Software as a service (Saas) is the hottest trend in business infrastructure software for good reasons. There are loads of freedoms afforded by this structure. However, with every new technology comes new risks for early adopters. If you’re considering making the plunge for your business, you should at least first understand some of the new risks that accompany Saas. This article will address some security risks introduced with the SaaS structure.
1. Cloud Identity Management is Lacking
Companies that have existing identity services running behind their firewalls may not find SaaS integration an easy proposition. Compatibility in this regard is a little behind the curve. Some companies are working on this, developing third-party applications that will allow IT departments to extend authentication into the cloud through a single log-on. Ping Identity and Symplified are two examples of this.
This leads to another problem as well. The whole point of moving to SaaS is to reduce complexity. Buying more applications from more vendors only reintroduces the complexities that you’re probably hoping to avoid, not only for your infrastructure but your users as well. Currently, SaaS’s evolution and adoption have outpaced its authentication abilities.
“Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today,” a statement issued by the Cloud Security Alliance said. “While an enterprise may be able to leverage several cloud computing services without a good identity and access management strategy, in the long run extending an organization's identity services into the cloud is a necessary prerequisite for strategic use of on-demand computing services.”
2. Industry Secrecy
While vendors for cloud software naturally argue that their systems are far more secure than traditional infrastructures, they are disquietingly secretive about their security procedures. When questioned about this, the common response is that this is – oddly enough – done to protect the security of their systems. This may sound innocent enough, but several analysts claim this is a bad sign.
Specifically, analysts from the Burton Group have challenged Amazon’s Chief Technical Officer (CTO) with not being forthcoming enough about the company’s security practices, stating that when customers don’t know enough, they should assume the worst. Microsoft, on the other hand, has done a reasonable job of proving their security according to the analysts.
3. Open Access Increases Convenience but also Risk
Software as a service capitalizes on all the platforms now offering internet connectivity. With a distributed platform, workers or clients can access their accounts from cell phones, netbooks, or home computers. This freedom is a great utilization of current technology, but of course opens up any system to some risks that didn’t previously exist.
“Because of the nature of SaaS, it's accessible anywhere," Symantec Senior Vice President Rowan Trollope said. "If I decide to put my e-mail on Gmail, an employee could log in from a coffee shop on an unsecured computer. It's one of the benefits of software-as-a-service, but it's also one of the downsides. That endpoint isn't necessarily secure. The data is no longer within your walls in the physical sense and in the virtual sense.”
There are a few measures one can take to mitigate this exposure. IT departments can restrict what IPs can access the system, and employees can be educated about what sorts of access are secure and which should be avoided.
By CRM Software Blog Editors, Find a local Microsoft Dynamics CRM expert
