I have a new post over on Intel's Security Gateway blog on using Security Gateways for Achieving unified control, visibility, and compliance for SaaS applications. The post looks at mapping the technical information security policy to the attack surface and closing out technical gaps with a Security Gateway.
Technical Information Security Policy
The first step to delivering the right control and visibility architecture for SaaS is to formalize the enterprise’s goal in a Technical Security Policy. The security policy lifecycle begins with policy creation and development. The Security architect must collaborate with policy authors, management, development and operations to define specific technical policies that will enforce the security architecture decisions. These policies may govern issues such as:
- Define allowable & non-allowable usage
- Security token types & issuers
- Integrity requirements
- Logging & monitoring requirements
- Access control protocols
- Message and Channel Encryption
The overall goal of the post is to show how to find the right policy and put it into action, read the whole thing here.