SaaS solutions and data security in the cloud

SaaS offers innovative and cost-effective tech solutions but raises data security concerns. Users must choose between the flexibility of cloud models and the control of on-premise setups. Effective SaaS security involves choosing reliable vendors, setting clear cloud usage rules, and considering added security tools. Trust between vendors and users is crucial.
Man working in Acubiz with 2 screens

Content

There’s a lot of advantages with Software-as-a-Service (SaaS), or what’s also called Cloud-based software products. As a customer, you’ll get access to fast, stable, innovative and cost-efficient technology and application infrastructure. Many organizations acknowledge these benefits. That’s why SaaS have become the preferred delivery model in many areas. But as we all know, there’s usually also a flipside to the coin, that needs to be considered.

When it comes to SaaS, the circumstances related to data security might easily be that flipside, and therefore it’s a very important factor to investigate.

The question is: “Have you done a thorough preparatory work, when it comes to evaluating your SaaS providers’ approach to data security?”

Cloud or on-premise?

Most of you are probably already aware of what cloud and on-premise stands for, respectively. But in order to further set the scene, I’ll briefly outline the differences between the two delivery models. In a cloud-based approach, software and data is provided off-site. On the contrary, when we talk on-premise, the whole setup with hardware and servers needed to run applications and store data is housed by yourself – hence the name, on-premise. The main advantage with the cloud approach, is that it’s more flexible and cost efficient. As a business, you don’t need to invest in the necessary hardware or software, that’s needed to run applications. Also, you don’t need to worry about maintenance and updates of the respective software products. However, you sacrifice the ability to stay in full control with the approach to data security.

When we’re talking SaaS, you and your vendor share the responsibility for data security – the vendor takes care of everything related to the underlying infrastructure, and you’re responsible for proper, secure and safe usage of the product.

The question is: “Can you trust that your SaaS provider is serious about his part of the job?”

What you need to consider

I’ve got 3 tips lined up for you, when it comes to security and SaaS solutions. They’re relevant both if you’re looking for new software and are out analyzing the market, but also if you consider auditing your existing providers. By the way, that’s a good thing to do from time to time.

All right, here we go:

1. Choose your SaaS vendors with care

The first tip is, in my opinion, the most important. It’s about trust.

The supply of SaaS based solutions is massive. You’ve got plenty of options. As an example, within our area of expertise, Expense Management and solutions for managing travel expenses, there’s many options to choose from nowadays. Fact is, that a large part of the responsibility for data security lies with the software vendor, so you need to be careful, when you choose who to work with.

You’ll need to look for vendors, who’s offering solid control with user rights and data access in the solution and, if possible, it’s also a plus if the vendor can offer data encryption. It’s also important that you ask where and how data is stored. Is data kept domestically, in EU, outside of EU or in a basement somewhere? What characterizes the server setup and the security around this?

Also, you’ll need to check how the process related to backup and data retrieval works.

Also remember, that it isn’t without cost for a SaaS provider, to establish and maintain a strong security setup with well documented processes. Therefore, I’ll advise you to think twice before you go and choose the cheapest solution on your shortlist – it can end up as an expensive affair in the long run!

2. Implement rules for the use of cloud-based applications

This tip is related to your part of the job – in other words, it’s about the appropriate safe use of the SaaS products. You’ll have to formulate and implement a clear policy and a ruleset for the usage of cloud-based software.

Ideally, this policy must both address the users and the decision makers, that buys software. It’ll have to be a ruleset, that defines what type of employees that’ll be granted access to the respective tools, and what access levels the various employees should be granted. Also, it must specify, how the products can be accessed – i.e. through which devices.

Also, a policy like this, should be linked to the way your business educates the employees in the correct behavior related to the use of internet-based software solutions. For example, how does the employees protect themselves, their identities, usernames and passwords in the best possible way?

3. Consider if you need a separate tool to protect your SaaS data

Perhaps you’re already using SaaS products from multiple respected vendors with strong security measures. But at the same time, perhaps your application landscape has become so complex, that it’ll now make sense to invest in your own security layer.

This tip obviously comes in close connection with tip number 2, because there’s solutions in the market, that’ll help you manage your part of the security task. However, it’s a good idea to have the framework with rules and policies in place (according to tip number 2) before you begin to look for at tool, that’ll help you enforce them. Security breaches can happen in a lot of different ways, for example through inappropriate sharing of data, theft (like employees stealing data), compromised user accounts due to poor password strengths, excessive user permissions etc. These are the kinds of breaches, that you’ll need to deal with.

The point is, that when you implement rules for the usage of your organizations cloud-based tools, then you’ll also need to make sure, that your employees comply with the rules. And this can be a challenge, if the landscape has grown large and complex. There’re quite a few solutions out there to assist you with this, and for a start, you can check out what some of the big players, like McAfee and RSI, has on offer.

A shared responsibility

As I touched upon earlier in this blog post, you and your vendor have a shared responsibility for data security, when it comes to SaaS solutions. In my opinion, this is important to remember. And that’s where I’m going with these 3 tips. So, no matter how careful your own organization might be around SaaS security, it’s has no impact, if you’ve chosen a vendor, who isn’t up to his part of the task. And the other way around, of course.

My business, Acubiz, is a well-established supplier of cloud-based software for managing employee expenses and travel expenses. We’re serious about our part of the job related to data security. Very serious indeed. It’s an important component in our product strategy, because we believe, that a strong data security setup serves the purpose of protecting the investment, that our customers have made in our service.

Remember, you’re allowed to place demands on your vendors. That’s how it should be in a relationship of trust.

The question is: “Do you trust your current SaaS vendors?”

Related articles

Meet Visma Acubiz: Rebecca from Legal

In this post, we meet Rebecca, Legal & Compliance Specialist at Visma Acubiz. With a recently earned cand.merc.(jur.) from CBS, she has quickly made a name for herself in the company, where her detail-oriented approach and ability to collaborate across departments create value. We delve into her typical workday, memorable experiences, and what motivates her to perform at her best every day.

Acubiz and efacto Enter Strategic Partnership for Efficient Creditor Bookkeeping with Automated Digital Invoice Processing

Visma Acubiz and efacto have teamed up to make managing invoices easier and smarter for businesses. This new partnership brings together the best of automated expense handling and invoice technology.

New Bookkeeping Act: Discover the Benefits of an Approved Digital Accounting Program

The new bookkeeping act requires digital accounting, placing specific demands on the software you use. Choosing an approved digital accounting program ensures compliance, saves time and money, guarantees a backup of your records, and enhances the security of your financial data.

Your Accounting Must Be Digital: The New Bookkeeping Act

The bookkeeping act needed modernization to stay current, which led to the implementation of a new bookkeeping act on July 1, 2022. According to the new bookkeeping act, your accounting must be digital, which places specific requirements on the accounting software you use. If you manage your bookkeeping in Excel, it is very likely that you will not meet the new law’s digitalization requirements.

“Hveder” should still be enjoyed on a day off

On the last day of February this year, Store Bededag (Great Prayer Day) was abolished as a public holiday in 2024 by a majority in the Danish Parliament. However, at Visma Acubiz, we still believe that “Hveder” should be savored on a day off.