SlideShare a Scribd company logo

Building Multi-tenant, Configurable, High Quality Applications on .NET for any Cloud – Demystified

Download as PPTX, PDF
Techcello
Techcello

The document outlines a framework for building multi-tenant, highly secured applications on .NET for any cloud environment, emphasizing SaaS lifecycle management and significant reductions in time and costs. It covers security measures such as tenant data isolation, authentication methods, role-based access control (RBAC), and highlights the top threats to web applications as per OWASP. Additionally, the document provides insights into encryption practices, auditing processes, and contacts for further information.

Technology
1 of 18
Downloaded 51 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Building Multi-tenant Highly Secured Applications on .NET for any Cloud - Demystified 26-Jun-2013 www.techcello.com (A Division of Asteor Software Inc)
© Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
© Techcello www.techcello.com Techcello Introduction  Cloud Ready, SaaS/Multi- Tenant Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way enterprise softwares are built and managed  Saves anywhere between 30- 50% of time and cost
© Techcello www.techcello.com Speaker Profiles  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing CelloSaaS framework  Plays consultative role with customers in implementing technical solutions Jothi Rengarajan Senior Technical Architect TechCello James McGovern Chief Architect Hewlett-Packard  One of the top 10 enterprise technologists in the world  Has authored more than 6 books on computing and dozens of published articles  Twenty years experience in developing, managing and deploying large scale technology systems, business processes, and strategies
© Techcello www.techcello.com Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data.  Tenant data isolation  RBAC – Prevent unauthorized action  Data security  Web related top threats as per OWASP  Security Audit trail Security in Multi-Tenancy
© Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
© Techcello www.techcello.com Authentication • Kinds of authentication tokens and source • Username Password • Multi factor authentication • Claims based Authentication • User identification information • Encrypted cookie • Session Identity store • Custom Store • Password encryption/ hashing • Password change policy externalization • Active Directory Integration • Identity Federation Role Based Access Control (RBAC)
© Techcello www.techcello.com Federation servers • Oracle Identity Federation Server • ADFS • Azure Access control service Role Based Access Control (RBAC)
© Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • Use privileges to define roles • Privilege based control for actions • Privilege based access for data • Role mapped to privileges and user mapped to roles • Code demands necessary privileges • Roles should be defined by business users • Configuration based privilege control
© Techcello www.techcello.com OWASP – TOP 10 Threats 2013  A1 Injection  A2 Broken Authentication and Session Management (was formerly A3)  A3 Cross-Site Scripting (XSS) (was formerly A2)  A4 Insecure Direct Object References  A5 Security Misconfiguration (was formerly A6)  A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)  A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)  A8 Cross-Site Request Forgery (CSRF) (was formerly A5)  A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)  A10 Unvalidated Redirects and Forwards
© Techcello www.techcello.com Web application top threats • Man in middle attack • Use secure channel - https • SQL Injection • Use parameterized queries • Malicious script injection and Cross Site Scripting • Validate input if it is a safe HTML • URL escape, Html escape and Javascript escape untrusted data • Cross site request • Challenge-Response such as CAPTCHA • Synchronizer Token • Origin header OWASP – open web application security project
© Techcello www.techcello.com Encryption • Preferred Symmetric compared to asymmetric due to performance • Use Strong Keys • Change Keys Periodically Key storage • Store in Key Vault and store away from encrypted data • Double encryption • Dual key storage Database encryption • Watch for Performance implications • Encrypt only necessary columns Data Security – Data Storage
© Techcello www.techcello.com Data Security – Sample Encryption Decryption Approach
© Techcello www.techcello.com Web Server to Application server • Soap Web Service • WS-Security • message security • transport security -https • client authentication - username, certificate, claims federation • Rest • Https • Custom asymmetric encryption • custom authentication Data Security – Data Transit End user browser to web server • Https • Custom encryption Application to Database • Transport Security
© Techcello www.techcello.com Event Audit • Covers • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Event audit information – subject, target, context, user, datetime • Audit details stored in a separate datastore for better performance • Realtime audit details – audit cache server Security Audit
© Techcello www.techcello.com Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread. Security Audit
How does it work? Cloud Ready, Multi-Tenant Application Development Framework Tenant Provisioning Licensing Metering Billing Data Backup Administrative Modules User Management Role/Privilege Mgmt. Single Sign-on Dynamic Data Scope Auditing Security Modules Business Rules Workflow Dynamic Forms Enterprise Engines Events Notification Templates Integration Modules Query Chart Reports Ad-hoc Builders Code Templates Master Data Mgmt. Forms Generation Productivity Boosters Application Multi-Tenancy & Tenant Data Isolation Custom Fields Custom LoV Settings Template Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters Cello Stack – At a Glance
© Techcello www.techcello.com Contact Details Jothi Rengarajan (jothi.r@techcello.com) James McGovern (james.mcgovern@hp.com) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello- product-demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello- resources-white-papers Thank You

