Software As a Service – The Correct it Security Approach?
Software as a Service (SaaS) refers to the software deployment model in which software applications are managed by a service provider and offered to customers for use through the internet. But questions arise when considering the data security consequences private protection services London of this system.
In recent years the number of SaaS providers looking to capitalise on the opportunity to service customers has burgeoned unimaginably. They are now reaping the benefits that this software deployment model offers. The Australian market is not impervious to this phenomenon; there are many examples of local providers in Australia, setting up SaaS business models to harness the prospering market possibilities. The International Data Corporation (IDC) estimates the SaaS market will be worth $10.7 Billion by the end of 2009.
SaaS critics have expressed concerns over the issues relating to adoption of stringent IT security standards. It has been observed that the security policies adopted by the service providers are not always rigorous or even close to best practice. The potential for lapse of security and loss of client data is thus considered high. Ignoring the need for strong information security standards is definitely not an option for SaaS vendors aiming to thrive in this market. Customers will invariably place emphasis on security when considering whether or not to purchase the service. The fact that information security has to be considered a business issue and not simply as an IT issue has never been more relevant.
Any company intending to set up a successful SaaS service undoubtedly needs to effectively address the information security concerns from planning to implementation and further through the operational stages. Adoption and certification based on an acknowledged international information security standard should be considered as a mandatory requirement by the service providers. As explicit SaaS Security standards are unavailable, ISO 27001 remains one of the most pertinent internationally acclaimed security benchmarks available. The ISO 27001 standard is managed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission.
Last year Salesforce.com became one of the first SaaS service providers to be certified under the ISO 27001 standard. It is unclear how much that certification has helped Salesforce.com acquire new customers, but it would have certainly reinforced their message on the status of their security and their commitment to customers.
Software as a Service (SaaS) refers to the software deployment model in which software applications are managed by a service provider and offered to customers for use through the internet. But questions arise when considering the data security consequences private protection services London of this system. In recent years the number of SaaS providers looking…