dimensionav
asked on
What is the best way to protect user's information in a cloud software?
Hi,
I'm developing a cloud sofware and I have some doubts about what's the best way for protecting the login. I'm looking for some scheme that could defend the database information in case of an attack via users. The software is being developed with Codeigniter.
Regards!
I'm developing a cloud sofware and I have some doubts about what's the best way for protecting the login. I'm looking for some scheme that could defend the database information in case of an attack via users. The software is being developed with Codeigniter.
Regards!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could also look at Cloud Security Alliance CCM.. but it's hit and miss how much weight your clients may put into it. Some consider it to be a very self-serving framework.
But regardless, even if you don't strive to certify against CSA, it's a good framework and starting point.
But regardless, even if you don't strive to certify against CSA, it's a good framework and starting point.
I wasn't trying to overwhelm him with acronyms off the bat, but you also have to consider the data you're protecting. A lot of what Schuyler just listed is great when you need to be in compliance with different standards, but there's a cost/benefit ratio to everything. For example, a web service that generates memes probably doesn't need to worry about a lot of these things.
In most cases, unless you're setting up your own hardware and infrastructure, you just need to examine what the hosting provider offers in terms of security. "Who has access to what" is a huge overlapping question in different compliance standards.
Just bear in mind that the more sensitive the data, the more strict the security needs to be.
In most cases, unless you're setting up your own hardware and infrastructure, you just need to examine what the hosting provider offers in terms of security. "Who has access to what" is a huge overlapping question in different compliance standards.
Just bear in mind that the more sensitive the data, the more strict the security needs to be.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here's why:
http://www.sitepoint.com/best-php-frameworks-2014/