Security

Nothing Is Too Sensitive for SaaS

Print
Check out this page on Dell.com! Email
Rate
1 out of 5
2 out of 5
3 out of 5
4 out of 5
5 out of 5

By: Julie Pitta (10/25/2010)

Who’s afraid of the Big Bad Hacker? Many of us are, according to recent studies — and for good reason. Lost or stolen data cost companies an average of $7 million last year according to one widely quoted figure, mostly due to customer turnover. And should important financial data be lost, companies may be forced to pay harsh fines for violating federal securities laws. So why should any company trust their data, particularly sensitive financial and accounting data, to a third party? It may just be that a solid Software as a Service (SaaS) provider will do a better job of protecting those assets than your own IT department. Consider the evidence: hackers accounted for less than a quarter of the data lost or stolen last year, according to widely quoted recent survey. It turns out employees accounted for the greatest percentage of incidents, including breaches involving email, social networks and mobile computing devices. Although third parties are said to be responsible for 42 percent of data breaches, to date not a single major incident involving a SaaS provider has been reported. Have enterprises just been lucky? I think it’s more likely that reputable SaaS providers do a superior job of safekeeping data because they have to. If they don’t, they’re out of business. Still, there’s no reason to enter into this relationship lightly, especially when it comes to financial and accounting applications. Mitigate your level of risk by asking tough questions to a prospective SaaS provider. If you receive satisfactory responses, take the next step of securing those assurances in writing. Any SaaS provider worth doing business with should be able to give detailed answers to these five questions: What are the data access controls? The best SaaS providers use advanced, multilayered defensive systems to block unauthorized users. Do you use Secure Sockets Layer (SSL) for any data transmitted between the host and user? SaaS data is transmitted through the public internet. By using SSL encryption that data, should it be intercepted, is rendered useless. Are the provider’s data centers physically safe? Are they in flood zones, on a fault line, in an area susceptible to hurricanes? If so, there should be backup facilities so that service remains undisrupted and data remains intact. Have the data centers passed a SAS-70 tier 4 compliance test? This is the most rigorous test for systems performance in the industry. Has the SaaS provider passed muster with outside auditors? The provider should be able to show compliance certificates from independent third parties for its security practices. Finally, every enterprise should ask itself an important question. Given the cost savings and the potential to better safeguard sensitive data such as financial and accounting applications, can any organization afford not to hire a reputable SaaS provider?

Who’s afraid of the Big Bad Hacker? Many of us are, according to recent studies — and for good reason. Lost or stolen data cost companies an average of $7 million last year according to one widely quoted figure, mostly due to customer turnover.

And should important financial data be lost, companies may be forced to pay harsh fines for violating federal securities laws.

So why should any company trust their data, particularly sensitive financial and accounting data, to a third party? It may just be that a solid Software as a Service (SaaS) provider will do a better job of protecting those assets than your own IT department.

Consider the evidence: hackers accounted for less than a quarter of the data lost or stolen last year, according to widely quoted recent survey. It turns out employees accounted for the greatest percentage of incidents, including breaches involving email, social networks and mobile computing devices. Although third parties are said to be responsible for 42 percent of data breaches, to date not a single major incident involving a SaaS provider has been reported.

Have enterprises just been lucky? I think it’s more likely that reputable SaaS providers do a superior job of safekeeping data because they have to. If they don’t, they’re out of business.

Still, there’s no reason to enter into this relationship lightly, especially when it comes to financial and accounting applications. Mitigate your level of risk by asking tough questions to a prospective SaaS provider. If you receive satisfactory responses, take the next step of securing those assurances in writing.

Any SaaS provider worth doing business with should be able to give detailed answers to these five questions:

What are the data access controls? The best SaaS providers use advanced, multilayered defensive systems to block unauthorized users.
Do you use Secure Sockets Layer (SSL) for any data transmitted between the host and user? SaaS data is transmitted through the public internet. By using SSL encryption that data, should it be intercepted, is rendered useless.
Are the provider’s data centers physically safe? Are they in flood zones, on a fault line, in an area susceptible to hurricanes? If so, there should be backup facilities so that service remains undisrupted and data remains intact.
Have the data centers passed a SAS-70 tier 4 compliance test? This is the most rigorous test for systems performance in the industry.
Has the SaaS provider passed muster with outside auditors? The provider should be able to show compliance certificates from independent third parties for its security practices.

Finally, every enterprise should ask itself an important question. Given the cost savings and the potential to better safeguard sensitive data such as financial and accounting applications, can any organization afford not to hire a reputable SaaS provider?