SaaS Vendors Get Serious About Cloud Security

Cloud Security

The Security for Business Innovation Council, which consists of IT security professionals from 19 companies around the world, says that many businesses will move mission-critical applications and data to the cloud in 2013, but not without caution. Security, the council says, is the number one obstacle to cloud adoption.*

The report goes on to say that managers responsible for executing on the cloud initiatives may be failing to coordinate adequately with IT security managers in their efforts to meet timelines and stay within budget. Better relationships between business unit managers and security teams will help; however, IT will also need to ensure that cloud service providers offer solutions that comply with their internal security policies.

This heightened skepticism over cloud security is not without justification. Enterprises cringe at stories about users’ files being publicly exposed through cloud platforms, because the vendor lacked the security controls necessary for complete protection. Unfortunately, those rare incidents dampen the fervor around cloud-based service adoption, and companies that could be taking advantage of the benefits of cloud are still using costly on-premise solutions. The truth is, there are risks to computing in the public cloud—but not necessarily any more than in a private cloud environment.

Here are some important attributes to look for when selecting a cloud service provider:

  • SSAE 16 Compliance. A true cloud provider holds annual SSAE 16 audits (formerly SAS 70) to ensure they have the proper controls and processes in place. SSAE 16 is the de-facto industry certification for service providers in the United States, and examines both the design of service provider’s internal controls, as well as the effectiveness of those controls over a long period of time.
  • Application Security. Controls for application security help ensure your data remains fully secure. For example, strong wire encryption using Secure Sockets Layer (SSL) for all the information sent between your computers and the service provider servers, user authentication using strong cyphers such as S-Crypt or enterprise delegated authentication using SAML, password-protected access, auto idle user session timeout, unique non-predictable session ID/Token for access, every database SQL Queries are striped by customer company ID to prevent data contamination, configurable session timeouts to prevent session hijacking and role-based user access capabilities are other important controls to look for in a solution.
  • Network Protection. To protect your data from outside threats, the provider should have several layers of firewalls in place to separate the application network from outside traffic. Anti-virus software should be used to detect and prevent the transmission of data or files that contain certain virus signatures. Moreover, Intrusion detection and preventive solutions (IDS & IPS) in place to discover any network intrusions to steal customer data is also most important to look for.
  • Disaster Recovery. Make sure the provider has detailed disaster recovery procedures to ensure you can always access your data – even if a service location becomes inoperable. Procedures should include identical backup facilities, automatic failover to backup sites, recoverability testing, and regularly scheduled full and incremental system backups.
  • Physical Security. The provider’s data centers should be completely secure and protected with electronic key card and biometric scanning, as well as digital surveillance to track and record all activities. Also, 24×7 monitoring is recommended.
  • Environmental Controls. All hardware should be fully protected with multiple heating, ventilation and air-conditioning (HVAC) units to regulate temperature and humidity.
  • Power. Continuous uptime can be ensured with redundant power supplies that use a combination of uninterrupted power supply (UPS), generators or battery backup.
  • Full Redundancy. The provider should maintain data centers in various locations—the further apart the better. Make sure one of the facilities is dedicated to global disaster recovery.

Indeed, the tide is turning for security in the cloud: Market-leading SaaS vendors such as Replicon have already beefed up controls to meet the requirements of even the most careful enterprises, and others are sure to follow suit. Learn more about Replicon’s secure cloud offering.

*“Information security Shake-Up,” January, 2012
** The top 10 trends in enterprise cloud for 2013,, Matt Marshall, December 27, 2012.

Suresh Kuppahally


Suresh Kuppahally

Suresh is the EVP of Engineering and Ops at Replicon. Replicon provides award-winning products that make it easy to manage your workforce. With complete solution sets for client billing, project costing, and time and attendance management, Replicon enables the capture, administration, and optimization of your most underutilized and important asset: time.


Get started today.
Set up a free trial based on your business needs.

Start Free Trial

Global Compliance Desk – Poland

Global Compliance Desk – Poland

In a highly competitive market, service-based businesses need to capitalize on any opportunity to set themselves apart from their (often very similar) competitors. While implementation, system details, and service management… Read More
employee working on laptop

What Is Time Off in Lieu (TOIL)?

The onset of AI and smart machines automating formerly-human jobs has been discussed at length as of late -- often in relation to manufacturing and manual labor jobs. And yet,… Read More

How Time Tracking Can Fuel and Serve as a Catalyst Post M&A

Time magazine labels the millennial generation the “most threatening and exciting generation,” infamous for “narcissism [and] its effect: entitlement.” In the workplace, the perception of the millennial workforce is no… Read More
Demystifying the millennial workforce: 5 tips from Trunk Club’s Andrew Anderson Devine

Demystifying the millennial workforce: 5 tips from Trunk Club’s Andrew Anderson Devine

Time magazine labels the millennial generation the “most threatening and exciting generation,” infamous for “narcissism [and] its effect: entitlement.” In the workplace, the perception of the millennial workforce is no… Read More

Time and Attendance Orientation Guide

In a growing business, the day will eventually come when managing time and attendance on paper becomes both inefficient and risky, especially when trying to balance things like overtime, paid… Read More

Employee time tracking is dead

iBeacons, Bluetooth Low Energy, Proximity sensing and the obsolescence of time tracking as we know it. Businesses have to track the time their employees work for a variety of reasons,… Read More
  • Polaris
  • Time & Project Insights
  • Time & Projects Solutions
  • Replicon Products
  • Replicon Users
  • Enterprise Time Tracking
  • Thought Leadership
  • Cloud
  • Corporate
  • Professional Services Management
  • Shared Services Management
  • Time and Attendance Management
  • Customer Feature
  • Time Intelligence
  • Industry News
  • Global Compliance Updates
  • Others