SaaS Vendors Get Serious About Cloud Security

Cloud Security

The Security for Business Innovation Council, which consists of IT security professionals from 19 companies around the world, says that many businesses will move mission-critical applications and data to the cloud in 2013, but not without caution. Security, the council says, is the number one obstacle to cloud adoption.*

The report goes on to say that managers responsible for executing on the cloud initiatives may be failing to coordinate adequately with IT security managers in their efforts to meet timelines and stay within budget. Better relationships between business unit managers and security teams will help; however, IT will also need to ensure that cloud service providers offer solutions that comply with their internal security policies.

This heightened skepticism over cloud security is not without justification. Enterprises cringe at stories about users’ files being publicly exposed through cloud platforms, because the vendor lacked the security controls necessary for complete protection. Unfortunately, those rare incidents dampen the fervor around cloud-based service adoption, and companies that could be taking advantage of the benefits of cloud are still using costly on-premise solutions. The truth is, there are risks to computing in the public cloud—but not necessarily any more than in a private cloud environment.

Here are some important attributes to look for when selecting a cloud service provider:

  • SSAE 16 Compliance. A true cloud provider holds annual SSAE 16 audits (formerly SAS 70) to ensure they have the proper controls and processes in place. SSAE 16 is the de-facto industry certification for service providers in the United States, and examines both the design of service provider’s internal controls, as well as the effectiveness of those controls over a long period of time.
  • Application Security. Controls for application security help ensure your data remains fully secure. For example, strong wire encryption using Secure Sockets Layer (SSL) for all the information sent between your computers and the service provider servers, user authentication using strong cyphers such as S-Crypt or enterprise delegated authentication using SAML, password-protected access, auto idle user session timeout, unique non-predictable session ID/Token for access, every database SQL Queries are striped by customer company ID to prevent data contamination, configurable session timeouts to prevent session hijacking and role-based user access capabilities are other important controls to look for in a solution.
  • Network Protection. To protect your data from outside threats, the provider should have several layers of firewalls in place to separate the application network from outside traffic. Anti-virus software should be used to detect and prevent the transmission of data or files that contain certain virus signatures. Moreover, Intrusion detection and preventive solutions (IDS & IPS) in place to discover any network intrusions to steal customer data is also most important to look for.
  • Disaster Recovery. Make sure the provider has detailed disaster recovery procedures to ensure you can always access your data – even if a service location becomes inoperable. Procedures should include identical backup facilities, automatic failover to backup sites, recoverability testing, and regularly scheduled full and incremental system backups.
  • Physical Security. The provider’s data centers should be completely secure and protected with electronic key card and biometric scanning, as well as digital surveillance to track and record all activities. Also, 24×7 monitoring is recommended.
  • Environmental Controls. All hardware should be fully protected with multiple heating, ventilation and air-conditioning (HVAC) units to regulate temperature and humidity.
  • Power. Continuous uptime can be ensured with redundant power supplies that use a combination of uninterrupted power supply (UPS), generators or battery backup.
  • Full Redundancy. The provider should maintain data centers in various locations—the further apart the better. Make sure one of the facilities is dedicated to global disaster recovery.

Indeed, the tide is turning for security in the cloud: Market-leading SaaS vendors such as Replicon have already beefed up controls to meet the requirements of even the most careful enterprises, and others are sure to follow suit. Learn more about Replicon’s secure cloud offering.

*“Information security Shake-Up,” January, 2012
** The top 10 trends in enterprise cloud for 2013,, Matt Marshall, December 27, 2012.

Suresh Kuppahally
Suresh Kuppahally
Suresh is the EVP of Engineering and Ops at Replicon. Replicon provides award-winning products that make it easy to manage your workforce. With complete solution sets for client billing, project costing, and time and attendance management, Replicon enables the capture, administration, and optimization of your most underutilized and important asset: time.
Get started today.
Set up a free trial based on your business needs. Start Free Trial

Webinar Recap: Uncover Huge Profits with Accurate Project Time Tracking

As remote employees become part and parcel of the new normal, most leaders are beginning to realize that they need a better way to manage their projects, people, time and…Read More

Replicon Announces Time Intelligence Platform for Cloud-based Solutions from SAP for the Professional Services Industry

Replicon Time Tracking for Service Organizations Delivers a Single Source of Truth for Time. Redwood City, CA – October 22nd, 2020  – Replicon announced today that its Time Tracking for…Read More

Global Compliance Desk – Maine, United States

New Earned Employee Leave in Maine Governor Janet Mills signed L.D. 369, An Act Authorizing Earned Employee Leave, in May 2019, which will become effective on January 1, 2021. Currently,…Read More

Will AI replace consultants?

The onset of AI and smart machines automating formerly-human jobs has been discussed at length as of late -- often in relation to manufacturing and manual labor jobs. And yet,…Read More

6 steps for fast-tracking profitability in your consulting practice

Advice aimed at entrepreneurs and small businesses tends to be heavily product-oriented, but in reality the majority of US small businesses fall under the “Professional, Scientific, Technical, and Other Services”…Read More

Consulting firms: 4 ways to improve billing & get paid on time

At the end of the day, your consulting firm relies on the assumption that a good percentage of clients will honor their payments promptly and accurately. In the professional services…Read More
  • Cloud
  • In The News
  • Corporate
  • Professional Services Management
  • Project and Program Management
  • Shared Services Management
  • Time and Attendance Management
  • Workforce Management
  • Customer Feature
  • Feature Update
  • Time Intelligence
  • Industry News
  • Webinar Recap
  • Global Compliance Updates