saas 安全_数字资产安全即服务saas和外包安全的利弊

saas 安全

Let’s play out a scenario: you’re a mid-size organization (or larger) dealing with cryptocurrency and blockchain keys — and you must keep them secure.

让我们来说明一个场景：您是一家处理加密货币和区块链密钥的中型组织(或更大型)，并且必须确保它们的安全。

Your organization has decided not to develop its digital asset security infrastructure internally. (Perhaps after reading our last blog post on internally built or “DIY” security systems ). The next natural option? Security-as-a-Service (SaaS) vendors to handle the security aspect for you.

您的组织已决定不内部开发其数字资产安全基础结构。 (也许在阅读了有关内部构建或“ DIY”安全系统的上一篇博客文章之后)。 下一个自然选择？ 安全即服务(SaaS)供应商为您处理安全方面。

Will SaaS be up to the task? In this article, we’ll explore the pros and cons, benefits and tradeoffs of choosing SaaS for protecting digital assets.

SaaS是否可以胜任这项任务？ 在本文中，我们将探讨选择SaaS保护数字资产的利弊，优缺点。

安全数字资产领域中的SaaS是什么？ (What’s SaaS in the secure digital asset space?)

Whereas a DIY digital asset security system usually involves deploying and managing an amalgam of hardware-based security to protect digital asset keys, “cold” storage and multi-sig technology, SaaS provides businesses with an easy-to-manage, outsourced alternative for their security needs.

DIY数字资产安全系统通常涉及部署和管理基于硬件的安全混合物，以保护数字资产密钥，“冷”存储和多重签名技术，而SaaS为企业提供了易于管理的外包替代方案。安全需求。

SaaS services for digital assets often include the SaaS vendor handling the following:

用于数字资产的SaaS服务通常包括处理以下内容的SaaS供应商：

- Handle the organization’s key protection

-处理组织的关键保护

- Secure all transactions

-保护所有交易

- Publish transactions to the blockchains of the ledgers which they support (more on that below).

-将交易发布到它们支持的分类账的区块链中(更多内容见下文)。

From a practical standpoint, here are the pros and cons of such a system:

从实际的角度来看，这是这种系统的利弊：

· Service performance and resilience

· 服务性能和弹性

o SaaS vendors typically invest in building robust and high-performance infrastructure, and on a day-to-day operations level, help organizations by offloading administration and maintenance overhead.

o SaaS供应商通常会投资于构建强大的高性能基础架构，并在日常运营级别上通过减轻管理和维护开销来帮助组织。

o However, the risks involved with outsourcing critical systems apply to security as well. Organizations are vulnerable to losses and reputation damage caused by service outages; the SaaS client is only as operational as the service itself, and has limited control during periods of maintenance, outages, etc.

o但是，外包关键系统所涉及的风险也适用于安全性。 组织容易遭受服务中断造成的损失和名誉损失 ; SaaS客户端仅与服务本身一样可操作，并且在维护，中断等期间的控制范围有限。

o In addition, organizations are limited to the backup and resilience capabilities provided by the SaaS vendor.

o此外， 组织仅限于SaaS供应商提供的备份和弹性功能 。

· Service flexibility — SaaS clients are limited to the operations, core features, ledger support, and service options provided by the vendor. If a client wishes to expand to new service types, or add support for new or custom blockchain ledgers/assets to their existing services, for example, they are limited by the flexibility (and setup time) of the SaaS vendor.

· 服务灵活性 -SaaS客户端仅限于供应商提供的操作，核心功能，分类帐支持和服务选项。 例如，如果客户希望扩展到新的服务类型，或将对新的或自定义的区块链分类帐/资产的支持添加到其现有服务中，则它们会受到SaaS供应商的灵活性(和设置时间)的限制。

· Security validation/controlling risk — SaaS vendors typically invest in security, benefitting organizations who don’t have the same level of expertise and resources in-house. Still, SaaS clients must rely on their vendors’ security implementation and thus have limited ability to control or address security risk. Breaches leave clients vulnerable.

· 安全验证/控制风险 -SaaS供应商通常在安全方面进行投资，从而使内部没有相同专业知识和资源的组织受益。 尽管如此，SaaS客户仍必须依赖其供应商的安全实施，因此控制或解决安全风险的能力有限。 违反行为会使客户容易受到伤害。

结论 (Conclusion)

SaaS may be a viable option for organizations with a certain size or growth capability. But for companies who consider digital assets a strategic part of their offering, service flexibility and risk control aspects are critical to consider, as over time they can have huge business impact. Here are the critical questions we recommend exchanges, custodial services, trading platforms, and other cryptocurrency service providers ask while evaluating their options:

对于具有一定规模或增长能力的组织，SaaS可能是可行的选择。 但是对于将数字资产视为其产品战略性部分的公司而言，必须考虑服务灵活性和风险控制方面的问题，因为随着时间的推移，它们会产生巨大的业务影响。 以下是我们建议交易所，托管服务，交易平台和其他加密货币服务提供商在评估其选择权时提出的关键问题：

· What happens if you have a new requirement that the SaaS vendor does not support?

·如果您有SaaS供应商不支持的新要求，该怎么办？

· Will outsourcing your operations inhibit your organization’s ability to grow and expand?

·将您的运营外包会抑制组织的成长和扩展能力吗？

· What are your reasons for deciding to outsource security services? If your SaaS vendor’s services go down so your customers can’t transact, will your SLA with the service provider cover your losses?

·您决定外包安全服务的原因是什么？ 如果您的SaaS供应商的服务出现故障，导致客户无法进行交易，那么您与服务提供商签订的SLA是否可以弥补您的损失？

Answers to these questions are not one-size-fits-all. Still muddling over the possibilities? Stay tuned for our upcoming conclusion to this series about how a self-managed security platform developed by a security vendor can fill some of those gaps.

这些问题的答案并非一刀切。 还在为各种可能性困惑吗？ 请继续关注我们对本系列的即将结束的结论，即有关安全供应商开发的自我管理的安全平台如何填补其中的一些空白。

翻译自: https://medium.com/block-to-basics/digital-asset-security-as-a-service-saas-and-the-pros-cons-of-outsourcing-security-63c58eae97d

saas 安全