No longer do companies need to sacrifice security for the benefits of the cloud. The consumerization of IT is now possible because cloud security has surpassed most mid market corporate standards. When choosing your best of breed SaaS vendor, use this checklist to guide your decision in the right direction.
⃤ 1. Check the Service Level Agreement (SLA) - Make sure that the SaaS vendor SLA guarantees their product will have an uptime of at least 99%, if not better. You want to know that the services your company is paying for will be available for your use at a moment’s notice. Also be aware of maintenance windows.
⃤ 2. Verify that your SaaS vendor has the appropriate certifications - Two examples of security measures are SAS-70 Type II (currently being superseded by SSAE 16) and ISO 27001 certification. Another is PCI compliance if your organization is dealing with eCommerce. These standards are often maintained by the best of breed SaaS companies. These certifications demonstrate a company’s credibility to the outside world.
⃤ 4. Ensure the granularity of Access Control Levels (ACL) - You want to make sure that the right people in your company are granted access to the correct information and have permission to perform the operations they may need to on any given object. It is equally important to be able to ensure that people cannot access information that they shouldn’t be viewing. Make sure that the SaaS products you choose have ACL controls that support your business requirements.
⃤ 5. Validate Data Encryption Options - If business and data privacy needs dictate, make sure your data is encrypted at rest and in transit. Make sure that you have as a default, or at a minimum, a configuration option that allows you to encrypt or obfuscate at rest. Alternatively, make sure your data can be encrypted during transit using via https, SSL, TLS or other similar protocols.
⃤ 6. Disaster Recovery and Business Continuity - Verify that your SaaS provider has at least 2 data centers with automatic failover capability. Validate that there is close to real time data synchronization between the data centers and that there are automatic failover procedures in place should a data center become unaccessible. Make sure your business is comfortable with the SaaS vendors’ business continuity plans.
⃤ 7. Authentication Options - To be able to use a common login and authentication scheme across all your SaaS applications, verify that their applications support OpenID authentication, OAuth or SAML authorization. Otherwise, make sure those applications can be provisioned via synchronization with Active Directory or LDAP repositories. Having one of these types of options and using that option as part of your cloud strategy allows your business to simplify the life of the average user by automatically authenticating them or at a minimum have 1 user name and password that they have to remember for all their applications.
⃤ 8. Open API’s - These API’s are also great for building auditing and usability applications. This way, you can see exactly how the applications are being used and be able to give your staff a feedback loop on the best ways to encourage engagement with the application. An even larger benefit to leveraging SaaS vendors’ Open API’s is for your team to ‘stitch’ or ‘bake’ best of breed SaaS applications together to form an enterprise class type system at a fraction of the cost.
⃤ 9. Go BIG or go HOME - For the foundational component of your cloud strategy it is best to go big with major SaaS vendors such as Google, Salesforce, Workday and NetSuite. These enterprises employ dozens, if not 100’s of double PHD security engineers that have the expertise to secure their applications. This type of expertise is beyond mid-market companies. For niche, best of breed SaaS players in areas such as workforce management, help desk, CRM and HR applications, follow the above criteria and take into account your business requirements - flexibility may be more important than matching every point above with these niche solutions.
⃤ 10. Find a Trusted Partner - It’s equally important to work with a solution provider that specializes in the chosen products and solutions. They can help you navigate the waters while looking out for your business’s best interests.
Because the above security measures have been vetted by your company, you can now rest more sound and allow more relevant business issues to keep you up at night!
If you would you like to read more about working the way you live, take a look at another article we enjoyed: The world is ready for the consumer-grade enterprise.
Do you want to learn more about security and how to transform your company to work the way you live?