The shift in companies moving their data and applications to Software as a Service (SaaS) providers is bitter-sweet. On one hand, there are potential productivity increases and cost reductions to enjoy. On the other hand, there are dreaded security risks and compliance issues.
2021 saw the highest average cost for data breaches in the 17-year history of this IBM report. The price of a breach rose from 3.86 million dollars to 4.24 million dollars. Security needs to be a priority when you’re considering investing in SaaS.
Gone are the days of only large corporations being able to produce software. In fact, with office space shrinking and a rise in remote work, it’s becoming more difficult to judge the credibility of service providers. It’s great that someone can build a multi-million dollar software suite from their bedroom, but signing up to the wrong one might land you with security problems.
So how do you weed out the service providers who could be the cause of your next security breach? A tough question to answer. Let’s face it, it’s hard to rely on trust signals when they’re so easily manipulated. In most instances, you’re likely to realize you’ve made a bad choice when it’s too late.
Ask the Right Questions
If you’re interested in pursuing a company’s services, make security the first thing on your list of questions. If you’re a large organization, your security governance frameworks are likely to do the decision-making. If you don’t have this luxury, you may find yourself asking a few more questions such as:
- Have you had any previous security breaches?
- If and when a security incident arises how quickly will we find out?
- What efforts do they take to keep the service free of bugs and security vulnerabilities?
- Is sensitive data encrypted?
Some companies won’t give too much away but alarm bells sound when the subject is brushed over. If a company opens up about a security breach, don’t lose interest. A company that discusses previous incidents openly may be safer than a vendor who lies about being squeaky clean.
SaaS and Security Policies
Think about how effectively new services fit in with your existing security policies and how easily you can transition. Consider how the new system aligns with how you currently work.
Thinking about how a service would fit in with your existing security policy upfront saves you time and money further down the line. Many businesses wait years before updating their security policies, and in this fast-paced climate, that’s difficult to justify.
If solutions going against your security policy becomes a common theme, it might not be the software provider’s fault. It’s up to you to review your security policy and assess whether it’s built to allow for emerging technologies.
The Covid-19 Effect
Security policies that were created pre Covid-19 were likely to be out of sync with the modern workplace. The pandemic forced remote working on businesses overnight. Organizations that weren’t set up for this were left with a workforce that couldn’t operate. For the companies that were reluctant to incur the cost of providing corporate devices, less secure methods were introduced.
A Bring Your Own Device (BYOD) policy is one that has particular implications, with many security policies unprepared for it. As the name suggests, employees work and access the corporate network from personal devices – a cost-effective strategy for corporations but one that comes with risks.
With the pandemic creating time pressure to return to business as usual, BYOD policies were often rushed at best. Boundaries became blurred, with personal and corporate data easily mixed. Personal devices are sometimes shared between family members and connected to insecure networks. This creates vulnerabilities for organizations and their data.
A Saas for Your Saas
Some are choosing SaaS management platforms (SMPs) to monitor the usage of their applications. This provides an overview of what’s being used and how, which offers welcomed clarity for managing policies and governance. It helps to provide a user map for system administrators who can monitor internal risks, including user permissions and revoking access for staff leaving the organization.
Vigilance is needed before investing in an SMP. Potential data breaches offer architectural overviews to hackers who could use this information to exploit weaknesses in your other systems.
Don’t let the benefits of investing in SaaS cloud your judgment when it comes to weighing up the investment. As appealing as a “cutting-edge” platform that saves you money might sound, it could end up costing more than just money if you don’t take the necessary precautions.