SaaS Vendors Get Serious About Cloud Security

Cloud Security

The Security for Business Innovation Council, which consists of IT security professionals from 19 companies around the world, says that many businesses will move mission-critical applications and data to the cloud in 2013, but not without caution. Security, the council says, is the number one obstacle to cloud adoption.*

The report goes on to say that managers responsible for executing on the cloud initiatives may be failing to coordinate adequately with IT security managers in their efforts to meet timelines and stay within budget. Better relationships between business unit managers and security teams will help; however, IT will also need to ensure that cloud service providers offer solutions that comply with their internal security policies.

This heightened skepticism over cloud security is not without justification. Enterprises cringe at stories about users’ files being publicly exposed through cloud platforms, because the vendor lacked the security controls necessary for complete protection. Unfortunately, those rare incidents dampen the fervor around cloud-based service adoption, and companies that could be taking advantage of the benefits of cloud are still using costly on-premise solutions. The truth is, there are risks to computing in the public cloud—but not necessarily any more than in a private cloud environment.

Here are some important attributes to look for when selecting a cloud service provider:

  • SSAE 16 Compliance. A true cloud provider holds annual SSAE 16 audits (formerly SAS 70) to ensure they have the proper controls and processes in place. SSAE 16 is the de-facto industry certification for service providers in the United States, and examines both the design of service provider’s internal controls, as well as the effectiveness of those controls over a long period of time.
  • Application Security. Controls for application security help ensure your data remains fully secure. For example, strong wire encryption using Secure Sockets Layer (SSL) for all the information sent between your computers and the service provider servers, user authentication using strong cyphers such as S-Crypt or enterprise delegated authentication using SAML, password-protected access, auto idle user session timeout, unique non-predictable session ID/Token for access, every database SQL Queries are striped by customer company ID to prevent data contamination, configurable session timeouts to prevent session hijacking and role-based user access capabilities are other important controls to look for in a solution.
  • Network Protection. To protect your data from outside threats, the provider should have several layers of firewalls in place to separate the application network from outside traffic. Anti-virus software should be used to detect and prevent the transmission of data or files that contain certain virus signatures. Moreover, Intrusion detection and preventive solutions (IDS & IPS) in place to discover any network intrusions to steal customer data is also most important to look for.
  • Disaster Recovery. Make sure the provider has detailed disaster recovery procedures to ensure you can always access your data – even if a service location becomes inoperable. Procedures should include identical backup facilities, automatic failover to backup sites, recoverability testing, and regularly scheduled full and incremental system backups.
  • Physical Security. The provider’s data centers should be completely secure and protected with electronic key card and biometric scanning, as well as digital surveillance to track and record all activities. Also, 24×7 monitoring is recommended.
  • Environmental Controls. All hardware should be fully protected with multiple heating, ventilation and air-conditioning (HVAC) units to regulate temperature and humidity.
  • Power. Continuous uptime can be ensured with redundant power supplies that use a combination of uninterrupted power supply (UPS), generators or battery backup.
  • Full Redundancy. The provider should maintain data centers in various locations—the further apart the better. Make sure one of the facilities is dedicated to global disaster recovery.

Indeed, the tide is turning for security in the cloud: Market-leading SaaS vendors such as Replicon have already beefed up controls to meet the requirements of even the most careful enterprises, and others are sure to follow suit. Learn more about Replicon’s secure cloud offering.

*“Information security Shake-Up,” January, 2012
** The top 10 trends in enterprise cloud for 2013, venturebeat.com, Matt Marshall, December 27, 2012.

Suresh Kuppahally
ABOUT THE AUTHOR
Suresh Kuppahally
Suresh is the EVP of Engineering and Ops at Replicon. Replicon provides award-winning products that make it easy to manage your workforce. With complete solution sets for client billing, project costing, and time and attendance management, Replicon enables the capture, administration, and optimization of your most underutilized and important asset: time.
Get started today.
Set up a free trial based on your business needs. Start Free Trial

Global Compliance Desk – Ireland

New Unpaid Parental Leave Entitlement The Parental Leave Acts allow parents to take parental leave from employment in respect of certain children. Under the Parental Leave Act 1998, parents of…Read More

Global Compliance Desk – Germany

Annual Leave Entitlement During Unpaid Special Leave  An employee who is continuously on unpaid special leave for a calendar year is not entitled to holiday leave in the absence of…Read More

25 Employee Payroll Tips for Small Business Owners

Recruiter | July 05, 2019 By Lakshmi Raj, Co-Founder and Co-CEO, Replicon Payroll can be a challenging task for any small business but with the right tools, it can become…Read More

The 7 must-haves for choosing the right professional services management solution

Not too long ago, if you asked any professional services organization to tell you how they managed client projects, resources and utilization rates, the answer was always the same: spreadsheets.…Read More

Seven critical ways to achieve global project success

There was once a time when managing a project at work was fairly straightforward. Everyone was in the same location, or at most a mere phone call away. You’d set…Read More

Time and Attendance Orientation Guide

In a growing business, the day will eventually come when managing time and attendance on paper becomes both inefficient and risky, especially when trying to balance things like overtime, paid…Read More
  • Cloud
  • In The News
  • Corporate
  • Professional Services Management
  • Project and Program Management
  • Shared Services Management
  • Time and Attendance Management
  • Workforce Management
  • Customer Feature
  • Feature Update
  • Time Intelligence
  • Industry News
  • Webinar Recap
  • Global Compliance Updates
  • Chat with us
    How can we help you?