In many companies, Software-as-a-Service (SaaS) and cloud computing continue to gain acceptance over on-premises server and network infrastructures. Storing data “in the cloud” simply means using an outside vendor to own and maintain the storage media where your data resides, as opposed to traditional in-house hosting. “Software-as-a-Service” (SaaS) refers to a model in which software rather than being installed in-house, is centrally hosted and licensed on a subscription basis.

In recent years there has been a growing acceptance in many business sectors of SaaS based cloud solutions. Even more recently, the demand is exceeding current available capacity. Several global technology research firms report a forty to sixty percent annual growth rate in the demand for cloud storage capacity, while more conservative estimates put the growth rate of actual cloud storage capacity growth at approximately twenty percent annually. Regardless of the exact statistics, the cloud based solution is on the rise and expanding its reach.

Moving from a “Product in a Box” to a Cloud Based Solution

As the world migrates from a physical products in a box to cloud based services, many providers wrestle with the idea of releasing their products as services on the cloud rather than selling a physical box with an installation disk.

The truth is that this decision depends on many factors including accepted work practices in a particular industry and customer acceptance and trust. Whether the solution requires extremely low or even zero latency such as professional multi track sound, video editing suites, 3D animation technology or even whether the customers are willing to risk loading their secret content onto a cloud solution system, such as private businesses.

There have been many predictions about industry acceptance of cloud based solutions, but the truth is that it’s taking a lot longer be fully implemented, and even more to be trusted…

In addition to many technical and consumer mentality limitations, there have been many security breaches and covert solutions that mine customer data. Nothing illustrates this more than the information leaks by WikiLeaks, Google, Facebook and the like. As a result of these multiple leaks/thefts/covert agreements there is a high level of sketassym in general. Specifically, amongst the more experienced members of the business community (old School). Read any newspaper for insight and understanding about this issue, there is a tremendous amount of discussion on this topic. It seems that there is a new revelation about some secret deal between a tech giant and the CIA, FSB Chinese Secret Service or the NSA about them selling private customer information, not to mention content theft by disgruntled employees every day.

Simply stated, you can’t trust the employees of cloud service providers.

I don’t think we can really trust any employees in the information food chain anymore, but at least our ability to monitor them is far greater and improving all the time. Many people made claims and warnings of the problem of just anyone having access to secure data. When Google engineers got caught stalking Google customers through their system access, the fact that they got caught and the public finding out about it was pretty remote. I’ve personally seen over the years, crimes ranging from theft to sabotage that result in the employee’s termination when caught, but never result in any external report. We can also assume that most people don’t get caught at all, so accurately tracking this important security issue is almost impossible.

We currently exist in a world where nation states like The United States, China, North Korea and Russia are aggressively probing data repositories and the cyber spy organisations themselves aren’t particularly secure either except for the U.S (but, every lock can be picked). This suggests that where the states go, criminals will follow no too long after them. The easiest and best way into a secure system is still getting access to an employee’s credentials or getting the employee to pull the information like Snowden and Chelsea (Bradley) Manning did.  

Analytics is a Big Problem

The big problem is analytics and compliance. A company itself, needs to be able to analyse the secure information to both catch and identify illegal activities going on inside the company and at the same time to effectively respond to legitimate discovery and or access requests. If this task can’t be performed effectively than the company may be forced to either remove the security apparatus or to create a permanent back door for access.

Either of these solutions eliminate any value connected to the encryption employed by the company.

Therefore there are basically two possible approaches, one where the service resides in the cloud in an encrypted form but inside the company in an open form that can be analysed. Or, one where the service resides completely in a secure virtual silo that only the company can access but providing the headroom needed to serve the communications requirement and whatever analytics and reporting function are required by policy and law.

It’s Time for a Security Overhaul

The expansion of cloud-based services has made it possible for both small and enterprise-level organisations to host vast amounts of data easily. However, the cloud’s unprecedented storage capacity has also allowed both hackers and authorised users to easily host and spread malware, illegal software, and other digital properties.

An attack from inside your company may seem unlikely, but the insider threat does exist. There is no real practical way to assure that employees won’t raid your cloud. We shouldn’t have to put our faith in an employee at a cloud service provider either from the start. An employee can use their authorised access to gain access to your companies cloud-based services accessing sensitive data.

In addition, to the obvious data theft previously mentioned, there are also some additional inherent stress points and problems with SaaS solutions, such as the following points:

1. Malware injections of malicious code can be injected into cloud services and camouflaged as part of the software or service that is running within the cloud servers themselves.
2. APIs can threaten cloud security because they provide the vendor the ability to customise features and also provide access for authenticating, providing access, and also effect encryption.
3. Blocking website (entry denied) attacks do not attempt to breach your security perimeter, they make your website and servers unavailable to legitimate users.
4. Rushing into a cloud project and not performing sufficient due diligence can also pose a security risk when an company migrates to the cloud quickly.
5. Data on a cloud services can be lost through a malicious attack, natural disaster, or a data delete by the service provider. 

Make sure no one can access your confidential information without authorisation regardless of whether it resides inside or outside of your company. Assure that all user authorisations are tightly managed and monitored.

The Bottom Line

SaaS streamlines workplace efficiency by providing business owners an easier, cheaper, and more versatile system of managing their software offerings. More companies are adopting cloud-based software systems to simplify their network and optimise efficiency.

SaaS provides software vendors and customers the opportunity to save money, simplify their software solutions and provide improved maintenance and updates. SaaS solutions can also optimise efficiency, provide 24/7 on-demand customer service, and access their software networks from anywhere in the world. Its popularity is rapidly outranking on-premise software solutions. There are still outstanding issues that require more work and attention until SaaS and cloud computing will be able to fully replace on-premise solutions. There are also certain work practices and mind sets in a particular that slow or even stop customer acceptance and trust, this is likely to remain an issue for certain market segments.

I hope this short article has clarified and increased your understanding of what is SaaS an where you can implement it in your company. Keep smiling and think cloud….