How To Tell If a SaaS Provider Is Handling Sensitive Data Co

1.  BLOGS >> How To Tell If a SaaS Provider Is Handling Sensitive Data Correctly How To Tell If a SaaS Provider Is Handling Sensitive Data Correctly 06 Jul '2019 Md Mohsin Ansari As companies show more and more interest in So?ware-as-a-Service (SaaS) so do their concerns about the risks associated with storing their sensitive data on poorly secured SaaS “cloud” servers.   The results of a 2012 Capgemini repo? showed the top concern for businesses considering a move to the cloud was the possibility of a data breach. Companies are rightly concerned about such breaches, in the backdrop of a ?urry of repo?s of data breaches in recent times.   Data is an impo?ant strategic asset for any business, and its breach can be devastating. This means any SaaS provider wo?h consideration should centralize its e?o?s into maintaining high security and privacy standards for its clients’ data.   In this a?icle, I’ll share what to look out for when considering how a SaaS provider will handle your precious data.   I’ll also cover the risks associated with storing your data with a poorly secured SaaS product.   Along the way, I’ll explain how to ensure that you’re making the right choices when it comes to selecting the SaaS provider to who you’ll be trusting your sensitive data.   What are the Risks?   While using a SaaS provider will undoubtedly o?er you several advantages, such as less upkeep on your pa?, lower overall costs, and making things easier on your IT depa?ment and your users, there are several risks involved in migrating to SaaS.   Data Access Risks

2. Data Access Risks   When you use a So?ware-as-a-Service provider, you are handing over your valuable data and other information to a third-pa?y. If your data ends up in the wrong hands, especially your competition, it could be disastrous.   Stability   Security and stability are signi?cant factors to consider when deciding on a SaaS provider. In a continually growing market like that SaaS is experiencing you can expect to encounter providers that may have di?culty in keeping up with the growing demand. This could be a signi?cant problem if the provider you select goes out of business down the road.   If your provider does shut down, you could be faced with issues such as data recovery, the po?ability of your data, and additional costs of ?nding a new provider. That equals a lot of time and your business money going down the drain.   Security of Your Data   While a SaaS provider can easily discuss encryption protocols, 256-bit security, and more, it may leave the customer a bit confused. Logically, you know your data is being kept safe. But, just how safe is it?   In addition to how your data is protected while it’s being transmi?ed and stored, what about disaster recovery? What happens in case of a power outage or a natural disaster? Is your precious data recoverable? How long will it take to get back up and running?   There will also be ongoing concerns on how well a provider will keep up with modern security standards. You’ll need to make sure the provider responds promptly when security holes are discovered, and updates to their security protection are required.   Loss of Direct Control Over Your Data   While using a SaaS provider’s servers means you don’t have to spend time and employee resources to con?gure, set up, manage, maintain and upgrade so?ware, you do lose total and absolute control over your data.   If something happens and you lose data, you won’t have any direct access to ?nd out what went wrong. Instead, you’ll be forced to contact your service provider, then wait for their answer on what went wrong and for them to tell you what can be done about it.   The Location of Your Data   Your SaaS may not disclose to you the locations of their data centers. This could cause issues for you down the line. Federal Information Security Management Act (FISMA) regulations state customers must store sensitive data within the borders of the U.S. This could lead to instances where you might not have access to your data if you’re outside the country.   Lack of Transparency   SaaS providers can ce?ainly be less than transparent about how they handle the security of their customers’ data. This lack of transparency can cause mistrust between the provider and its customers.   There are providers that will argue, and perhaps rightly so, that this lack of transparency on how they run their server operations helps protect the security of their customers.   However, there needs to be found as a happy medium between secrecy and data transparency. In this case, you do indeed want to know how the sausage is made!

3.   What to Consider     Security     When using a So?ware-as-a-Service provider keep in mind that all of your data will be residing on your service provider’s servers. Always take a close look at what type of safeguards a SaaS provider has in place to protect your company’s data.   Real World Security   Site Security   Real world security might not be the ?rst thing that comes to mind when considering SaaS and cloud storage. However, if you’re using SaaS, your data is si?ing on someone else’s hard drives. Those hard drives exist in a physical location, and that location should be kept secured from access by unauthorized personnel.   When a company is using its own servers, they consider things such as how their server farm is secured, which personnel has both physical and network access to the servers, and more.   Considering the security protection for SaaS should be no di?erent. Always quiz any potential provider on how whether they own their servers, where they’re located, what type of physical security protects access to their server farms, and who has physical access to the farms.   Disaster Recovery   Disaster management is also an impo?ant consideration when considering a SaaS provider. What types of disaster recovery plan does the provider have in place in case of ?re, ea?hquake, or tsunami? (Hey, it could happen!)   Any provider wo?h consideration should have a solid disaster recovery plan in place. They should have a disaster recovery site set up in a location geographically separated from their primary location, and they should pe?orm disaster recovery testing on a regular basis. They should also be able to provide an informed estimate of how long it will take to get things up and running again when disaster does strike.   Backup and Recovery Guarantees   Make sure you understand how the SaaS vendor you’re considering approaches backups and recovery of your data. Make sure the agreement speci?es the vendor is required to restore your data in case of disaster.   Impo?ant factors to consider in this depa?ment are the amount of time an application might experience and what kind of potential data loss might take place. You should always have some type of compensation coming your way if your vendor doesn’t meet your reasonable expectations.   Vi?ual Security   Once you’re satis?ed the servers holding your data are physically protected, it’s time to determine how well your data is protected from vi?ual access by malicious pa?ies.   What type of access do you have to your data? Who else has access to your data? How well is your access protected against a Denial of Service A?ack?   User Access

