SaaS or Security? How About Both?

By Doug Barney November 25, 2013

Some believe that SaaS, being in the cloud, can never be as secure as on-premises. In Australia and New Zealand two companies have come together to blend the best of SaaS and security, compliance and data protection.

Like in America, Australia and New Zealand both have strict compliance regulations, and it is these that SaaS provider Coretec and data protection vendor PerspecSys are addressing.

The compliance comes courtesy of the integration of the Salesforce.com-based services with PerspecSys’ Cloud Data Protection Gateway.

“In order to help businesses take advantage of the huge benefits of the cloud, we knew we needed to give them the tools to do it securely and within increasingly stringent privacy and residency laws,” said Paul Evans, Director of Business Consulting at Coretec.

“We reviewed a lot of solutions and they all had usability and security tradeoffs despite claims that they don't. PerspecSys is different. They deliver the highest levels of security along with full data control and SaaS application functionality. Together, we're giving Salesforce.com customers the best of both worlds.”

The Cloud Data Control Gateway intercepts “sensitive information before it leaves their environment and replacing it with a random token value before it enters the cloud, the Gateway ensures an organization's data remains within their full control at all times,” the company said.

HP Takes on SaaS Security

HP, with a large cloud business, has a pretty big stake in making SaaS safe, especially in terms of compliance. Here the challenges are more difficult because the data that is covered by regulation is not 100 percent under your control.

“Until SaaS application providers do a better job of delivering security visibility and control to their customers, those users will have to take action against potential compliance risk,” HP says. “When business applications get pushed outside the enterprise perimeter, security tends to take a hit. With poor visibility into user activity, including limited access controls and nonexistent monitoring, SaaS can be a direct challenge to the CISO's compliance responsibility.”

HP has three tips for enterprise security teams. First, security pros need to be involved in buying product so they can insure compliance.

SaaS apps in particular need to be vetted for compliance. And vendors that don’t have strong compliance stories should be rejected.

Item to look for in a SaaS tool include access control granularity, strong metrics and reporting, and integration with monitoring tools.

A SaaS-y Market

According to international IT advisory firm, Gartner, global SaaS spending is projected to grow to $32.8 billion in 2016 and global spending on public cloud services is expected to grow from $76.9 billion in 2010 to $210 billion in 2016.