For most companies, particularly those who are new to SaaS solutions, the processes of evaluating vendors and selecting the right application for their needs can be a confusing process. Why? Because SaaS is fundamentally different than on-premise software. Therefore, different factors must be considered in order to make the most intelligence choice.
Over the next several weeks, we will highlight specific questions to ask your SaaS vendor. We’ll discuss why each inquiry is so important, and what to look for in the vendor’s response. Armed with the insight, you’ll be able to make the best possible decision for your business.
Inquiring About Security
Security is probably the biggest concern for most companies considering the move to a SaaS model. In fact, some companies shy away from SaaS because they fear security breaches – a fear that, in most cases, is unfounded.
Yet, security policies will vary from one SaaS provider to the next. So, it’s important to inquire about the various protection techniques they utilize in their data center. For example, what mechanisms do they have in place to ensure continuity in the event of fires, floods, or other natural disasters? And, how do they prevent unauthorized access to the application, as well as client data?
What to Look For
It’s important to note that any vendor who does not have proven security practices and procedures in place should be immediately taken off the “short list”. What you really want is a vendor with a world-class security environment – one that includes:
- A secure, SAS70-certified Tier 4 data center. This means, the vendor’s sites conform to the most rigid standards for cooling, power, and other factors that contribute to hardware and system performance.
- Firewalls, to block unauthorized system access, while ensuring that authorized users can still easily retrieve the functionality and data they need.
- Intrusion detection, to monitor the environment for risky activities, and alert the appropriate data center staff when the potential for breach exists.
- SSL, a communication protocol that protects Web applications as data is transferred back and forth between back end systems and end users.
- Third-party certifications for security practices, for validation – from unbiased sources – that the environment is fully protected.
By asking the right questions about security, you can rest assured that the risk of breaches, outages, and other related problems is virtually eliminated.