Popular Pages

Reliable Reports using Quick Incidents
Facilities management: Not just any old job
Standards and practice. ITIL, the next generation - a leap forward
Down under ITIL
The history of TOPdesk

Editors choice

Reliance helps improve safety of NHS lone workers
In Practice: Process Awareness
The New World of Work
Web Form or Phone Call?

Recent comments

i like your awesome information aft
If you are really interested in fac
Whether we appreciate it or not, pe
lhbcfsg
knbtxjdw

SaaS Security: Criteria for Selecting a Provider

SaaS – Software as a Service – is a growing offshoot in the world of web applications. This form of service, in which software is, in a sense, leased out, means that clients do not only entrust their application to external parties, but also their data. It is therefore necessary to choose a supplier that is trustworthy and reliable. How, then, do you make an informed decision when selecting a SaaS provider?


In order to develop a clear picture of a provider and to make a well-considered choice, we have divided the criteria into three categories: the integrity of the provider, the security of the data and the availability of the service as guaranteed by the provider.

Crucial business data belong in trustworthy hands. In any case, these data should not end up just anywhere. Not only does the method of handling sensitive information need to be taken into consideration, but also the continuity of the SaaS service. The continuity is determined by the future outlook of the provider. SaaS software is not something you purchase for just a couple of months; you need a business partner that will not go bankrupt in a year’s time. General information can provide indications of a provider’s integrity. Aspects to consider include the experience a provider has in the SaaS arena and its client portfolio – preferably one with clients similar to your own organization. Financial information, such as a provider’s annual returns and its predicted growth as a business can also be of help.

Besides a provider’s integrity, the security measures that a provider follows must also be investigated. The SaaS provider must clarify, in detail, its security strategy to protect data from unauthorized persons as well as in the event of natural disasters. However, the information about these measures must not be publicly accessible, for example, on the internet, in order to prevent it from being misused. Besides the risk of damage to or loss of hardware, there is also a chance that the software is lost due to viruses, malware and other external causes. To reduce the risk of data leakage (the loss of files) as much as possible, back-ups of the data must be frequently made and stored in different geographical locations. A number of providers employ underground back-up data centres or store back-ups at locations that are hundreds of kilometres apart in order to protect data from natural disasters or other calamities. Legislation regarding data protection must be verified if a provider is located outside of the EU. Regardless of a provider’s location, the client must remain the owner of the data after the contract expires. In some cases, outsourcing security to experts can become a positive side effect of acquiring a SaaS service, especially for small companies that do not have large automation departments.

A supplier’s reliability is also largely determined by the availability of the service. As a rule, providers will only guarantee the availability of the software and not a working internet connection. This needs to be taken into account when establishing a service level agreement (SLA) for availability. In the SLA, it is advisable to strive for availability for 99% of the month, as opposed to 99% of the year, as establishing an SLA based on availability for an entire year could involve a lengthy downtime period, which the provider could then claim as part of the allowed downtime, without exceeding the 1% allowance.

If you take these criteria into account when selecting a SaaS provider, then there are no security or reliability reasons not to purchase SaaS services. You can find additional information about SaaS in general in the SaaS edition of TOPdesk Magazine (October 2007) at: www.topdesk.com.

 

Xander Orth contributed to writing this article

Links

TOPdesk corporate website
TOPdesk Community
TOPdesk Extranet
Career at TOPdesk