Tip 1: Don't trust, authenticate.

Tip 2: Keep a low profile.

Tip 3: Use misdirection and misinformation beyond reducing information exposure.Tip 4: Forcefully deny bad requests.

Tip 5: Sanitize user requests and inputs

Tip 6: Monitor and test continuously.

Tip 7: Prepare for the worst.

Tip 8: Cross the developer-administrator chasm.

via networkworld

• Design your map for performance
• Cache your map services
• Evaluate the image format that your map cache is built with
• Avoid using Internet Explorer 6 when the Web application contains multiple cached services in PNG24 format
• Use ArcGIS Server Internet connections when possible
• Ensure the Overview Map control uses static mode
• Configure the TOC control to optimize performance
• Remove unnecessary Web controls
• Configure your web services to avoid per-request impersonation
• Use good coding practices
• Avoid unnecessarily large queries

via esri

1: Identify a low-penalty area of the business to serve as your first SaaS project

2: Assess your risk

3: Choose vendors carefully

4: Do a deep dive on your SaaS vendor’s security infrastructure and approach

5: Ask how your vendor handles disaster recovery

6: Get it in writing

7: Get chummy with your vendors

8: Look out for new monitoring tools

9: Consider the help of a security consultant

10: Devise a PR and response strategy

via techrepublic