Security concerns, losing control of organisational data, and system integration issues are some of the concerns potential customers face when considering a software-as-a-service (SaaS) deployment.
This is according to Barry Gill, product development specialist at Mimecast, who spoke at the ITWeb SaaS event held in Midrand, Johannesburg, last week.
Gill addressed some of the myths surrounding SaaS, citing data confidentiality concerns as a primary issue for potential customers. When considering a Saas deployment, the customer's security concerns almost always centre on customer data storage and handling, he explained.
“Each vendor will address these concerns in a way appropriate to their own product, but it is widely accepted that SaaS vendors are aware of this potential resistance to using their services and have designed products that are often more secure than anything a customer would have been likely to deploy onsite.
“SaaS vendors also tend to have rigorous controls in place to regulate and audit data access of any type and have taken steps to provide access to these audit logs,” Gill stated.
He added that SaaS offers availability and integrity, which is key to addressing security concerns. “Having data available all the time means you are able to check on the state of your data and retrieve that data at any point in time. Data integrity is maintained not only through secure cryptographic hashing of data, but also through full and complete audit logs of all data accesses.
“Data at rest is generally secured through the use of encryption technologies to make raw data invisible to SaaS vendor staff, even though they may have access to the raw files themselves.”
Gill observed that SaaS supplies an information-centric security model and also forms part of generally accepted best practice auditing controls for data rest.
'Losing control of organisational data' was another myth that Gill addressed in his keynote. Most SaaS vendors do not look to exert control over existing systems, but rather at providing better ways of handling existing processes and services for a customer.
“This effectively means customers will no longer require management in system areas where the SaaS vendor has taken on the burden of management on their customer's behalf,” he continued. SaaS vendors typically provide tools that will allow a customer to manage their data in a way appropriate to specific legislative requirements.
Lastly, Gill debunked myths around SaaS system integration. “There are many levels of integration, all the way from simple AD queries down to applications installed on-premise that directly interact with SaaS provided services. The level of integration will be determined by a customer's requirements and the functionality of the SaaS application they are using.”
Having dispelled these myths, Gill predicted that SaaS was ready to meet the ICT requirements of Africa.
Related stories:
IT experts demystify SaaS
SaaS requires bandwidth boost
Companies still wary of the cloud
Share