As one does the additional they progress of their profession, they develop knowledge based mostly on their experiences and apply it with future alternatives. When it comes time for me to construct my subsequent SaaS product, one piece of knowledge I intend to use is to host my SaaS Product and Advertising Web site on separate domains. Appears easy sufficient, however why is that this a clever piece of recommendation? As merchandise scale and companies mature, the need to display the integrity of your product turns into extra paramount.
Since Info Safety falls underneath my area as Director of Infrastructure for 4 B2B enterprise SaaS merchandise, I often must work together with exterior stakeholders: Prospects, closing offers (gross sales), auditors, and even insurance coverage suppliers. At the very least as soon as a month, somebody will conduct a due-diligence job on their finish by publicly scanning my domains and confront us with the findings.
Whereas I feel it is necessary to handle vulnerabilities, not all vulnerabilities are the identical:
- Some vulnerabilities are benign as a result of your use case just isn’t relevant
- Some vulnerabilities can’t be reconciled as they have been previous selections which are unable to be modified
- However most significantly, some vulnerabilities create a legal responsibility for buyer information, and others don’t.
In my context, 99% of public probing doesn’t determine vulnerabilities that meet the third level, but it surely’s the one purpose why the suggestions is being given. And since individuals assume they’ve recognized a threat to their information, they’re typically instances unwilling to just accept the easy reply, as a substitute sucking up my time by means of a number of interactions to successfully talk our integrity. If I separate the advertising web site from the precise SaaS product, I am higher positioned to deflect these studies, as I can as a substitute encourage them to rescan the area the place the shopper information is accessible.
So, for my subsequent SaaS product, count on the next:
- Advertising Web site can be hosted with a
- SaaS product will dwell on one other tld like
.io, and so on
Whereas I do not count on a lot of you to have encountered this sort of state of affairs, I would welcome your ideas or experiences when you do have related.