Blog

The SaaS Security Conundrum

As SaaS and Cloud Computing mature, a lot of the discussions on cost have turned to concerns oversecurity.  Many people believe that implementing SaaS can save money and free up IT staff for more business critical tasks.  Now security is the biggest concern about moving to SaaS.   
  
1. Is my data is safe? 

2. Will a hacker get to my information? 

3. What if my service provider goes down?
  
These are all legitimate questions and ones that organizations need to ask of their on-premise systems too.


Data Safety

Most businesses believe they have adequate controls on their information when it’s inside the firewall.  They use Microsoft Active Directory, local security or other LDAP systems to control file and system access.  Yet there are daily news stories of insiders stealing documents even with these controls in place.


Hacker Access
Companies are working diligently to keep the bad guys out.  IT implements firewalls, intrusion detection systems, antivirus, anti-malware, DMZs, SSL and countless other measures to ensure that hackers can’t get inside.  Yet we keep hearing about data breaches that get right through all these defenses.  


Service Provider Reliability 
I have had numerous times when the internal email or ERP system went down.  Sometimes it was faulty hardware.  Sometimes the WAN went down.  We even had a situation when someone accidentally unplugged a server rack.  All these things can and will happen in data centers and server rooms.


SaaS Alternative
The advantage of SaaS providers is that they have to create and maintain bullet-proof facilities, since they service so many customers.  As an example, Iron Mountain has an underground data center for their Digital Record Center for Images.  This facility has a Level 4 security rating (the highest), armed guards, maintains redundant power, cooling and computer systems, and can run on backup power for 7 days.  It maintains a mirror site and has 128 bit encrypted communications.  Other SaaS providers, such as Salesforce.com, maintain sophisticated and secure facilities to run their applications.  These providers maintain systems that are more secure and provide greater reliability than most on-premise environments.

All the stories I hear about data breaches and stealing documents are from on-premise environments.  IDC reported that many business don’t even deploy the basic security measures for their internal systems.  A SaaS provider could never get away with that.  I would say the SaaS providers maintain systems that are at least as secure if not more secure than most internal environments.  
  
What is your experience?

  
Photo credit Michael Hilton

Tags
Book a meeting