Share

SaaS Vendors Get Serious About Cloud Security

Published : Wednesday, January 23, 2013 by Suresh Kuppahally
Cloud
Cloud Security

The Security for Business Innovation Council, which consists of IT security professionals from 19 companies around the world, says that many businesses will move mission-critical applications and data to the cloud in 2013, but not without caution. Security, the council says, is the number one obstacle to cloud adoption.*

The report goes on to say that managers responsible for executing on the cloud initiatives may be failing to coordinate adequately with IT security managers in their efforts to meet timelines and stay within budget. Better relationships between business unit managers and security teams will help; however, IT will also need to ensure that cloud service providers offer solutions that comply with their internal security policies.

This heightened skepticism over cloud security is not without justification. Enterprises cringe at stories about users’ files being publicly exposed through cloud platforms, because the vendor lacked the security controls necessary for complete protection. Unfortunately, those rare incidents dampen the fervor around cloud-based service adoption, and companies that could be taking advantage of the benefits of cloud are still using costly on-premise solutions. The truth is, there are risks to computing in the public cloud—but not necessarily any more than in a private cloud environment.

Here are some important attributes to look for when selecting a cloud service provider:

  • SSAE 16 Compliance. A true cloud provider holds annual SSAE 16 audits (formerly SAS 70) to ensure they have the proper controls and processes in place. SSAE 16 is the de-facto industry certification for service providers in the United States, and examines both the design of service provider’s internal controls, as well as the effectiveness of those controls over a long period of time.
  • Application Security. Controls for application security help ensure your data remains fully secure. For example, strong wire encryption using Secure Sockets Layer (SSL) for all the information sent between your computers and the service provider servers, user authentication using strong cyphers such as S-Crypt or enterprise delegated authentication using SAML, password-protected access, auto idle user session timeout, unique non-predictable session ID/Token for access, every database SQL Queries are striped by customer company ID to prevent data contamination, configurable session timeouts to prevent session hijacking and role-based user access capabilities are other important controls to look for in a solution.
  • Network Protection. To protect your data from outside threats, the provider should have several layers of firewalls in place to separate the application network from outside traffic. Anti-virus software should be used to detect and prevent the transmission of data or files that contain certain virus signatures. Moreover, Intrusion detection and preventive solutions (IDS & IPS) in place to discover any network intrusions to steal customer data is also most important to look for.
  • Disaster Recovery. Make sure the provider has detailed disaster recovery procedures to ensure you can always access your data – even if a service location becomes inoperable. Procedures should include identical backup facilities, automatic failover to backup sites, recoverability testing, and regularly scheduled full and incremental system backups.
  • Physical Security. The provider’s data centers should be completely secure and protected with electronic key card and biometric scanning, as well as digital surveillance to track and record all activities. Also, 24×7 monitoring is recommended.
  • Environmental Controls. All hardware should be fully protected with multiple heating, ventilation and air-conditioning (HVAC) units to regulate temperature and humidity.
  • Power. Continuous uptime can be ensured with redundant power supplies that use a combination of uninterrupted power supply (UPS), generators or battery backup.
  • Full Redundancy. The provider should maintain data centers in various locations—the further apart the better. Make sure one of the facilities is dedicated to global disaster recovery.

Indeed, the tide is turning for security in the cloud: Market-leading SaaS vendors such as Replicon have already beefed up controls to meet the requirements of even the most careful enterprises, and others are sure to follow suit. Learn more about Replicon’s secure cloud offering.

*“Information security Shake-Up,” January, 2012
** The top 10 trends in enterprise cloud for 2013, venturebeat.com, Matt Marshall, December 27, 2012.

Suresh Kuppahally
ABOUT THE AUTHOR
Suresh Kuppahally
Suresh is the EVP of Engineering and Ops at Replicon. Replicon provides award-winning products that make it easy to manage your workforce. With complete solution sets for client billing, project costing, and time and attendance management, Replicon enables the capture, administration, and optimization of your most underutilized and important asset: time.
<< Back to Blog Home
Get started today.
Set up a free trial based on your business needs. Start Free Trial
  • Recent Articles
  • Popular Posts
  • Categories

Want Real Solutions That Help You Manage Expense Tracking in Real-Time? We’ve Got Them.

A comprehensive expense tracker can provide your organization with clear insights into how corporate time and dollars are being spent and help you identify unnecessary costs, strains, time-wasting activities, and…Read More

Project Leaders: Here Are 3 Signs Your Remote Project Managers Are Overwhelmed with Technology

Overwhelmed project managers. They are not hard to find. And if you look closely, you’ll probably find a few right within your organization. As it is, project management is stressful…Read More

5 Questions to Ask When Evaluating and Purchasing New Time Tracking Software for Your Enterprise

Time. Regardless of how well your organization performs year over year, time is one thing that you can’t order more of. There are no do-overs, no second chances, and no…Read More

Demystifying the millennial workforce: 5 tips from Trunk Club’s Andrew Anderson Devine

Time magazine labels the millennial generation the “most threatening and exciting generation,” infamous for “narcissism [and] its effect: entitlement.” In the workplace, the perception of the millennial workforce is no…Read More

Exempt vs non-exempt workers: simplify employee classification

In the United States, most jobs are governed by the Fair Labor Standards Act (FLSA), which classifies workers into two broad categories: exempt and non-exempt. Under the FLSA, non-exempt employees are…Read More

The 7 must-haves for choosing the right professional services management solution

Not too long ago, if you asked any professional services organization to tell you how they managed client projects, resources and utilization rates, the answer was always the same: spreadsheets.…Read More
  • Polaris
  • Time & Project Insights
  • Time & Projects Solutions
  • Replicon Products
  • Replicon Users
  • Cloud
  • Corporate
  • Professional Services Management
  • Shared Services Management
  • Time and Attendance Management
  • Customer Feature
  • Time Intelligence
  • Industry News
  • Global Compliance Updates

    • Related Posts

    Q&A with Troy Grissom, CIO at Total Quality Systems, Inc.

    For government contractor Total Quality Systems, Inc.

    Read More

    Three DevOps trends to look out for in 2016

    As we start to wrap up this year, we’ve been looking at the major business and technology trends we see …

    Read More

    Cloud-Based Software Provider, Replicon, Unifies Phone, Conferencing, and Contact Center Capabilities across Five International Offices with 8×8 Cloud Communications Services

    SAN JOSE, Calif.–(BUSINESS WIRE)–December 18, 2013– 8×8, Inc.

    Read More