More Related Content

What's hot (14)

PPTX
Introduction to PaaS
Chris Haddad
 
PDF
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale
 
PPTX
Design Strategy for Data Isolation in SaaS Model
Techcello
 
PPTX
Platform as a Service (PaaS)
Halil Burak Cetinkaya
 
PPTX
Migration to Cloud - How difficult is it ? A sample migration scenario
Sachin Agarwal
 
PPTX
Optimize your azure architecture
Asaf Nakash
 
PDF
Introduction to AWS
Suman Debnath
 
PDF
Cloud migration strategies
SogetiLabs
 
PPTX
Cloud Migration
Jolyne Marie
 
PPT
Dssc Intro
Ivan_datasynapse
 
PPTX
Paas
NikunjPansari
 
PPTX
Cloud First: Be Prepared
Alan Eardley
 
PDF
Moving Legacy Apps to Cloud: How to Avoid Risk
CloverDX
 
PPTX
Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis
RISC Networks
 
Introduction to PaaS
Chris Haddad
 
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale
 
Design Strategy for Data Isolation in SaaS Model
Techcello
 
Platform as a Service (PaaS)
Halil Burak Cetinkaya
 
Migration to Cloud - How difficult is it ? A sample migration scenario
Sachin Agarwal
 
Optimize your azure architecture
Asaf Nakash
 
Introduction to AWS
Suman Debnath
 
Cloud migration strategies
SogetiLabs
 
Cloud Migration
Jolyne Marie
 
Dssc Intro
Ivan_datasynapse
 
Paas
NikunjPansari
 
Cloud First: Be Prepared
Alan Eardley
 
Moving Legacy Apps to Cloud: How to Avoid Risk
CloverDX
 
Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis
RISC Networks
 

Viewers also liked (20)

PPTX
Deploying web apis on core clr to docker
Glenn Block
 
PDF
Developing multi tenant applications for the cloud 3rd edition
Steve Xu
 
PPTX
Cloud architecture from the field v1 (in touch)
Tihomir Ignatov
 
PPTX
Docker workflow
Sion Williams
 
PPT
Car Decals
TomasSFailla
 
DOCX
Ficha de videos
Maria Ramirez
 
PPTX
Resharper
Hanokh Aloni
 
PDF
Developer workflow with docker
Lalatendu Mohanty
 
PDF
24 Resharper Tricks Every .Net Developer Should Know
Lee Richardson
 
PPTX
Managing your Hadoop Clusters with Ambari
DataWorks Summit
 
PPTX
AngularJS Compile Process
Eyal Vardi
 
PPTX
ASP.NET Core MVC + Web API with Overview
Shahed Chowdhuri
 
PDF
Get Hip with JHipster - Denver JUG 2015
Matt Raible
 
PPTX
Running Docker in Development & Production (#ndcoslo 2015)
Ben Hall
 
PPTX
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
Elton Stoneman
 
PDF
Deploying JHipster Microservices
Joe Kutner
 
PPTX
ASP.NET Core 1.0 Overview
Shahed Chowdhuri
 
PPTX
ASP.NET Core and Docker
Ian Philpot
 
PPTX
Unicom DevCon - CI/CD for Asp.net core apps using Docker
Swaminathan Vetri
 
PDF
Docker All The Things - ASP.NET 4.x and Windows Server Containers
Anthony Chu
 
