SaaS Security: 5 Ways to Keep Sensitive Data Secure

by Leave a Comment

shutterstock_132157016A majority of organizations–60% according to technology news site SiliconANGLE–are adopting a cloud-based model for business processes. Many of these businesses have joined the movement because Software-as-a-Service (SaaS) offers benefits to both small businesses and large. However, while most SaaS vendors have good security and compliance, businesses should always be aware of how their sensitive data is being kept safe.

To secure data in the cloud:

  • Carefully choose a vendor
  • Implement an access policy
  • Avoid sending sensitive data to the cloud
  • Employ standard security measures
  • Audit security controls

Choosing a SaaS Vendor

Good security starts with the vendor, your partner in protecting data.

When considering the right vendor, choose one who offers security features like password protection, user controls, and data encryption. Understand the vendor’s process, where your data is stored, how it’s backed up, and the process for data recovery. A reputable vendor will also be happy to provide a list of references to show that they’re reliable and committed to security.

Implement Access Policies

Put an access policy in place that limits who can access sensitive data and from which machines. Some businesses may find data easier to secure by allowing employees to access company resources only from their work computer rather than a personal device that may not be as up-to-date with antivirus software.

Don’t Send Sensitive Data

If data is important and very sensitive, it should be kept off the cloud completely, no matter how secure the SaaS model. One of the many benefits of cloud-based computing is integration that allows access to many functions from one access point. However, it isn’t necessary for all data to be available via the cloud. Store sensitive data locally for better security.

Employ Standard Security Measures At A Minimum

Keeping data secure is not only the job of the SaaS vendor and the IT department. Users of the system are also responsible. Employees should know how to create a strong password and help keep their machines up-to-date with antivirus software. A secure password recovery protocol will also help keep the system secure, especially for businesses with a mobile workforce.

Auditing

Finally, businesses should ensure that their security measures are regularly audited. While many SaaS vendors will use a third party to audit, businesses should also have an internal team or their own third party focused on regular audits.

In the past, companies shied away from cloud solutions for fear of data security. That risk has been greatly minimized today, allowing the benefits of cloud computing and SaaS to outweigh the risks. Still, cautious organizations can reduce risk even further using the tips above to keep data secure.

Avoid Common Hazards When Purchasing Business Systems

by Leave a Comment

shutterstock_294833330For some time now, experts have indicated that spending on enterprise software will explode in 2015. Keys to survival for businesses will include employing prudence amidst all that spending and investing in business systems that will help them maintain a competitive edge.

Here are five suggestions proven to help avoid some common hazards associated with enterprise software purchases.

 

Employ a single, integrated solution

With an integrated solution, real-time visibility is guaranteed; accurate representations of data across departments and for key decision-makers will enhance effectiveness as well as the ability to plan ahead. This is not possible with incompatible systems, which invariably give rise to increased costs and diminished efficiency.

Look to the future

There’s a lot at stake here, yet this no-brainer is still routinely ignored in many businesses. Since one of the things at stake is money, it should be standard operating procedure to give IT vendors the third degree regarding upgradeability.

This truly is a case of caveat emptor, the onus is actually on the buyer to anticipate the future and ask the right questions. There are some vendors who take a “Well, they didn’t ask about upgradeability!” attitude when problems arise.

Continue education

Too often, companies do not investigate offerings thoroughly enough. There is a tendency to succumb to brand recognition and commit to a solution that is well-known, but substandard in that it will not address the challenges at hand. Some settle for the “good,” which is the enemy of the “best,” due to pressure from management or time constraints.

With all of the competition in the business systems market, the ideal solution is out there. It might not show up in the next five minutes, but rest assured that the short-term effort will be worth avoiding the long-term pain.

Innovate

Familiarity can prevent a company from decommissioning that outdated legacy business management system in favor of a modernized IT infrastructure. Increasing data demands are apparent, as is that gnawing certainty that the old system will indeed implode sooner or later.

The stakes are high–too high for that kind of loyalty to digital media.

Customize with care and caution

Most cloud-based vendors offer solutions for business systems that can be widely customized, but they don’t know what’s too much or too little for your company. Too much can result in a new system so radically customized that internal IT will be hesitant to make any modifications or upgrade for fear of irrevocably corrupting vital components.

The right application should automatically upgrade to new versions. Due diligence is key; companies must do their homework before investing.

Given the speed of business and high-tech development in general, markets are increasingly unforgiving to companies unable to adapt to the streamlined, cloud-based paradigm. In order to wisely invest in new systems, companies must be meticulous with vendors, ask the right questions, and do sufficient product research.

Configuration Management: A Lifeline for IT Security?

by Leave a Comment

shutterstock_199360082It’s amazing how cloud computing has come to take over a growing number of critical tasks normally handled by IT departments. Unfortunately, it’s not so amazing to IT security workers, who are in great danger of being left in the dust. For computer security professionals, cloud computing could be the one thing that puts them out of a job.

There’s still hope however. IT security professionals may have to live with some of the ongoing changes presented by the cloud, but they can remain in control by reevaluating how their organization uses its technology.

 

A Savior in Configuration Management

Configuration management could be the very thing that saves IT security personnel. The need to keep employer data safe is something that is understood by cloud providers, but the overall practice still leaves plenty to be desired in a variety of areas.

Whereas cloud providers take a somewhat distanced approach to security, configuration management means taking a more hands-on approach, namely by keeping tabs on the software and hardware used throughout the organization. IT security professionals are also tasked with monitoring application use on each employee’s computer.

At first glance, configuration management seems like a hard pill to swallow due to the deep level of understanding required of the enterprise’s operations, choices in technology procurement, and personnel.

On the outset, it seems much easier to let cloud providers take the reins when it comes to security issues. However, this leaves the door open to data breaches and other security setbacks that could prove time-consuming and expensive to resolve.

Proving Worth

As with any sort of change, the hardest part is stating an effective and compelling business case for configuration management. That means demonstrating to business executives how effective it can be when compared to putting cloud providers in the driver’s seat.

For starters, a move towards configuration management can help enterprises better manage their vulnerabilities and prevent catastrophic oversights and mistakes from happening. One such example involves understanding software choices and usage habits among employees. This can help IT security professionals pin-point and flag activities that are out of the ordinary.

Showcasing the potential cost savings offered by configuration management can also help drive the point home and garner interest from top management. For instance, mentioning the potential costs of cleaning up malware on computers left exposed by a lack of a configuration management plan can help bring the benefits into focus.

In the end, configuration management means that IT security personnel can maintain a non-trivial level of control over their infrastructure and perhaps even reduce overhead costs in the process.