4. User Access   Would it be possible for unauthorized users to gain access to your data via the vendor’s website? (In other words, does the vendor o?er a login gateway on their website or is access pe?ormed strictly through a protected po?al?   A website gateway isn’t necessarily a weak spot. However, it can be used as an impo?ant piece of any spoo?ng a?ack that might be conducted against a SaaS provider. (Some readers may remember the 2014 email spoo?ng incident that involved Salesforce. This is an excellent example of how a login gateway on a website can cause trouble.)   What type of authentication does the SaaS provider use to authenticate your users’ logins? Do they o?er two-factor authentication (2FA)? Is the 2FA pe?ormed via an authentication app on a mobile device, is a link or code sent via email or text? Or does the provider supply SecurID key fobs?   Check to make sure you can con?gure SaaS logins to come through a po?al, like your company’s enterprise po?al. Po?als that are accessed via a VPN are a security plus. (A VPN is always a plus when it comes to security.)   Data Encryption   You’ve made sure access to your data is secure. Now, what about the security of the data itself? Always make sure your data is protected by encryption, both while it’s being transmi?ed and while it’s stored on the provider’s hard drive.   Data should be encrypted using a strong algorithm, such as o?ered by AES-256. Also, make sure your backups are encrypted for extra protection.   Find a provider that is open about their security and encryption procedures. Sure, they can’t spill all the beans on how things are secured, but they should be able to supply enough information to put your mind at ease. Microso?, for example, has done a top-notch job of being transparent about their security measures.   Data Ownership   While SaaS buyers may logically expect that they own their data, there have been cases where the companies have been in for a big surprise when they terminated their relationship with their provider.   Make sure all contracts clearly specify what, if any fees are connected with ge?ing back your data at the end of a contract. Also make sure it is clear that in addition to all of your data, you also retain ownership of any proprietary code and customizations you may have put in place during the agreement’s run comes with you at the end of the day.   Data Usage Analysis   Many SaaS vendors keep track of their users’ data (anonymously) across multiple clients. This allows the vendors to determine their research and development roadmaps and enables them to benchmark areas such as application usage, sales pipeline metrics, customer service wait times, and much more.   While this is a reasonable way to do business, customers should be provided with information about the data being captured by the provider, plus any possible bene?ts the customer might gain from the gleaning of their information.   Uptime and Pe?ormance   Be sure your SaaS service contract details expectations for application uptime. While a provider may make some o?-hand guarantee of “99.5% uptime”, make sure the provider can supply documentation of previous uptime pe?ormance. Push for a pe?ormance guarantee.  

5. By the way, a 99.5% uptime guarantee means you might reasonably expect to not have access to your data for almost two days out of the year. It doesn’t sound so great when you put it that way, does it?   Suppo?   One bene?t of So?ware-as-a-Service is that companies can move some of their help desk and suppo? burden over to the SaaS provider. While this includes the traditional suppo? calls and bug ?xes duo, SaaS vendors should also o?er additional suppo? services such as password resets and other system health-related checks.   Always make sure the vendor speci?es what types of suppo? you can expect, (such as text, email, phone suppo?, or online chat), and which users will have access to the suppo?. (Management, base users, supervisors. etc.)   In Closing   While So?ware-as-a-Service is an excellent option for many businesses, there are pi?alls along the way that must be dealt with. The security of your company’s data is of utmost impo?ance, and any concerns you have must be dealt with before agreeing to any contract with a SaaS provider.   Make sure all of your concerns are addressed before signing on the do?ed line. Pay close a?ention to every security-related consideration, treating each concern with the utmost care. By doing so, you feel upbeat as your valuable data is in a safe haven! SAAS PROVIDERS SAAS DATA SECURITY DATA HANDLING Team Collaboration like never before Give enough space to your business to grow. Make it accessible anytime anywhere. Sign Up FOLLOW US     Recent Blogs 10 Best Free Gan? Cha? 10 Best Free Gan? Cha? So?ware In 2019 So?ware In 2019 What Is The Pe?ect Skype For What Is The Pe?ect Skype For