Internet/Network Security/Securing a SaaS


The environment: a small 50 person company with a software as a service product that is gaining traction with the fortune 100.  Everyone and everything is moving very quickly to add in the rapid fire feature requests coming from the giant customers.  Security has been taking a back seat with basic firewalling, PCI and SAS70 compliance brought in through the hosting environment.  Currently the stack is windows based but there is talking of moving everything linux for scalability.  This is a very open ended question.  No wrong answer.  :-)  If you were in such a situation where you were network security manager (and network manager generally) with no direct reports and things were going a million miles an hour - what would be the five most important aspects of security you would focus on?  When I go and look at the IT Governance books and other models they look like they were written for an environment that is not anything like start up.  I appreciate your opinion!

This may be a good opportunity to get some managed services in to help.

Here is my quick, from the gut answer
-Secure public facing junction points-from locking down at the OS level, to access control, to web app blackbox scans and remediation
-Secure private data in transit(encrypt) and at rest(encrypt, Access control)
-Limit access to sensitive systems inside the firewall, segregate them from the external access layer
-Lock down endpoints that have access to sensitive data and limit the use of browsers to less privileged users to help mitigate
-Backup data, secure who has access

Internet/Network Security

All Answers

Answers by Expert:

Ask Experts


John M. Sopp


I specialize in vulnerability management including Systems and Network Vulnerability Scanning, Vulnerability remediation/Patch Management, and Vulnerability Monitoring. I am also versed in Windows Workstation and Server Operating systems, endpoint protection technologies, risk assessment, and developing security guidelines and metrics.


I have worked in the IT security field and in IT at various levels from "help desk" and incident response roles, to security administration and engineering since around 2002.

Bachelor of Science, Computer Security/Computer Science GIAC GPEN Certified NSA 4011/4012 Certified

©2016 All rights reserved.