Software as a Service (SaaS) provides an application and data that can be accessed via a network (usually the internet) using a variety of client devices such as web browsers, and mobile ‘phones. The major benefit of SaaS is the immediate availability of a working solution for a specific business problem with no need for up-front investment. This is particularly valuable for areas such as mature business processes which are essential, well understood and need to be delivered at minimal cost. SaaS provides an opportunity for service vendors to offer the best solution to this kind of problem at the lowest cost.
The risks associated with SaaS include loss of governance, data privacy issues and return of customer data. Mature business processes are often subject to regulations and laws and organizations have invested heavily in IT to ensure compliance. Using SaaS means devolving control to the SaaS provider and it is essential to have independent confirmation that the provider will comply with the regulatory requirements. The SaaS provider also has control of the business data held by the service. Contracts need to specify how this data will be returned in a useable form at termination of contract to allow business continuity and provide flexibility to switch provider.
Choose the right cloud deployment model
Public cloud services are available for anyone to subscribe to and use. The key benefit of a public cloud approach is one of scale; the cloud provider can potentially offer a better service at a lower cost because the scale of their operation means that they can afford the skilled people and state of the art technology. The Public cloud model inherently provides service on demand. The cloud provider can dynamically reallocate resources as they are required. Spreading the service delivery across multiple locations also improves resilience. Local problems with power supplies, telecommunication, natural disasters and so forth can be managed more effectively when there are several data centres in multiple geographies.
The downside of the public cloud is the risks of compliance and data security. For example, data privacy laws in the EU mandate that personal data must be processed within defined guidelines. The cloud service customer, who is the “data controller” is responsible in law, and needs to ensure that these guidelines are adhered to. Large cloud providers have recognized this need and can offer compliant services. Sharing applications and infrastructure with unknown co-tenants can lead to concerns over data security and data leakage. There are standards and best practices for this and it is essential to check that the cloud provider is externally certified as adhering to these.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.