Is SaaS safe?
Modern businesses rely heavily on both data and IT resources. Companies collect sensitive customer and employee data all of the time, the loss of which can result in legal penalties hefty enough to close any business down.
Similarly, many companies are deeply dependent on their IT resources – their website, network, and integrated software – losing access to which can harm a business almost as severely.
Digital security is, therefore, a significant concern for businesses today. Despite the considerable benefits of moving software and data resources off-premises onto Cloud servers and SaaS providers, security concerns hold many companies back.
So, is SaaS safe?
Sadly, history tells us that the pioneers of Cloud services, such as Amazon, Microsoft and Yahoo, don’t have a great track record when it comes to security.
The first highly publicised breach occurred in 2010 when hackers accessed the personal details of Microsoft’s own employees. This was enough to raise safety questions even in the infancy of software development.
In 2012, Dropbox confessed to losing 68 million user accounts that were traded on the Dark Web for crytocurrency. The same year, LinkedIn lost 6 million user passwords.
In 2016, LinkedIn lost another 167 million email accounts and 93 million voter registrations were stolen from Mexico’s National Electoral Institute. A foreign hosted Amazon cloud server was to blame. Amazon was humiliated again in 2017 when databases were penetrated exposing 198 million US Republican voters and several million WWE fans, mostly children.
Why the Cloud is still safer
Most of those breaches were traced to poor configuration by particular network engineers or by the clients themselves. Since then, SaaS and data storage providers have become more proactive in promoting elementary precautions such as encryption and traffic monitoring.
However, the real question is whether Cloud data is safer than local data. While the mistakes of giant companies such as Amazon are widely reported, in-house incidents are relatively ignored but far more common.
Figures from the Ponemon Institute, in its 2017 SMB Cybersecurity Report, show that more than half a million American businesses suffer a serious cyberattack incident each year. About 60% of businesses on both sides of the Atlantic suffer an attempted attack of one kind or another every year.
Despite that, a survey by Manta in November 2017 suggests that 82% of small business owners still believe they are safe even though many lack a firewall, antivirus software, spam filters or data-encryption.
These figures suggest that no business, no matter how big or small, is safe from the attention of hackers.
How to choose a SaaS partner
Most SaaS providers are full-time security experts. Hosting and hosting security is the very essence of their business.
Small and medium-sized companies simply can’t afford the talent, time or resources to defend themselves from the growing threat of hacks. While outsourcing your payroll is an option, outsourcing security is rapidly becoming a necessity.
Even so, some SaaS providers are more helpful than others. A trustworthy SaaS partner does more than just install security patches; they should also do the following;
- Advise you about data encryption
- Update you regularly on emerging threats
- Identify and send alerts about suspicious activity
- Encourage you to develop an incident-response strategy
- Advise you about securing your connections to the Cloud servers (data in transition)
Always be sure that you have a clear understanding with your SaaS provider as to which responsibilities are whose. If they are not forthcoming with comprehensive help and advice, they are not the partner you need.
Securing your own business
A responsibility that must remain with your business is access permissions. Whether your data and software are on a single machine, a local network, or in the Cloud, if you don’t have control over who accesses it, you don’t have any control at all.
For example, are your employee’s login details entered automatically by their home laptop? Will they successfully recognise a phishing attack if someone pretends to be you? Could they inadvertently install a trojan from an email?
Once your data and software resources are centralised in the Cloud, it is much easier to control and monitor who accesses it. Viruses cannot leap from your office computers into your Cloud databases and ransomware cannot corrupt Cloud backups.
Even though your own in-house data officer still has responsibility for protecting your data, they no longer have to worry about the environment in which that data exists. That closes a lot of the high-tech loopholes that are the hardest to keep up with. That leaves your IT team with more time to help design and market your product, instead of being tied up by house-keeping.
Oracle predicts that 80% of all enterprises will move their workloads onto the Cloud by 2025. If this article has quieted your concerns around the safety of SaaS, check out our guide on SaaS subscription management to discover the right stack for your business.