Today, the use of software as a service ("SaaS") is widespread and the cybersecurity considerations are an afterthought.
SaaS is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet, with no customer responsibilities at any layer (such as Gmail, Dropbox, and DocuSign: electronic signature technology.) However, the advantages of SaaS do not come without risk.
Benefits of SaaS
- Cost – reduced for customer due to savings on human capital, physical space, electricity, and support when SaaS is provided through a multi-tenant distribution model.
- Maintenance – easier because applications do not need to be installed on each user’s computer and the vendor can deploy patches and updates throughout the environment at a faster rate.
- Access –faster because there is no installation or implementation process so getting up and running can be quick. The software is essentially already installed and running.
- Device and location independence – improved because users can access systems using a web browser regardless of their location or device.
- Data analytics – less hassle because SaaS permits collection of anonymized metadata and metering, which can improve service and provide important insights about the customer base.
- Continuity – with the enhancement of cloud technology, redundancy provides businesses with a continuity that is not easily accomplished.
Risks of SaaS
- Security – time-intensive because each customer needs to take steps to ensure that the vendor has the appropriate controls and systems in place for the various types of data.
- Contractual obligations – differs for each customer and products based on the present obligations. For example, confidentiality may be an issue because third-party contracts may prevent customers from sharing certain data with a vendor.
- Data localization – complicated because depending on the type of data and country where the data is located standards can restrict transfer, govern storage, or expand customer rights.
- Control of data – significant and should be addressed in contract to ensure protocols are in place for breach notice, deletion of data, and data accuracy.
In an ever-changing regulatory landscape, it can be overwhelming for individuals and businesses to properly navigate the benefits and risks associated with SaaS in the context of cybersecurity, legal compliance, and business diligence.