< Back to Blog

7 SaaS Security Best Practices You Can Implement Today

Security outline

To make sure your software is 100% secure, install it on a machine in a locked room that cannot be physically accessed by anyone or anything and has no connection to a network. Your software will be of no use to anyone, but it will be 100% secure. Software design is all about trade-offs, designing for security is no different. You will need to trade money and/or usability for every addition you make to support security in your system.

Here are seven SaaS security best practices that won’t drive your users crazy and at the same time won’t break the bank while curbing SaaS security risks:

Use a Robust Hosting Service (AWS, Azure, etc.) and Make Full Use of the Security they Offer

The large Cloud providers have spent countless millions of dollars on security research and development and made it available to the world. Leverage the infrastructure and the best SaaS cyber security practices that they have made available and focus your energy on the core problem(s) your software solves.

a. API Gateway Services

b. Security Monitoring Services

c. Encryption Services

SaaS Application Security — Limit Attack Surface and Vectors

a. Software/Hardware – For example, do not define endpoints in your public API for admin related tasks. If the endpoint doesn’t exist there is nothing to secure (that’s as simple as it gets when it comes to SaaS endpoint protection)!

b. People – Limit the access people have to sensitive data. If necessary, for a person to access sensitive data, log all actions taken and if possible, make it necessary to have more than one person involved in accessing the data.

SaaS Security Checklist — Don’t Store Sensitive Data

a. Only capture data you absolutely need. For example, if you never use a person’s national ID number (e.g. SSN) don’t ask for it)

b. Offload the sensitive data storing to a 3rd party. Square is a perfect example of this. Square will store all the credit card billing information for you. Your system is never in possession of the credit card number so you don’t have to worry about protecting it.

Encrypt all Customer Data — Embrace the Best SaaS Security Solutions

Code log

a. Data at Rest: When data is stored either as a file or data in a database it is considered “at rest”. Almost every data storage service can store the data you give it encrypted and then decrypt it when you ask for it. SQL Server, as an example, allows you to turn on a setting to encrypt the data it stores with their Transparent Data Encryption (TDE) feature.

b. Data in Flight: When data is read from storage and sent outside of the currently running process it is referred to as “in-flight”. Sending data over any networking protocol be it FTP, TCP, HTTP is data that is “in-flight”. Network sniffers (if attached to your network) can read this data and if it is not encrypted can be stolen. Employing SSL/TLS for HTTP is a common example.

Log All Access and Changes to Sensitive Data — Adopt a Robust SaaS Security Architecture

There’s no guarantee that your system’s security won’t be breached. It is more of a question of “when” than “if”. For this reason, it is important to log all changes and access to sensitive data and changes to user permissions and login attempts. When something does go wrong you have an audit log that can be used to solve how the breach occurred and know what needs to change to stop any further similar security breaches.

Implement Two-factor Authentication

Two people sitting at a table in front of laptops

Social engineering is by far the most successful way to breach any system. Make social engineering hacks more difficult by requiring users to have a second way to authenticate with your system. Implement a system that requires two of the following three types of information:

Sending a code to a user’s phone or email is a very easy way to implement two-factor authentication. To balance the added security with the need for usability, give your customers the option of choosing if they would like to use the phone or email and an option for how long the code is valid for the device being used.

Use a Key Vault Service

Vault in a bank

Key Vaults allow secrets to be accessed only by applications that have been given access to the Key Vault, removing the need for a person to handle the secrets. Store all secrets to access databases/datastores, encrypt data, electronically sign files, etc. in a Key Vault. Cloud platforms such as AWS and Azure offer highly effective and configurable Key Vault services.

For added security use a separate key vault for every Customer. For advanced security allow your customers to bring their key.

Here at Windward, we give the highest importance to security right from the inception stage of our products to its usage and integration in multiple environments by our customers. Read more about data security when using Windward Solutions.

Tags Start & End

Tags Can Start & End Anywhere

Appendix B

.NET code for multi-page image output

Appendix A

Java code for multi-page image output

Data Bin Search

The Data Bin can now be searched to find a table, column, node or other piece of data without scrolling through it all.

Shrink to Fit

This will shrink the contents of a cell until it fits the defined cell size.

Time Zone Conversion

A new Windward macro has been added to help with converting dates and times from UTC time to the local time zone.

Image Output Format

New image output formats added.

PostScript Output Format

PostScript, commonly used with printers and printing companies, has been added as an additional output format.

New and Improved Datasets (Designer, Java Engine, .NET Engine)

Datasets have been re-written from scratch to be more powerful and easier to use.

Stored Procedure Wizard (Designer)

This works for all tag types that are connected to a SQL-based data source (Microsoft SQL Server, Oracle, MySQL, or DB2).

Boolean Conditional Wizard (Designer)

Before, conditional statements could only be written manually. Now they can also be built using our intuitive Wizard interface.

Reorganized Ribbon

The ribbon menus have been re-organized and consolidated to improve the report design workflow.

XPath 2.0 as Data Source

Adds various capabilities such as inequalities,descending sort, joins, and other functions.