Deploying web apis on core clr to docker
Glenn Block
 
Developing multi tenant applications for the cloud 3rd edition
Steve Xu
 
Cloud architecture from the field v1 (in touch)
Tihomir Ignatov
 
Docker workflow
Sion Williams
 
Car Decals
TomasSFailla
 
Ficha de videos
Maria Ramirez
 
Resharper
Hanokh Aloni
 
Developer workflow with docker
Lalatendu Mohanty
 
24 Resharper Tricks Every .Net Developer Should Know
Lee Richardson
 
Managing your Hadoop Clusters with Ambari
DataWorks Summit
 
AngularJS Compile Process
Eyal Vardi
 
ASP.NET Core MVC + Web API with Overview
Shahed Chowdhuri
 
Get Hip with JHipster - Denver JUG 2015
Matt Raible
 
Running Docker in Development & Production (#ndcoslo 2015)
Ben Hall
 
The Velvet Revolution: Modernizing Traditional ASP.NET Apps with Docker
Elton Stoneman
 
Deploying JHipster Microservices
Joe Kutner
 
ASP.NET Core 1.0 Overview
Shahed Chowdhuri
 
ASP.NET Core and Docker
Ian Philpot
 
Unicom DevCon - CI/CD for Asp.net core apps using Docker
Swaminathan Vetri
 
Docker All The Things - ASP.NET 4.x and Windows Server Containers
Anthony Chu
 
Ad

Similar to Building Multi-tenant, Configurable, High Quality Applications on .NET for any Cloud – Demystified (20)

PPTX
Techcello hp-arch workshop
kanimozhin
 
PPTX
Building multi tenant highly secured applications on .net for any cloud - dem...
kanimozhin
 
PPTX
Security architecture best practices for saas applications
kanimozhin
 
PPTX
Security Architecture Best Practices for SaaS Applications
Techcello
 
PDF
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
PDF
How to Harden the Security of Your .NET Website
DNN
 
PDF
Threat Modeling for Web Applications (and other duties as assigned)
Mike Tetreault
 
PPT
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
PPTX
Basc presentation on security and application architecture
wbjwilliams3
 
DOCX
21CSB02T UNIT 1 NOTES. FOR WEB APPLICATION SECURITY VERTICAL COURSES
Rajkumars275092
 
PPTX
Application Security-Understanding The Horizon
Lalit Kale
 
PPTX
Web Security Overview
Noah Jaehnert
 
PDF
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
PPTX
00. introduction to app sec v3
Eoin Keary
 
PDF
OWASP Top Ten in Practice
Security Innovation
 
PPTX
Web Application Security
sudip pudasaini
 
PPTX
Design Practices for a Secure Azure Solution
Michele Leroux Bustamante
 
PDF
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp
 
PPTX
Securing .Net Hosted Services
Brett Nemec
 
PPTX
Demystifying Web Application Security - JSFoo 2018
shyamsesh
 
Techcello hp-arch workshop
kanimozhin
 
Building multi tenant highly secured applications on .net for any cloud - dem...
kanimozhin
 
Security architecture best practices for saas applications
kanimozhin
 
Security Architecture Best Practices for SaaS Applications
Techcello
 
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
How to Harden the Security of Your .NET Website
DNN
 
Threat Modeling for Web Applications (and other duties as assigned)
Mike Tetreault
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
Basc presentation on security and application architecture
wbjwilliams3
 
21CSB02T UNIT 1 NOTES. FOR WEB APPLICATION SECURITY VERTICAL COURSES
Rajkumars275092
 
Application Security-Understanding The Horizon
Lalit Kale
 
Web Security Overview
Noah Jaehnert
 
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
00. introduction to app sec v3
Eoin Keary
 
OWASP Top Ten in Practice
Security Innovation
 
Web Application Security
sudip pudasaini
 
Design Practices for a Secure Azure Solution
Michele Leroux Bustamante
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp
 
Securing .Net Hosted Services
Brett Nemec
 
Demystifying Web Application Security - JSFoo 2018
shyamsesh
 
Ad

More from Techcello (13)

