View
1.040
Download
2
Category
Tags:
Preview:
DESCRIPTION
Andrey Bosak, VRP Cloud Services Delivery Director – PaaS security challenges and solutions (salesforce vision).
Citation preview
PaaS security challenges and solutions*
vision
VRP Cloud
Andrey Bosak
Technical Architect
*
Andrey Bosak
• 8 years experience in IT• .Net, Java, ABAP, C++ hands-on
development >2 years each• SAP NetWever trainer at SAP CIS
partner academy• 4 years experience in project
management and solutions architecture design
• Now inspired by Salesforce.com• Head of VRP Cloud Minsk
PaaS security challenges
• Is IT infrastructure reliable?• Is data channel secured?• Who can access my data?• What data is accessible?• Is 3rd party application from App Exchange secure?• Is my custom code secure?• …• What are the long term costs?
Force.com PaaS solution overview• Shared database and middleware
• Proprietary programming and markup languages
(APEX & Visualforce)
• Governor limits
• Standard objects from Sales and Service cloud
• APIs: REST, SOAP, BULK, Metadata
• Configurable layouts, views, workflows and approval
• Reports & Dashboards
Force.com pros & CONS
Pros:
• Easy to start (free environment, workbooks, examples,
declarative approach)
• Standard business objects and functionality
• Declarative point & click tools
• Proven scalability
• Transparent security
• App Exchange
• Governor limits
• Powerful API
Cons:
• Proprietary language
• Governor limits
• Less powerful
development tools
than mainstream
technologies provide
Force.com pros & CONS
Force.com: PaaS security vision of Salesforce
• Infrastructure and network• Users and security• API security• Platform security• Limits• Custom applications security
trust.salesforce.com Infrastructure security• Success is built on trust. And trust starts
with transparency.
• Trust.salesforce.com is the salesforce.com community’s home for real-time information on system performance and security. On this site you'll find:
• Live and historical data on system performance
• Up-to-the minute information on planned maintenance
• Phishing, malicious software, and social engineering threats
• Best security practices for your organization
• Information on how we safeguard your data
Information is taken from trust.salesforce.com site
Users and securityUsers are managed centrally by administrator
User Authentication• Delegated Authentication• Federated Authentication (based on SAML)
Network-based Security
Session Security
System Auditing
Data Auditing
Platform security: User Profile
• System Permissions• Administrative Permissions• Reports• Data
• Component Permissions• Applications• Tabs• Record types• Apex classes• Visualforce pages
• Record-based Sharing
API and programmatic security
• Security tokens• OAuth 2.0• API-enabled and API-Only
permissions• Crypto library
Governor limits as security mechanism• Heap size• Attachment size• Page size• Number of code-lines• Outbound calls• Page requests• API calls• Database queries• … and other possibilities of your application are
limited thus limiting security vulnerabilities
Force.com Security Scanner
• Force.com Security Source Scanner
• Web Application Security Scanner
Summary
• Force.com uses industry standards and best practices to provide centralized, powerful and flexible security architecture for cloud solutions
• Reliable and distributed IT infrastructure, energy-effectiveness and transparency are considered now to be a MUST for PaaS providers
• Security in all its aspects now is among the most important things why customers choose Cloud. And taking into account emerging information security threats soon it might become the most important. So build your cloud right or choose right PaaS provider
Questions?
Recommended