SaaS and Data Security: The Facts
Think that data security is solely a cloud provider’s responsibility? Think again.
Software-as-a-Service (SaaS) offers a range of benefits. For example, Microsoft’s Office 365 is flexible, compatible across multiple devices, and ensures that users receive the latest updates.
However, Musey Inc., a US-based firm is currently suing Google over loss of data. G-Suite, Google’s cloud computing SaaS, hosted more than three years of company data until a Musey employee accidentally deleted their G-Suite account.
With the account deleted, all their information stored online went with it. Regardless of the outcome, this incident reinforces the following lesson:
Using cloud-based SaaS alone does not guarantee the security of your data.
A false sense of data security?
A common misunderstanding is that data stored in cloud servers of big businesses such as Amazon, Google, and Microsoft is inherently secure.
This is incorrect!
It’s not an unreasonable assumption, given that businesses pay for the service. But there is a distinction that must be made. You are not paying for security of your data – you’re paying for the infrastructure and the numerous benefits that come with SaaS.
- Lower up-front cost to licensing software
- Simple integration with your systems
- Flexibility across multiple devices
- Regular updates from the provider
In short, the cloud provider is responsible for the security of the cloud infrastructure.
Whereas the user is responsible for their own data security within the cloud infrastructure.
SaaS is not a form of backup
Your data security is your own responsibility, and only keeping a single copy is bad practice, regardless of whether it’s stored locally or in the cloud. Neuways recommends backing up at least three layers of data as part of a wider business continuity plan.
SaaS is not a form of backup, nor does it absolve your business’s responsibility to secure its own data.
This means that your organisation still requires a robust business continuity and disaster recovery (BCDR) strategy, regardless of whether it uses cloud computing or not.
What are your data security responsibilities?
It also includes the putting into place of procedures that protect internal vulnerabilities to your staff, and by extension your business data:
Also known as the Principle of Least Privilege (PoLP), access controls ensure that staff only have access to the necessary systems to perform their role. This is a crucial risk exercise that can limit access to your critical business data.
SaaS is not insurance against data loss and your cloud provider is not solely responsible for your data security. However, with the right business continuity and disaster recovery (BCDR) strategy, you can reap the benefits of SaaS whilst keeping both yours and your customers’ data secure.
If you’re considering a move to the cloud, or would like to discuss your business continuity plan, contact Neuways on 01283 753 333 or via email at email@example.com.