PPTX
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Techcello
 
PDF
Whitepaper - Building a scalable & Profitable Saas Business
Techcello
 
PPTX
10 features to check out in your subscription management solution
Techcello
 
PPT
Engineering and Operational Services for Cloud Providers
Techcello
 
PPTX
Single vs. Multi Tenant Cost Comparison
Techcello
 
PPTX
Benchmark Maturity of your SaaS Solution
Techcello
 
PPTX
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Techcello
 
PPTX
Leveraging azure and cello for multi tenancy
Techcello
 
PPTX
Saas Challenges and Solutions
Techcello
 
PDF
Cello saas scalability architecture
Techcello
 
PDF
Cello Saas Brochure
Techcello
 
PDF
Benefits of cello framework
Techcello
 
PDF
CelloSaaS Getting Started
Techcello
 
Webinar Series Part 2 -Recipe for a Successful SaaS Company - Migrating Sing...
Techcello
 
Whitepaper - Building a scalable & Profitable Saas Business
Techcello
 
10 features to check out in your subscription management solution
Techcello
 
Engineering and Operational Services for Cloud Providers
Techcello
 
Single vs. Multi Tenant Cost Comparison
Techcello
 
Benchmark Maturity of your SaaS Solution
Techcello
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Techcello
 
Leveraging azure and cello for multi tenancy
Techcello
 
Saas Challenges and Solutions
Techcello
 
Cello saas scalability architecture
Techcello
 
Cello Saas Brochure
Techcello
 
Benefits of cello framework
Techcello
 
CelloSaaS Getting Started
Techcello
 

Recently uploaded (20)

PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
Biography of Daniel Podor.pdf
Daniel Podor
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 

Building Multi-tenant, Configurable, High Quality Applications on .NET for any Cloud – Demystified

