Sunday, January 5, 2014

SaaS Security: Don't Ignore It

Remember all those concerns about the security of software-as-a-service (SaaS) solutions?  When SaaS was still a new idea, at some point in the sales process you'd get the same questions:  Who's got my data?  Who can see it?  Is it safe?

As SaaS has matured, maybe you thought those concerns were dead and gone.

You'd be wrong.

SaaS security is still an issue

Yes, SaaS solutions have been widely adopted by enterprises, and in many cases they're preferred over on-premises applications.

But for enterprise buyers, security is an issue that just won't go away.  CEOs and CIOs are still asking questions about how sensitive information is protected.  And with news of the recent data breaches at Target and Snapchat, they have good reason to keep asking.

I don't know how the information was stolen from Target or Snapchat.  Maybe it had nothing to do with how most SaaS solutions protect data.  It doesn't really matter.

What does matter is that some prospective customers think there are security issues with SaaS solutions.

So at some point in the purchase and evaluation process, these folks are likely to ask those nasty security questions.  They'll want to know exactly how their data will be protected and why they should trust you to do the protecting.

Be prepared to address security head on


As a SaaS provider, you should be prepared.  And the "you" I'm talking about here isn't just the operations people.  The marketing people have a role here, too.

Concerns about security can derail a purchase and they need to be addressed.

To satisfy CEOs, a short document that spells out the basics of the security procedures can be effective.

For IT professionals, though, a longer document is usually necessary.  They expect something with serious heft and full of details on server security, network security, application security, penetration testing, back-up procedures, and every other security issue. 

However you do it, if you're selling to enterprises, you should be prepared to address the security of your SaaS solution.   This issue isn't going away anytime soon.