A New Enterprise Security Pattern: Secure Software as a Service (SaaS)

Santiago Moral-Garcia, Santiago Moral-Rubio, Eduardo B. Fernández, Eduardo Fernández-Medina

Abstract

In recent years, the hiring of Software as a Service (SaaS) from cloud providers has become very popular. The advantages of using these services seem to be many, but organizations need to know and handle a variety of threats. Before using SaaS, organizations should check the security measures offered by the service provider and the defense mechanisms included in their enterprise security architectures. Security patterns are a good way to build and test new security mechanisms, but they have some limitations related to their usability. In order to improve the usability of security patterns, we have defined a new type of security pattern called Enterprise Security Pattern. In this paper, we show a brief description of enterprise security patterns, and document a new pattern that the organizations could apply to protect their information assets when using SaaS.

References

  1. Espadas, J., Concha, D., Molina, A.: Application Development over Software-as-a-Service platforms. In The Third International Conference on Software Engineering Advances (2008).
  2. Turner, M., Budgen, D., Brereton, P.: Turning Software into a Service. Computer, 36 (10), pp. 38-44 (2003).
  3. Ma, D.: The Business Model of Software-As-A-Service. In IEEE International Conference on Services Computing (SCC 2007) (2007).
  4. Fernandez, E., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y.: Classifying Security Patterns. In Progress in WWW Research and Development, pp. 342-347 (2008).
  5. Hafiz, M., Adamczyk, P., Johnson, R. E.: Organizing Security Patterns. Software, IEEE, pp. 52-60 (2007).
  6. Arconati, N.: One Approach to Enterprise Security Architecture. SANS Institute(2002).
  7. Wood, C. C.: Information Security Policies Made Easy. Version 7 (2000).
  8. Fernandez, E. B., Gudes, E., Olivier, M.: Policies and Models. In The design of secure systems (under contract with Addison-Wesley).
  9. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley (2006).
  10. Fernandez, E. B.: Security patterns in practice: Building secure architectures using software patterns. under contract with J. Wiley (To appear in the Wiley Series on Software Design Patterns).
  11. ISO: International Organization for Standarization. http://www.iso.org (retrieved: March, 2012).
  12. BSI: IT Baseline Protection Manual. Federal Agency for Security in Information Technology, Germany(2000).
  13. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-oriented software architecture: A system of patterns. Wiley, (1996).
  14. GIZMODO: Fox News' Twitter Account Hacked. http://gizmodo.com/5817870/fox-newstwitter-account-hacked-claims-barack-obama-is-dead (retrieved: March, 2012).
  15. Fernandez, E. B., Mujica, S., Valenzuela, F.: Two security patterns: Least Privilege and Security Logger/Auditor. In Asian PLoP (2011).
  16. Google: Businesses share their stories - Google Apps. http://www.google.com/apps/intl/en/ customers/index.html (retrieved: March, 2012).
Download


Paper Citation


in Harvard Style

Moral-Garcia S., Moral-Rubio S., B. Fernández E. and Fernández-Medina E. (2012). A New Enterprise Security Pattern: Secure Software as a Service (SaaS) . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 14-26. DOI: 10.5220/0004088500140026


in Bibtex Style

@conference{wosis12,
author={Santiago Moral-Garcia and Santiago Moral-Rubio and Eduardo B. Fernández and Eduardo Fernández-Medina},
title={A New Enterprise Security Pattern: Secure Software as a Service (SaaS)},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={14-26},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004088500140026},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - A New Enterprise Security Pattern: Secure Software as a Service (SaaS)
SN - 978-989-8565-15-0
AU - Moral-Garcia S.
AU - Moral-Rubio S.
AU - B. Fernández E.
AU - Fernández-Medina E.
PY - 2012
SP - 14
EP - 26
DO - 10.5220/0004088500140026