Re: [Nsaas] Some thoughts about SAAS

Linda Dunbar <> Thu, 28 August 2014 20:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4BE9F1A0099 for <>; Thu, 28 Aug 2014 13:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vHAI3vd36-oF for <>; Thu, 28 Aug 2014 13:48:25 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DFC4C1A0067 for <>; Thu, 28 Aug 2014 13:48:24 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id BLW71908; Thu, 28 Aug 2014 20:48:21 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 28 Aug 2014 21:48:19 +0100
Received: from ([]) by dfweml702-chm ([]) with mapi id 14.03.0158.001; Thu, 28 Aug 2014 13:48:04 -0700
From: Linda Dunbar <>
To: Hosnieh Rafiee <>, "" <>
Thread-Topic: Some thoughts about SAAS
Thread-Index: Ac/C2aY9o39tM7ggQpS6YIhOHJvDogAJnMqQ
Date: Thu, 28 Aug 2014 20:48:04 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F645DDDC3E@dfweml701-chm>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [Nsaas] Some thoughts about SAAS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Aug 2014 20:48:27 -0000


Are you saying having a way for customers to avoid being monitored by government? 
I can see the potential for customers to be notified when their traffic is actually monitored. But if government wants to monitor someone, can you avoid?


-----Original Message-----
From: Nsaas [] On Behalf Of Hosnieh Rafiee
Sent: Thursday, August 28, 2014 11:04 AM
Subject: [Nsaas] Some thoughts about SAAS


Since security as a service (SAAS) is really a critical role for each customers in different countries and for governments as well, I am thinking about how would be possible to also protect customers from Surveillance agents and monitoring. 

Because if SAAS is offered by a country that its government is known to be a surveillance agent, Is there any particular requirement should be considered in standard architectures to avoid such role? 

If the target customer is a government/or any important company in a country, does it accept to use a SAAS that is located in another country? (fearing of spy)

How to avoid governments to force SAAS vendors/operators to access the detail information about security services so that they can monitor and access customer's data. Are these assumptions only operational issues or it might also impact the standards in this regard?

Nsaas mailing list