Professional Documents
Culture Documents
ONE EBOOK
Intro to
SaaS Security
& Architecture
‘‘
In 2021 the SaaS market is expected
to reach a valuation of $272.49 billion,
and it’s growing around 20% each year.”
The Business Research Company
What’s inside?
Understanding SaaS architecture 3
API Security 8
• Reduced setup and operation costs SaaS architecture can vary signifi-
for the customer cantly between platforms. Some
• Increased scalability as business have additional components, like
nodes in the database layer which
demands grow
can help with scaling or data sepa-
• Increased customizability and flexibility ration in a shared client database.
for individual business use cases
• Reduced integration time/go-live delay — The structure of the application and
quicker to feel the benefit database layers can also vary signifi-
cantly. This depends on the functions
• Easier to deploy, update and maintain
of the service and any third-party
platforms it interacts with.
These benefits are a direct result of SaaS soft-
ware architecture. In its simplest form it con-
sists of two layers: Generally these are
• The database layer (servers that store client
considerations for SaaS
and end-user data) providers themselves.
• The application layer (nodes/servers that But it’s good to have
host the application frontend and backend) a basic understanding
of SaaS architecture to
On top of these two layers sits the delivery
layer, which is where the software and func- inform your understanding
tions meet the user (e.g. an app or web page). of SaaS security.
Below are some key industry-standard security principles for SaaS platforms:
Privilege separation
SaaS platforms should employ a
hierarchy of privilege/privilege sep-
aration for user accounts, applica-
tions, API clients, etc. This ensures
that each user or component in a
system only receives the minimum
software functions or permissions
needed to do their job. An example
would be standard user accounts
lacking editing privileges.
Anything that falls outside the scope of work in your contract likely
won’t be covered in the event of disruption or software failure.
Rate limiting
Rate limiting limits the rate at which API requests can HTTPS and SSL
be made, helping protect against distributed denial of certified servers
service (DDoS) attacks. APIs should always connect via
HTTPS/SSL certified servers.
Without it there’s no way of
Ensure any API you use,
knowing whether data passing
either internally or externally has from the browser to the API is
a rate-limiting system in place. actually encrypted.
Configuration files
Never leave sensitive information Customer Experience Customer Data
like passwords, authorization to- Platform Platform
We allow IP whitelisting
Third-party penetration testing is essential because Why? This seals our vital
it allows us to understand how malicious individuals infrastructure within a tightly
or organizations would approach our system. controlled internal environment
We can then review and fix any vulnerabilities that’s otherwise inaccessible
uncovered in the testing process. without our approval.
Updates
promotions@talon.one
talon.one/book-a-demo