Software as a service solutions and IT security: (Potentially) a match made in heaven

padlock in the sky with a piece of the curved part of the lock missingI had a few minutes the other day to peruse my backlogged library of articles (you know – the ones you put away until you can get your head above water long enough to catch your breath) when an article about SaaS and cloud services security in the government sector caught my attention.

The reason I did a “wait just a minute” on the piece is that the hot topic in our SaaS/cloud world is security, especially when it comes to content management and ECM SaaS solutions.

We all know that our data – personal and business – is stored somewhere, and a lot (if not most) of it is accessible via the Internet. And, we’ve all heard a horror story (or two) about security breaches. Definitely scary stuff.

So, when looking at security from a business perspective, here are a handful of questions to ask yourself – or to add to your RFP/RFI – if you’re in the market for a SaaS solution provider. And even if you already have a SaaS ECM solution provider, they should be able to answer these questions – and answer them with a “yes!”

  • Is the data center where your data is hosted SAS70 II audited? In researching your SaaS solutions, this question should be asked by someone in your IT department. In fact, this audit is so comprehensive that, in our conversations with IT management, just mentioning this compliance level calms a host of security concerns.
  • Is the backup location compliant, too? Pop quiz: If the primary (production) data center is compliant, does the secondary (backup) data center need the same level of compliance?  Answer: Yes!
  • Does the hosting provider’s processes, infrastructure, etc. undergo an independent audit, defined by either ISO or SysTrust standards?”
  • Does the SaaS provider perform their own internal security audits on a regular basis? Can they provide documentation to you upon request?
  • Does your SaaS ECM provider give you the opportunity to engage a third-party vendor, such as SecureState©, to perform your own audit against the solution? Yes, this may be an additional cost for you. But your provider should be open to letting you look “behind the curtain” of your ECM SaaS solution.

While there are plenty of other questions you could ask, the bottom line is this: SaaS ECM solutions are as secure as any on-premise software when they’re done right. And in many cases, as the article pointed out, they might even be more secure (hence the title of this post). After all, who would you rather have implement software for you? The company that developed it, or a government agency or department?

Currently, Jacqui Conn is a Business Development Manager with Hyland Software's OnBase OnLine & Hosting Services. But as most infomercials go, "but wait - there's more!" Literally a “Jac of all trades," Jacqui not only evangelizes OnBase OnLine (Hyland’s SaaS deployment model), but has built and managed the business side of OnBase Disaster Recovery Services, and markets it all.

Fun fact: coincidentally, Jacqui's mother’s maiden name is “Saas.” (It’s true!)

Contact Jacqui at [email protected]

Jacqui Conn

Currently, Jacqui Conn is a Business Development Manager with Hyland Software’s OnBase OnLine & Hosting Services. But as most infomercials go, “but wait – there’s more!” Literally a “Jac of... read more about: Jacqui Conn