It May Be SaaS-y, But Is It Secure?
Clearly, security should be front and center among vendor selection criteria for SaaS. A vital facet of online services is how vendors keep their data secure and the care they take to ensure it's safeguarded against disaster.
SaaS vendors use a variety of ways to secure their data. Some prefer a collection of disk arrays with encrypted data. Others like the muscle approach, with the data being locked up in a large vault in an isolated and safe location. Here are a few examples of the type of information that you should glean from SaaS vendors during vendor selection:
Iron Mountain’s Digital Record Center for Images, for instance, provides encrypted data transmission, user-access control and secure storage in a data center that's 200 feet below ground.
Backup-and-storage Saas provider Elephant Drive secures data by replicating it among multiple hard disk-based pools of storage. Data replication protection is built into production systems, i.e., all data is available on at least two geographically independent sites.
Online backup service provider AmeriVault, stores customer backups in three places – one each in two separate disk-based systems, and they send the third copy to a business-continuity site more than 1,000 miles away.
Online backup provider DS3 DataVaulting uses EMC Clarion for primary storage and keeps a backup copy on a completely different high-end disk system for ease of recovery. It operates three data centers, including one for replication of customer information.
“Any reputable SaaS vendor should take appropriate measures to secure their servers and be able to thoroughly outline this process for each client,” said Smith.
An excellent tool for achieving SaaS satisfaction is a Service Level Agreement (SLA). An SLA is a contractual obligation for a company to provide a certain level of system reliability. Smith recommends that you don't accept an SLA that's less than 99 percent.
Further, an SLA should include information on what will happen to the client’s data if the contract is terminated. In such a case, you want to be very certain that the information remains your property, and that you are legally protected.
Prince Street Capital Management, for instance, uses backup services (software by Asigra Inc.) delivered by Data Storage Corp. (DSC). This primarily protects the company’s e-mail system. DSC also provides an offsite data storage vault that ensures safe remote storage and rapid recovery of information. An acceptable SLA was an essential part of the deal.
“In our quest to implement an appropriate backup and recovery solution, fast recovery of Microsoft Exchange data was a key determinant in our decision-making process,” said Peter McKown, CFO at Prince Street Capital Management. “With the selection of DSC as our managed backup and recovery services partner, our business requirements are met and service levels are beyond expectations.”
SaaS – In your Future
Worries over SaaS are certainly legitimate. But in many ways, they resemble the arguments about doing business on the Internet from a decade ago. Back then, many small businesses were concerned about guess what – data security, whether they could trust start-ups and whether e-commerce was a viable business model. Ten years later, just about everyone has some kind of online commerce avenue. But it took a few years for the business world to come to terms with this new concept.
Similarly, SaaS must go through the same cycle, earn people’s trust and ultimately become part of the fabric of the workaday world. But for SMBs with small (or no) IT department, SaaS makes sense – provided it's implemented with due care.
And as in the case of Prince Street above, you may have multiple suppliers to deal with. DuBois of IDC points out that there are three components to the question of who to trust in SaaS. Who is the technology supplier? Who is the vendor managing their data? Who is responsible for the data center and the infrastructure?
“In some cases, this can be three different entities, and there are potential risks at each level,” she said. “But in all cases, find out about privacy, encryption, availability, time to restore, SLAs, cost and terms of contract expiration.”
Drew Robb is a Los Angeles-based freelancer specializing in technology and engineering. Originally from Scotland, he graduated with a degree in geology from Glasgow's Strathclyde University. In recent years he has authored hundreds of articles as well as the book, Server Disk Management by CRC Press.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|