Tackling the Software as a Service Security Hurdle

With security remaining a concern for businesses considering the deployment of Software as a Service based solutions, it is essential to address this potential hurdle head on.

One of the questions we usually hear when discussing Software as a Service (SaaS) with current and potential customers is a necessity for data security. Although the technology available today is both mature and robust, with enhanced security, this hasn’t stemmed the concerns shown by businesses around protecting sensitive customer data – nor should it.

In a recent survey, more than 70% of the respondents cited security concerns as their biggest barrier in deploying Cloud-based strategies within the business. In addition, 45% highlighted concerns about information governance and 42% flagged the ability to meet enterprise standards as the top hurdles for Cloud deployments.

Factors such as security breaches, data centre security and third party data access are also front of mind for many companies considering SaaS. With data protection laws increasing in complexity and importance, businesses need to both understand what is required to ensure data is safe and how this will be achieved.

Security is part of the wider business infrastructure and where data is concerned, should take precedence, without burdening the IT department. With SaaS, the major security and privacy responsibility is shouldered by the vendor and the range of sophisticated solutions available today allow the IT department to address the business specific security requirements ahead of deployment, then resume business as usual.

The rise of multi-global data centres has meant businesses need to be aware that some countries/geographies’ laws prohibit the storage or transfer of data beyond a certain geographical boundary. The European Union and US are very specific about privacy and security of certain types of data – so learn more about US-EU Safe Harbour and EU model clauses and never take it for granted that the data will be stored in the same country.

Four key things to keep in mind when assessing your business’ SaaS security needs are: how is the application hosted, how is the data centre secured, how are users’ interactions monitored with the system and does the provider frequently penetration test both software and infrastructure? These questions can act as a decent base for initial conversations with vendors.

Organisations are right to keep security as a top concern – especially given the rise of data privacy rules and regulations. This said, security shouldn’t act as a burden on the business and the potential of SaaS to increase efficiencies and improve the business far outweigh any initial concern. Being aware of the risks and addressing them head on are best in the long run.