For small businesses, software-as-a-service (SaaS) is making enterprise-class software more attainable for small businesses ‑‑ since you don’t need staff to deploy, manage and support it. SaaS, sometimes called on-demand, is exciting because it levels the playing field and gives your small business advanced automation without the prohibitive costs and hassle.
Still, there’s plenty of chatter out there about security and other risks involved in moving your applications offsite and accessible through the Web.
“The risk differs by the service you are looking at, but the main thing is that you’re offloading data to a third party so you have to do a lot of due diligence,” said Gary Chen, principal with IT analyst firm McChen Research in Boston. “If you’re buying a piece of storage on the Web you don’t know anything about the data center behind it,” he explains by example. “How big is it, who is running it, and what is its security and disaster recovery plan?”
Further complicating the matter is that in the cloud you sometimes (and often likely) deal with more than one provider. The technology supplier might be different than the provider that stores and backs up your data, for instance.
Beyond security and reliability, there are other issues: your company has to deal with the fact that its data is now dispersed. Josh Greenbaum of analyst firm Enterprise Applications Consulting in Berkeley, Calif., offers a for instance:
Your sales and marketing manager may struggle with how to maintain a central customer database, when some of that data is stored and managed separately offsite with an online provider. If you hope to do some in-depth customer analytics someday, this issue of data segregation might be a problem.
But let’s take a reality check: for a small business, online software today offers more benefits than it does risks.
“On-demand providers are usually held to higher standards for uptime and security than on-premise applications,” said Rebecca Wetteman, vice president of Research with IT advisory firm, Nucleus Research. “For small businesses, they are actually getting a higher level of security [than they could do on their own] anyway.”
Adds Laurie McCabe, vice president of small business insights for New York-based AMI-partners: “Any big provider is going to have fully redundant systems to backup data, but they’re also physically redundant, with multiple data centers.”
Even with those assurances, it’s still wise to take every precaution when entering into relationships with on-demand software providers. Here’s how:
1. Vendor Security and Reliability Record
When entering into SaaS engagements, reliability and security should be top criteria for selection ‑‑ perhaps on par or higher with features and functionality of the application. Chen suggests a checklist of sorts for key security measures at the vendor’s site, covering:
- how and where the provider uses data encryption (for instance, do they encrypt backups too?)
- what’s the quality of the data center’s network defenses;
- how does the provider handle authentication and secure connections
- does the provider use data loss protection (DLP) technology?
- Ask about multi-tenancy, since you’ll probably be sharing server space and computing resources with other businesses.
“Some providers are more secure than others when it comes to separating customer data, ” Chen explained, regarding multi-tenancy. You may want to request that the vendor dedicates virtual machines just for your data, if you are in doubt, he suggested.