From the Blogosphere
Achieving a Secure Cloud Infrastructure for Enterprise SaaS Applications | @CloudExpo #Cloud
Simplifying security for SaaS applications
By: Waqar Ahmad
Apr. 29, 2016 04:00 PM
Software as a Service (SaaS) is a model that has become a popular choice for deploying enterprise applications, delivering efficiencies and value to organizations in many ways. The benefits SaaS solutions deliver include not only avoiding the major resource drain and licensing costs associated with deploying business-critical software across the organization, they also relieve IT from ongoing maintenance tasks associated with on-premise deployments, such as performing upgrades, installing patches and managing availability. Moreover, SaaS can enhance flexibility and scalability for enterprise applications and workloads. Of course, while these benefits gained from adopting SaaS solutions in the enterprise are significant, they must nevertheless be balanced against potential risks. In particular, consideration must always be given as to whether cloud applications are sufficiently secure.
A use case for enterprise SaaS: Customer communications in regulated industries
Adopting an automated SaaS workflow can avoid these hurdles by leveraging accurate, preset processes instead of time-consuming, error-prone and expensive manual activities. Dynamic formatting can replace manual layout methods, eliminating the need for outside agencies or dedicated internal staff for this process. Centralization of content will streamline its management, add control, provide visibility into the workflow process and significantly reduce costs. As a result, time-to-market can be improved.
Of course the most important advantage to be gained from automating previously manual processes for regulated communications is that it will ensure that customers receive timely, compliant and effective documents that enhance the customer experience and loyalty.
Cloud security - A critical consideration in regulated industries
A recent survey by the Ponemon Institute found that enterprises storing sensitive or confidential business data in the cloud environment made a number of common mistakes when it comes to ensuring security, including:
Moreover, while 90 percent of IT survey respondents said SaaS will be important to meeting IT strategies over the next two years and 79 percent said security is an important consideration in their cloud migration decision, only 33 percent believe their organizations are achieving necessary objectives for cloud security.
In light of these survey results, organizations should take steps to mitigate the potential for making similar security mistakes. But attaining a secure cloud posture is not an easy task. It involves procuring, integrating and managing dozens of point security products, as well as making all the necessary changes to processes, staff training and resource utilization.
In addition, even when a secure cloud environment is achieved, it must be maintained through constant monitoring, periodic risk reassessments and other techniques. Controls must be established that comprehensively address:
As the survey results showed, it is unlikely that these tasks will be accomplished by an organization's internal IT team given that it may not even participate in the selection or know about the SaaS applications deployed by business users. That means that business users and, by default, their organizations, are relying on the SaaS provider to ensure that adequate security protections are in place, which may not be an accurate assumption.
Simplifying security for SaaS applications
In order to ensure a secure cloud environment, an organization should confirm that the following three objectives are met:
Combining a cloud-based SaaS solution for generating highly regulated customer documents with secure cloud hosting of all deployments of this and other SaaS platforms in the organization has the potential to provide the best possible security while enhancing the organizations agility when delivering regulated communications to customers.
This approach can provide a comprehensive way to ensure security of data while also meeting an organization's threshold compliance requirements for compliant customer communications.
*See Armor White Paper, "Inside the 6 principal layers of the cloud security stack"
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week