Connect with the world's leading business experts.
Get instant access to their expertise via world–class Q&A, Research, and Events.
0
What steps do you take for application security?
What steps have you taken to protect your applications and what do you recommend?
Events
- Social Media and Content Marketing For Business Q&A Feb 14 @ 11 am PT
- #TNLive Radio: Workforce Marketing & Recruitment Feb 14 @ 4 pm PT
- The Rise of Pinterest in B2B Feb 15 @ 11 am PT
- ERP – Priming Your Business to Deliver Value From Strategy to Operations Feb 15 @ 1 pm PT
- How Not to Coach Your Salespeople Feb 16 @ 1 pm PT
Related Activity
2 Answers
Get involved early in the SDLC process; look at the logical design to determine how applications are addressing the use of digital identity, access management, identity management, and session management. Working through these issues on my blog on infosecisland.com.
For our BI application Bime, we take the utmost care with security. For example, all data is encrypted and the keys are maintained by the client. At no point do our administrators deal with unencrypted data. In terms of encryption, all Bime accounts include 128-bit SSL security – the same used by online banks.
Backup Data stored in Amazon S3 is protected by the same protocols as their main servers. It is redundantly stored in multiple physical locations as part of normal operation of those services. Amazon ensure object durability by storing objects multiple times across multiple datacenters on the initial write and then actively doing further replication in the event of device unavailability or detected bit-rot. AWS does not perform backups of data that are maintained on virtual disks attached to running instances on Amazon EC2. All of our servers are hosted by Amazon Web Services (AWS). AWS has many years of experience in designing, constructing, and operating large-scale datacenters. This experience has been applied to the AWS platform and infrastructure. AWS datacenters are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.
Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides datacenter access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to datacenters by AWS employees is logged and audited routinely. AWS requires that staff with potential access to customer data undergo an extensive background check (as permitted by law) commensurate with their position and level of access to data.
Answer This Question