Data and System Security – Main Features of a Secure SaaS System
Ugur Akinci, PhD
November 13, 2007
Data security has been considered the "soft underbelly" of the Software as a Service (SaaS) business software delivery model. That's true in theory.
However, when we look at the practice, we see a somewhat different picture.
Why?
Because there are a lot of SaaS companies out there that have made security and data privacy their top concern.
That’s why they have built their enterprise system on super secure platforms like IBM Domino.
First off, they use a lot fewer number of communication ports than a majority of enterprise systems out there. That’s where real security begins.
The more doors and windows you have into a system, the more vulnerabilities you create. That has been the chief architectural weakness of many enterprise systems out there.
Secondly, their system processes and communications are encoded and tagged with unique hard-to-break URLs and internal identifiers. Those pointers are extremely hard to duplicate randomly. That is another level of security built right into the system.
Thirdly, a visitor usually needs to enter not only her User ID and Password but her Company ID as well to access any of her data.
To sum – yes, security IS an important issue for all online browser-based solutions. The best SaaS vendors like Web2Expense recognize that today and make it a chief principle of their development cycle.
The future belongs to SaaS.
However, when we look at the practice, we see a somewhat different picture.
Why?
Because there are a lot of SaaS companies out there that have made security and data privacy their top concern.
That’s why they have built their enterprise system on super secure platforms like IBM Domino.
First off, they use a lot fewer number of communication ports than a majority of enterprise systems out there. That’s where real security begins.
The more doors and windows you have into a system, the more vulnerabilities you create. That has been the chief architectural weakness of many enterprise systems out there.
Secondly, their system processes and communications are encoded and tagged with unique hard-to-break URLs and internal identifiers. Those pointers are extremely hard to duplicate randomly. That is another level of security built right into the system.
Thirdly, a visitor usually needs to enter not only her User ID and Password but her Company ID as well to access any of her data.
To sum – yes, security IS an important issue for all online browser-based solutions. The best SaaS vendors like Web2Expense recognize that today and make it a chief principle of their development cycle.
The future belongs to SaaS.