ASP Security and SaaS Services
Many organizations are taking advantage of the wide range of specialized IT services available through Application Service Providers (ASPs) and Software as a Service (SaaS) providers. In some cases, these organizations are outsourcing functions previously handled in-house. In other cases, they are using service providers to provide new and innovative capabilities to their customers and employees.
While the use of service providers has proven beneficial at a business level, integrating these companies into the network and processing environment raises obvious security concerns. SystemExperts has performed hundreds of service reviews and has developed a rigorous methodology to do these reviews quickly and to do them well. We offer two specific ASP and SaaS related services.
For Application Service Providers and Software as a Service Providers
As consumers of services begin to take security seriously, ASPs and SaaS companies are constantly being asked, “How secure are you?” Many customers insist on regular independent security reviews. Consequently, an increasing number of service providers are taking proactive security measures. They are having their environments professionally reviewed on a regular basis and are sharing the results of these objective reviews with their existing and potential customers. ISO 27002, the Code of Practice for Information Security Management, has emerged as the widely accepted standard for these objective reviews.
SystemExperts is highly skilled at performing such reviews and preparing documentation that addresses the security concerns of service provider customers.
For Consumers of Services
When an organization contracts with a service provider, it needs to be able to fully utilize the services while not putting its own private data or internal IT infrastructure at risk. Further, in situations where employee or customer-private data is actually transferred to the service provider for processing, it needs to know that the service provider is safeguarding that data to the same standards that the contracting company would itself. Organizations also need to be sure that their data is properly protected from the service provider’s other customers which may be sharing the same processing environment.
SystemExperts conducts service provider security reviews on behalf of service consumers, evaluating the design of the service, the skill of the personnel, the security of the infrastructure, and the adequacy of the processes and mechanisms that are used to maintain the production service and respond to threats. We often use ISO 27002 as a framework for these reviews.
Contact SystemExperts for your Consultation
SystemExperts can help with all your ASP and SaaS security services. Request your consultation today with our security experts.