Many organizations are taking advantage of the wide range of specialized IT services available through Application Service Providers (ASPs) and Software as a Service (SaaS) providers. In some cases, these organizations are outsourcing functions previously handled in-house. In other cases, they are using service providers to provide new and innovative capabilities to their customers and employees.
While the use of service providers has proven beneficial at a business level, integrating these companies into the network and processing environment raises obvious security concerns. SystemExperts has performed hundreds of service reviews and has developed a rigorous methodology to do these reviews quickly and to do them well. We offer three specific ASP and SaaS related services.
When an organization contracts with a service provider, it needs to be able to fully utilize the services while not putting its own private data or internal IT infrastructure at risk. Further, in situations where employee or customer-private data is actually transferred to the service provider for processing, it needs to know that the service provider is safeguarding that data to the same standards that the contracting company would itself. Organizations also need to be sure that their data is properly protected from the service provider's other customers which may be sharing the same processing environment.
SystemExperts conducts service provider security reviews on behalf of service consumers, evaluating the design of the service, the skill of the personnel, the security of the infrastructure, and the adequacy of the processes and mechanisms that are used to maintain the production service and respond to threats. We often use ISO 27002 as a framework for these reviews.
For organizations that use many service providers, building a specialized connection to each one, itself, creates a security problem; everything is a special case so there is no stable baseline by which to measure the security of each service provider connection.
SystemExperts helps organizations solve this problem by developing a Service Provider Architecture. This architecture consists of criteria for determining the business and functional requirements of the service provider links, and a set of well designed, secure connection models. Using this approach, the previously chaotic and unsecurable situation is simplified to a handful of well defined, well understood, connection models that properly satisfy the business requirements.
As consumers of services begin to take security seriously, ASPs and SaaS companies are constantly being asked, "How secure are you?" Many customers insist on regular independent security reviews. Consequently, an increasing number of service providers are taking proactive security measures. They are having their environments professionally reviewed on a regular basis and are sharing the results of these objective reviews with their existing and potential customers. ISO 27002, the Code of Practice for Information Security Management, has emerged as the widely accepted standard for these objective reviews.
SystemExperts is highly skilled at performing such reviews and preparing documentation that addresses the security concerns of service provider customers.
SystemExperts can help with all your ASP and SaaS security services. Request your consultation today with our security experts.
Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.