Implementing SaaS security measures is important to a company's success

September 20, 2012

Software-as-a-Service (SaaS) is known as the most popular segment of cloud computing because it allows users to easily access to software programs and data via a web browser. However, many experts agree that if security measures are not implemented, the thin barriers of the service can possibly lead to data breaches and threats.

Rapid SaaS adoption
SaaS is an environment that holds a company's applications and data used to help run a business. According to Aite Group, many enterprises are expected to increase their SaaS spending, the ABA Banking Journal reported. Fifty-three percent of respondents said that their institution is embracing the model moderately, and 5 percent are aggressively implementing the service, according to the Journal.

A Gartner report, which reaffirms the Aite Group's results, showed that it is the next largest segment of the cloud, following business-process-as-a-service (BPaaS), and IT spending for this cloud type is predicted to reach $14.4 billion in 2012.

Importance of security
Gartner's Guy Creese said at a conference that despite the agile and cost-effective features of SaaS, which have lead to its rapid adoption, many have cited security in the cloud as a problem that needs to be addressed, ZDNet noted. Company owners are urged to communicate with their cloud providers because they are responsible implementing protective measures and managing the platform.

According to CFO's Ron Livingston, because a company does not have control over shields, it is important for an owner to understand if he or she has the ability to negotiate cloud privacy, information security and accessibility in his or her contract. If a document is non-negotiable, companies should consider researching a new provider.

Passwords and encryption are also important for data protection. Expert agree that an organization should not overlook encryption, especially since using SaaS involves sharing a database with others. IT departments should also be trained on controls and procedures in the event of a data breach.

The PwC, CIO and CSO 2013 Global State of Information Security Survey showed that although the majority of respondents have confidence that their cloud service can effectively protect information, some have stopped deploying basic security and privacy tools. Nearly two-thirds of respondents used intrusion detection tools in 2008, but that number has decreased to just over half of respondents.

To ensure the success of a company, IT departments should install security measures to protect employee, company and client information.

-McAfee Cloud Security