Software As A Service. The correct IT security approach?

Software as a Service (SaaS) refers to the software deployment model in which software applications are managed by a service provider and offered to customers for use through the internet. But questions arise when considering the data security consequences of this system.

In recent years the number of SaaS providers looking to capitalise on the opportunity to service customers has burgeoned unimaginably. They are now reaping the benefits that this software deployment model offers. The Australian market is not impervious to this phenomenon; there are many examples of local providers in Australia, setting up SaaS business models to harness the prospering market possibilities. The International Data Corporation (IDC) estimates the SaaS market will be worth $10.7 Billion by the end of 2009.

SaaS critics have expressed concerns over the issues relating to adoption of stringent information security standards. It has been observed that the security policies adopted by the service providers are not always rigorous or even close to best practice. The potential for lapse of security and loss of client data is thus considered high. Ignoring the need for strong information security standards is definitely not an option for SaaS vendors aiming to thrive in this market. Customers will invariably place emphasis on security when considering whether or not to purchase the service. The fact that information security has to be considered a business issue and not simply as an IT issue has never been more relevant.

Any company intending to set up a successful SaaS service undoubtedly needs to effectively address the information security concerns from planning to implementation and further through the operational stages. Adoption and certification based on an acknowledged international information security standard should be considered as a mandatory requirement by the service providers. As explicit SaaS Security standards are unavailable, ISO 27001 remains one of the most pertinent internationally acclaimed security benchmarks available. The ISO 27001 standard is managed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission.

Last year Salesforce.com became one of the first SaaS service providers to be certified under the ISO 27001 standard. It is unclear how much that certification has helped Salesforce.com acquire new customers, but it would have certainly reinforced their message on the status of their security and their commitment to customers.

However, achieving ISO 27001 certification should not be considered the sole objective. Customers of SaaS service providers will soon start stipulating that their service providers maintain diligent information security standards on a continuous basis.

It is recommended that SaaS providers solicit the services of a professional information security service provider to aid them in obtaining ISO 27001 certification. Furthermore, an independent information security service provider should be engaged to assist with developing a strategy for continuous evaluation, improvement and maintenance of information security. These proactive steps will help to ensure that meticulous security standards are being upheld.

Endorsing strict information security standards will be a crucial point for any SaaS vendor hoping to realise the full potential of their business.

Permanent link to this post: Software As A Service. The correct IT security approach?
From the Hot news and articles blogging weblog


Unique visitors to post: 18

read more:

  1. Software As A Service security. Is IT security compliance the answer?
    Software as a Service, also known as SaaS, has become an IT buzz word in recent years, but the industry is not without its critics. SaaS is a form of software distribution where applications are hosted off site by a third party vendor and available to customers over the internet. The question on the minds [...]...
  2. Is There Really A Free Reverse Telephone Lookup Service?
    At one time or other, some of you may have received nuisance calls but could not know who the caller was and those irritating calls keep coming in and disturbing you. On the other hand, some of you may have a bad relationship with their partners or spouse and suspect that they are cheating on [...]...
  3. How To Replace a Social Security Card
    As you may know, having a social security number is very important. This number is not only used for tax purposes. The social security number is now tied to everything credit related. If you want to apply for a credit card or get a loan, you have to give your social security number. Perhaps once in [...]...
  4. Financial Crisis Affecting Banks’ Security Budget
    LONDON, Dec 10, 2008 /PRNewswire via COMTEX/ — The current economic meltdown has affected sales in the global market for physical security solutions in banking and financial institutions. This is the case especially in North America and Western Europe, due to branch closures and headquarters consolidation. Banks review their security spending every semester and it [...]...
  5. Tips to Get Social Security Disability Benefits
    It’s become common knowledge that, while Social Security Disability benefits can be a life-saver for many people, they can be difficult to qualify for. Some people who are in dire need of assistance avoid filing an application because they’re afraid they won’t be able to fill it out correctly, won’t have the right or enough [...]...
  6. Your mobile phone is too important not to have mobile antivirus software
    Mobile phone antivirus software and mobile phone antispam software have become important and popular features to have on your mobile phone these days. In recent year the viruses which target any type of mobile devices have increased radically and on top of this have become more virulent due to the vast increase in pocket PCs and [...]...
  7. Free Cell Phones: Get One But Avoid Commercial Traps
    Cell phones are becoming very sophisticated with the advancement in the technology. Today the cell phones come with lot of mind-boggling kinds of features on them. Due to the increasing competition between the handset manufacturers and the service providers, lots of freebies are offered to the customers in order to lure them and retain [...]...
  8. Guide to National Security and Foreign Policy – Policy Analysis
    In defining the state policy, national security and foreign policy, the starting point is the national interest. If we take as a reference point that only one state is able to give your business a sense of political security, global and comprehensive objectives and national interests are the basic parameters of its overall activity of [...]...
  9. How to Raise Credit Score – A Simple Approach
    The subject of how to raise credit score is one that comes up frequently. For many, finding a solution may prove to be elusive. For others, the process may turn out to be a lot easier than some imagined it to be. The key is simply finding the most common denominators that cause a lower credit [...]...
  10. Security and Information – A Study by Artur Victoria
    With the argument that society needs to have certain products or services, the government creates a public that is structured to act in a particular industry, such as education, health, safety and welfare. IT presents it as the basic components of data processing and / or information and communication through integrated electronic equipment for that. Thus, [...]...
20 December 2009 in now-how news