Blog / Purchase-to-pay
SaaS Security – From treacherous to trusted
Security was once a primary concern for businesses looking to adopt cloud-based services, but their trust has grown steadily. Indeed, according to the latest cloud security report by McAfee, 93% of organisations now use cloud services. This is a far cry from 2014, when an Inquirer survey cited that 83% of readers distrusted cloud security.
Contrary to initial fears about cloud security, many have now placed their trust in SaaS and cloud storage services, with 74% of organisations now choosing to store sensitive data in the cloud. This may be because cloud vendors are more able to invest in superior security, backup and maintenance systems than many small businesses or companies could do on their own.
Many organisations, particularly small to medium sized businesses, are finding that SaaS can help to improve overall security. Your SaaS provider will manage the application in an infrastructure that is continuously monitored and protected. They will be responsible for security and vulnerability testing, secure deployment and threat protection during runtime. Still, organisations are right to be security conscious.
A team effort:
While SaaS providers are responsible for application and infrastructure security, overall security is a combined effort. Access management, identity management and privileged identity management is the responsibility of the SaaS user. This means that the customer is responsible for ensuring that logins are kept secure, that access passwords are adequately protected, and that good practice is enforced such as ensuring login details are never written down.
Many SaaS applications are compatible with password managers and two-factor authentication services. Security on the user’s end can be further increased by ensuring that the application is only accessed via a secure connection (such as a VPN) rather than unsecure public wifi, and by ensuring that web browsers used to access the application have no known security issues and are kept up to date.
Security that suits you:
Measures that suit one organisation’s setup and protocols may not suit another, as this will vary according to operational and procedural differences. Thankfully, there’s a great deal of flexibility to be had with SaaS, and providers often offer different options to suit different business models and needs. Work with your cloud provider to ensure that your SaaS application suits your organisation’s needs, from its existing infrastructure to its internal security requirements.
With trust and adoption of cloud-based services increasing, Palette has introduced PaletteOnline to help customers to enjoy all the advantages of both P2P automation and the SaaS model – including enhanced security. PaletteOnline offers better security, continuous upgrades and maintenance, consistent and stable performance, and the potential for remote access among many other benefits.
Read about Palette’s new SaaS application, PaletteOnline.