|By Ken Asher||
|August 16, 2014 04:00 PM EDT||
Security professionals are constantly negotiating the tension of balancing ease-of-use with data security. Savvy security professionals know that their users will often choose a less secure technology that makes getting things done easier over a more secure technology that makes getting things done more cumbersome. The trick is in aligning the secure choice with the efficient choice - but this comes with much-needed analysis and consideration.
Increasingly, best-in-class applications are being offered in a Software as a Service (SaaS) model; just take a look at the plethora of cloud-based tools available for organizations that need a scalable way to access software across physical locations and a means of enabling their increasingly mobile users. Certainly, the SaaS model offers highly compelling advantages over traditional on-premise solutions such as:
- Reduction and simplification of license management costs as well as infrastructure procurement and management costs
- Increased disaster resiliency and improved business continuity driven by the remote nature of SaaS to the workplace
- Enablement of a remote or mobile workforce
While there are several reasons why enterprises around the globe are moving toward cloud-based software solutions, there are trade-offs in moving from on-premise to hosted SaaS. Control of the infrastructure means control of the security and compliance of the systems. Giving up this control means additional due diligence is required to meet security and compliance objectives.
From full-site SSL/TLS encryption to encryption of customer data at rest, SaaS providers are incorporating best practices in an effort to ensure that the data customers entrust them with remains safe in their hands. Support for single-sign-on (SSO) authentication standards such as Security Assertion Markup Language version 2.0 (SAML 2.0) allows customers to integrate uniform authentication standards (strong passwords or multi-factor authentication (MFA)) across multiple SaaS tools.
When evaluating SaaS technologies for potential adoption by your organization, here are five key questions that you should ask any potential vendor:
- How are you protecting my data while it's being transmitted to you and while it's stored in your systems?
- What are you doing to protect your systems against physical threats?
- What are you doing to defend your application from attack?
- What are you doing to protect your users from account compromise?
- How are you protecting the service from disaster and the data from corruption or accidental deletion?
User Management and Single Sign-On
One somewhat hidden challenge of increased reliance on SaaS applications is the potential for user management complexity. User on-boarding and off-boarding, end-user account and password management and privilege accounting are increasingly complex without a unified user management approach.
To solve for this, many SaaS providers now support one or more single sign-on (SSO) standards. Single sign-on allows for the central provisioning and de-provisioning of applications to the user, and a single source of truth for who has access to what.
Some additional benefits for SSO integrations include having a unified user authentication policy across multiple applications with fewer passwords for users to remember and keep secure. SSO also provides support for multi-factor authentication (MFA), which can be used to create a more secure but user-friendly means to log into mission-critical business software.
Whether we like it or not, keeping enterprise systems strictly on-premise isn't a viable or scalable option today. Adapting to the SaaS paradigm and understanding and quantifying both the benefits and risks have become a key skill for CIOs and security professionals. Those who can successfully negotiate this paradigm are the new heroes of IT procurement - delivering ease of use and efficiency while maintaining security and compliance best practices.
Dec. 10, 2016 07:30 AM EST Reads: 760
Dec. 10, 2016 06:45 AM EST Reads: 539
Dec. 10, 2016 06:00 AM EST Reads: 708
Dec. 10, 2016 04:45 AM EST Reads: 1,096
Dec. 10, 2016 04:30 AM EST Reads: 550
Dec. 10, 2016 04:15 AM EST Reads: 1,390
Dec. 10, 2016 04:15 AM EST Reads: 574
Dec. 10, 2016 04:00 AM EST Reads: 5,526
Dec. 10, 2016 04:00 AM EST Reads: 5,318
Dec. 10, 2016 03:15 AM EST Reads: 502
Dec. 10, 2016 02:45 AM EST Reads: 2,270
Dec. 10, 2016 02:15 AM EST Reads: 803
Dec. 10, 2016 02:00 AM EST Reads: 1,995
Dec. 10, 2016 02:00 AM EST Reads: 652
Dec. 10, 2016 01:30 AM EST Reads: 4,005