SQL Select Debugger

SQL Select  Debugger

  • The look and feel was improved
  • Stored Procedure Wizard
  • Improved Exceptions pane

Tag Editor/Tag Selector

Added a Query tab as a field for typing or pasting in a select statement

  • Color Coding of Keywords
  • TypeAhead
  • Evaluate is now "Preview"

Rename a Datasource

All tags using that Data source will be automatically updated with that name.

Connecting to a Data Source

New single interface to replace 2 separate dialog boxes

Tag Tree

Displays of all the tags in the template, structured as they are placed in the template. This provides a simple & intuitive way to see the structure of your template. Also provides the capability to go to any tag and/or see the properties of any tag.

Added Javelin into the RESTful Engine

Support for Google Application Engine Integration

The ability to integrate the Windward Engine into Google’s cloud computing platform for developing and hosting web applications dubbed Google Applications Engine (GAE).

Additional Refinement for HTML Output

  • Improved indentation for ordered and unordered lists
  • Better handling of template header and footer images
  • Better handling for background images and colors

Redesigned PDF Output Support

This new  integration will allow for processing of complex scripts and bi-directional  text such as Arabic.  Your PDF output  will be much tighter and more closely match your template, and we’ll be able  to respond rapidly to PDF requests and fixes.

PowerPoint Support

Includes support for new ForEach and slide break handling, table header row repeat across slide breaks, and native Microsoft support for charts and images.

Tags are Color Coded

Tags are color coded in the template by type, making it easy to visually identify them.

Increased Performance

Version 13’s core code has been reworked and optimized to offer a reduced memory footprint, faster PDF generation and full documentation of supported features and limitations in the specifications for DOCX, XLSX and PPTX.

Advanced Image Properties

Documents can include advanced Word image properties such as shadows, borders, and styles.

Improved HTML Output

Windward has updated HTML output to reflect changing HTML standards.

Version 13 New Data Sources

Windward now works with a slew of new datasources: MongoDB, JSON, Cassandra, OData, Salesforce.com

Generate Code

The Generate Code tool in the designer allows you to open an existing template and, with a click of a button, automatically create a window with the code needed to run your current template with all data sources and variables. Simply copy this code and paste into your application's code in the appropriate place. You now have Windward integrated into your application.

You only need to do this once. You do not do this for each template. Instead, where it has explicit files for the template and output, change that to parameters you pass to this code. Same for the parameters passed to Windward. This example uses explicit values to show you what to substitute in where.

Pivot Tables Adjusted in Output

Any pivot tables in an XLSX template are carried over to the XLSX output. The ranges in the pivot ranges are adjusted to match the generated output. So your final XLSX will have pivot tables set as expected in the generated file.

This makes creating an XLSX workbook with pivot tables trivial.

Imported Template Can be Set to Match the Parent Styles

In an imported sub-template, if its properties for a style (ex. Normal) differ from the parent template's properties for the style, the use in the sub-template can be set to either use the properties in the sub-template, or the properties in the parent.

You set to retain when you don't want the child template's styling to change when imported. You set to use the parent when you want the styling of the imported template to match the styling in the parent.

Any explicit styling is always retained. This only impacts styling set by styles.

Tags can be Placed in Text Boxes

Tags can be placed in text boxes. Including linked text boxes. This gives you the ability to set the text in a textbox from your data.

Tags can be Placed in Shapes & Smart Art

Tags can be placed in shapes & smart art. This gives you the ability to set the text in a shape from your data.

HTML Output Supports Embedded Images

When generating HTML output, the engine can either write bitmaps as distinct files the generate HTML references, or it can embed the images in the HTML providing a single file for the output.

Footnotes & Endnotes can Have Tags

You can place tags in pretty much any part of a template, including in footnotes & endnotes.

Document Locking Supported in DOCX & XLSX

Any parts of a DOCX or XLSX (PowerPoint does not support this) file that are locked in the template, will be locked the same in the output.

Specify Font Substitution

If a font used in the template does not exist on the server generating a report, the font to substitute can be specified.
In addition, if a glyph to be rendered does not exist in the font specified, you can specify the replacement font. This can be set distinctly for European, Bi-Directional, and Far East fonts.

Process Multiple Datasources Simultaneously

If you need this - it's essential. And if you don't need it, it's irrelevant.

Windward enables you to build a document by applying multiple datasources to the template simultaneously. When Windward is merging the data into a template, it processes the template by handling each tag in order, and each tag pulls from different datasources. (As opposed to processing all of one datasource, then processing the next.)

This allows the select tag to use data from another datasource in its select. For example, if you are pulling customer information from one data source, you can then pull data from the sales datasource using the customer ID of the customer presently processing to pull the sales information for that customer. If you're interested in patching together your data from multiple datasources, read this post on our blog.

David Thielen

President/CEO at Windward Studios

From his early years as a Senior Developer at Microsoft, to legendary designer of the popular Enemy Nations strategy game, to reporting and document generation guru, Dave has never lost his passion for building superb software and teams.

Written by:_
David Thielen
President/CEO at Windward Studios
Windward © 2020 All Rights Reserved.


Got questions about reporting and document generation? We've got answers—let's connect!
Send a note
messaging, phone, or email contact optionsclose out button