SaaS ( Software as a Service ) Benefits & Security Implications

SaaS ( Software as a Service ) Benefits & Security Implications

As use software-as-a-service grows, more and more small to medium businesses that utilise SaaS in order to remain agile and keep down hardware and maintenance costs, so do their concerns about SaaS security.

So what are the benefits of SaaS and how does Security apply in the cloud and what can be done to mitigate these risks?

First I’ll start with the Benefits of using SaaS

Financial  

The cost of using SaaS can be very attractive when compared to the costs of using hardware and Software in the traditional IT Department. This obviously includes cost of staff and maintenance and the time it takes for hardware and software to be tested in a business environment to ensure projects are viable. But SaaS can quickly spin up a virtual machine with the software required in a test lab and a test can be run to see if it will work in a few short hours rather than days or weeks. This will allow business to use those savings to target specific Security Requirements that they deem to be most important to their business.

Flexibility

The ability for small to medium businesses to use a Virtual test lab or to allow their staff to access business critical documents from anywhere on almost any device can be crucial to their success. This also means these business can allow their staff to work from home or anywhere across the world while keeping a small office or offices where they require them without the need to worry about hardware and staff costs for maintaining such a large infrastructure This can give a business the flexibility to adapt to new business challenges when required without worrying about potentially massive financial losses.

Now the Security Implications of SaaS

Access Management

Access management and the privacy of sensitive information has to be the greatest risk consideration around cloud and hosted services. Things such as …….

·         Where the data is stored?

·         Who else has their Data stored on the same physical server?

·         What physical Security is deployed at the location?

·         How do they Vet their staff?

·         What other Security Measures do they have in place?

·         Where is your Data backed up?

Compliance

ISO 27001 is a comprehensive standard that covers a lot of the operational security aspects but it wasn’t designed with SaaS in mind but at this current time it is the ONLY REAL compliance Standard you should be working with. A few providers will state SAS 70 Audit but this is a voluntary self-imposed audit, it does show they have control over the Data they store, but is insufficient when it comes to SaaS, Currently there is no go to Standard for SaaS but ISO27001 is currently the best starting point until one exists ( Currently Both Google and Amazon are now meeting this Standard and others are working towards it. )

Access and Performance

Since SaaS is internet based your users or clients may not be able to access their data or software if their ISP (internet service provider) has some down time or in a rural area with poor/bad connectivity, even though companies like google can guarantee 99.99% uptime. This may be out of your hands if it does go down. Also depending on what is also running on the server where your information is stored with could lead to the performance being slowed down

Summary

In my opinion SaaS is the way forward and more and more businesses will move over to some sort of SaaS model. it will take longer for larger enterprises, giving new small to medium businesses an edge. With the way the current world economy is, more and more businesses will switch for the financial benefits alone, never mind the flexibility it grants users and clients. The security provided by SaaS is improving constantly and it only a matter of time until a new compliance framework appears to fill any remaining gaps.