moment to consider an important truth about network securty - all the information passing between you and your SaaS vendor over the Internet does not necessarily require the same level of security. Some information, like your password, must be secure in order to prevent your account from being stolen (see Web Application Security), while other information, like a public blog post may need very little security as its purpose is to let as many people read it as possible.
Check the final installment of this series on SaaS security where I discuss the security of your data and summarize the series.
Jump on a quick call with our intranet experts and learn how a secure platform could help your business.