  • 1. Building Multi-tenant Highly Secured Applications on .NET for any Cloud - Demystified 26-Jun-2013 www.techcello.com (A Division of Asteor Software Inc)
  • 2. © Techcello www.techcello.com Housekeeping Instructions  All phones are set to mute. If you have any questions, please type them in the Chat window located beside the presentation panel.  We have already received several questions from the registrants, which will be answered by the speakers during the Q & A session.  We will continue to collect more questions during the session as we receive and will try to answer them during today’s session.  In case if you do not receive answers to your question today, you will certainly receive answers via email shortly.  Thanks for your participation and enjoy the session!
  • 3. © Techcello www.techcello.com Techcello Introduction  Cloud Ready, SaaS/Multi- Tenant Application Development Framework  Provides end-end SaaS Lifecycle Management Solution  Redefines the way enterprise softwares are built and managed  Saves anywhere between 30- 50% of time and cost
  • 4. © Techcello www.techcello.com Speaker Profiles  14+ years of experience in architecting cloud and SaaS solutions for both ISVs and Enterprises  Chief architect in designing and constructing CelloSaaS framework  Plays consultative role with customers in implementing technical solutions Jothi Rengarajan Senior Technical Architect TechCello James McGovern Chief Architect Hewlett-Packard  One of the top 10 enterprise technologists in the world  Has authored more than 6 books on computing and dozens of published articles  Twenty years experience in developing, managing and deploying large scale technology systems, business processes, and strategies
  • 5. © Techcello www.techcello.com Protection of information. It deals with the prevention and detection of unauthorized actions and ensuring confidentiality, integrity of data.  Tenant data isolation  RBAC – Prevent unauthorized action  Data security  Web related top threats as per OWASP  Security Audit trail Security in Multi-Tenancy
  • 6. © Techcello www.techcello.com Tenant Data Isolation  Database Routing Based On Tenant  Application Layer Auto Tenant Filter  Tenant Based View Filter
  • 7. © Techcello www.techcello.com Authentication • Kinds of authentication tokens and source • Username Password • Multi factor authentication • Claims based Authentication • User identification information • Encrypted cookie • Session Identity store • Custom Store • Password encryption/ hashing • Password change policy externalization • Active Directory Integration • Identity Federation Role Based Access Control (RBAC)
  • 8. © Techcello www.techcello.com Federation servers • Oracle Identity Federation Server • ADFS • Azure Access control service Role Based Access Control (RBAC)
  • 9. © Techcello www.techcello.com Role Based Access Control (RBAC) Authorization • Use privileges to define roles • Privilege based control for actions • Privilege based access for data • Role mapped to privileges and user mapped to roles • Code demands necessary privileges • Roles should be defined by business users • Configuration based privilege control
  • 10. © Techcello www.techcello.com OWASP – TOP 10 Threats 2013  A1 Injection  A2 Broken Authentication and Session Management (was formerly A3)  A3 Cross-Site Scripting (XSS) (was formerly A2)  A4 Insecure Direct Object References  A5 Security Misconfiguration (was formerly A6)  A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)  A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)  A8 Cross-Site Request Forgery (CSRF) (was formerly A5)  A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)  A10 Unvalidated Redirects and Forwards
  • 11. © Techcello www.techcello.com Web application top threats • Man in middle attack • Use secure channel - https • SQL Injection • Use parameterized queries • Malicious script injection and Cross Site Scripting • Validate input if it is a safe HTML • URL escape, Html escape and Javascript escape untrusted data • Cross site request • Challenge-Response such as CAPTCHA • Synchronizer Token • Origin header OWASP – open web application security project
  • 12. © Techcello www.techcello.com Encryption • Preferred Symmetric compared to asymmetric due to performance • Use Strong Keys • Change Keys Periodically Key storage • Store in Key Vault and store away from encrypted data • Double encryption • Dual key storage Database encryption • Watch for Performance implications • Encrypt only necessary columns Data Security – Data Storage
  • 13. © Techcello www.techcello.com Data Security – Sample Encryption Decryption Approach
  • 14. © Techcello www.techcello.com Web Server to Application server • Soap Web Service • WS-Security • message security • transport security -https • client authentication - username, certificate, claims federation • Rest • Https • Custom asymmetric encryption • custom authentication Data Security – Data Transit End user browser to web server • Https • Custom encryption Application to Database • Transport Security
  • 15. © Techcello www.techcello.com Event Audit • Covers • Who does the action? • What action is performed? • What is the context in which the operation is performed? • What time is the action performed? • Event audit information – subject, target, context, user, datetime • Audit details stored in a separate datastore for better performance • Realtime audit details – audit cache server Security Audit
  • 16. © Techcello www.techcello.com Transaction and Change Audit • Transaction Audit • Snapshot: Exact copy of the row stored in history tables • More suitable if requests to access past data are more • More data growth • Change Audit • Only the delta of the state change captured as part of change tables • More suitable when changes need to be reported and past data are not required much • Used more for Security tracking purposes • Easier to implement by using methods available out of the box in RDBMS such as CDC for SQL server • Asynchronous Mode : For better performance and if we wish that audit should not roll back the transactions it is advisable to audit in a asynchronous thread. Security Audit
  • 17. How does it work? Cloud Ready, Multi-Tenant Application Development Framework Tenant Provisioning Licensing Metering Billing Data Backup Administrative Modules User Management Role/Privilege Mgmt. Single Sign-on Dynamic Data Scope Auditing Security Modules Business Rules Workflow Dynamic Forms Enterprise Engines Events Notification Templates Integration Modules Query Chart Reports Ad-hoc Builders Code Templates Master Data Mgmt. Forms Generation Productivity Boosters Application Multi-Tenancy & Tenant Data Isolation Custom Fields Custom LoV Settings Template Themes & Logo Pre & Post Processors Configurability Modules Cello Cloud Adapters Cello Stack – At a Glance
  • 18. © Techcello www.techcello.com Contact Details Jothi Rengarajan ([email protected]) James McGovern ([email protected]) Reference URLs Web : http://www.techcello.com ROI Calculator : http://www.techcello.com/techcello-roi-calculator Demo Videos : http://www.techcello.com/techcello-resources/techcello- product-demo SaaS e-Book: http://www.techcello.com/techcello-resources/techcello- resources-white-papers Thank You