The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.
December - 2008 - issue > Technology
Protect Your SaaS from Cyber Crimes
Sasi Kumar Srinivasan
.jpg "Sasi Kumar Srinivasan")
Criminals from any part of the world can use the free services of an email software hosted as an Internet service to exchange their plans about an intended attack. They can simply close their free email account after the attack is carried out. In such a case, the SaaS vendor has to provide whatever information is required by the Cyber Crime Police for investigation purposes.
Similarly, criminals can set up their own fake website that resembles a genuine one in totality and can send fake emails to the victims for harvesting their personal information such as, credit card number, card verification value (CVV) number, bank account password, etc., and use those personal information at the original website to get access to the victims' bank accounts.
This article focuses on the roles and responsibilities of SaaS vendors to prevent Cyber Crimes and also retain necessary information for the post-attack investigation purposes.
Website Identity and Phishing
SaaS based services are accessed by simply typing the services' website URL in the browser. This URL is the unique address and identity of the SaaS to the external world. For example, http://www.zohomail.com is the unique identity of Zoho Mail service. To provide safe and secure access to the customers, the SaaS has to be hosted as a https service and the website URL has to be certified by a reputed issuing authority, so that, the website identity verification is done by the browser itself.
|
|
