Link to home
Start Free TrialLog in
Avatar of dimensionav
dimensionavFlag for Mexico

asked on

What is the best way to protect user's information in a cloud software?

Hi,

I'm developing a cloud sofware and I have some doubts about what's the best way for protecting the login. I'm looking for some scheme that could defend the database information in case of an attack via users. The software is being developed with Codeigniter.

Regards!
SOLUTION
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Only one addition to @gr8gonzo's excellent summary.  Dump CodeIgniter right now and never look back.  It's 2014 and nobody starts a project with CodeIgniter any more.  Invest some of your time and energy to learn Laravel instead.  

Here's why:
http://www.sitepoint.com/best-php-frameworks-2014/
SOLUTION
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Schuyler Dorsey
Schuyler Dorsey
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Schuyler Dorsey
Schuyler Dorsey
Flag of United States of America image
You could also look at Cloud Security Alliance CCM.. but it's hit and miss how much weight your clients may put into it. Some consider it to be a very self-serving framework.

But regardless, even if you don't strive to certify against CSA, it's a good framework and starting point.
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image
I wasn't trying to overwhelm him with acronyms off the bat, but you also have to consider the data you're protecting. A lot of what Schuyler just listed is great when you need to be in compliance with different standards, but there's a cost/benefit ratio to everything. For example, a web service that generates memes probably doesn't need to worry about a lot of these things.

In most cases, unless you're setting up your own hardware and infrastructure, you just need to examine what the hosting provider offers in terms of security. "Who has access to what" is a huge overlapping question in different compliance standards.

Just bear in mind that the more sensitive the data, the more strict the security needs to be.
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial