Todas las entradas hechas por Esther Kezia Thorpe

SaaS adoption is outpacing business’s ability to secure it


Esther Kezia Thorpe

30 Apr, 2018

As the rate of cloud and SaaS adoption increases in businesses, IT teams are primarily concerned with data privacy, new research contends, with 64% of ITDMs believing that their organisation’s SaaS adoption is outpacing their ability to secure it.

But nearly half agree that their organisation is hesitant to adopt SaaS-based security solutions, according to a survey of 200 ITDMs by cyber security firm iboss for its 2018 Enterprise Cloud Trends Survey Report.

In the early days of SaaS, security was one of the primary concerns limiting adoption because the SaaS delivery model was relatively new, and companies felt uncomfortable storing sensitive data outside their own security measures.

Although the SaaS model has matured and has so far proved to be highly stable and secure when compared to on-premises solutions, it is easy to understand why there are still outstanding concerns around it.

Three-quarters of ITDMs told iboss that their organisation’s data was more secure using on-premises, purpose-built appliances rather than a SaaS solution. The most likely reason for this is because they feel that their data is less secure when using a SaaS solution, because such solutions store their data on shared servers – a reason 66% of respondents agreed with. A quarter also thought that security wasn’t a priority for SaaS solution providers.


‘The Real SaaS Manifesto’ explores the security characteristics to look for when evaluating SaaS solutions and detailed checklists to help. Download it here for free.

Download now


“While these concerns aren’t unfounded, they also aren’t completely legitimate,” argued iboss CEO Paul Martini, analysing the findings of the report. “There are an array of cloud types and delivery models that both laymen and tech pros aren’t aware of that address many of the top concerns found in the survey head-on.”

Of course, there are many vendors who are committed to security, and to keeping their clients’ data safe, with incoming GDPR data protection rules meaning that they could be held partially responsible for any breaches.  Part of the solution is being diligent when choosing an SaaS provider, especially if they will be processing personally identifiable information or financial data.

A good vendor will be transparent in their security practices and be able to demonstrate multiple layers of security to protect customer data. This can include physical site security of the data centre facility, as well as application and database security, where defences are core to the software development process.

What to look for in a secure cloud system


Esther Kezia Thorpe

12 Apr, 2018

Cloud security and concerns around it have dominated conversations about cloud adoption, with a recent study from Ingram Micro revealing that it’s a top concern for 83% of organisations looking for a cloud solution.

But as the technology available advances, cloud suppliers are able to use the industry’s most sophisticated security solutions to protect data, and are able to justify investment in top-level security to protect a wide range of customers.

Of course, not all cloud solutions support the same level of security. So what should organisations be looking out for when exploring all the functions offered by vendors to ensure they get the best level of security?


Increasingly, cloud vendors are better at protecting corporate data than organisation’s own IT departments. Learn more in ‘Demystifying Cloud Security’.

Download now


Here are three things to look out for before committing to that cloud contract.

Information access

The first thing to check for is the solution’s ability to share information across departments. This functionality is key to CIOs looking to transform the business by improving customer experience, improving organisational agility and introducing new digital revenue streams.

Corporations run hundreds, and sometimes even thousands of interconnected applications to support their operations. Traditional solutions stored information in many different places, so keeping those systems in sync was a challenging task.

True, multi-tenancy SaaS makes all of this much easier, with human resource, finance and planning data stored in one application. This central design has many benefits, with all systems working from a common framework, so there are no inconsistencies in data. It also eradicates the disconnect between the system and its users, a problem prevalent in many legacy systems.

Consequently, security improves with a single version of the software that is continuously updated, scanned and patched. This is much better than working with multiple solutions, and any security-related changes to the system architecture is relayed to all customers simultaneously. If a leading enterprise needs a stringent new security feature, it is available to an SMB as well.

Encryption benefits

In the old days, corporations relied on firewalls to protect information, thinking that once the business had warded off outsiders, information was safe. Such thinking is now very outdated, with hackers able to attack systems at different levels. Once in a system, they stay, often working their way from low-level to high-level security clearances and compromising sensitive information.

One way firms can protect themselves is through encryption. Typically, data is encrypted in transit, which is a first rather than a last step. Once information enters the data centre, it is unencrypted and therefore vulnerable. To address this problem, organisations need to encrypt information at rest in a persistent data store.

Unfortunately, cloud services built on legacy architectures rarely support the encryption of all customer data at rest because encryption solutions are complex and difficult to implement.

With modern cloud architectures, a good cloud vendor will take on those responsibilities, especially if privacy and security are embedded into the solution’s system right from the start.


What should you look for in a cloud solution to ensure that your corporate data can be kept safe? Learn more in this whitepaper on cloud security.

Download now


Support for third-party standards

Industry and government groups have designed various compliance frameworks to protect customer information, such as the GDPR coming into force in just a few weeks. However, the specifications are only a starting point.

While assessing a solution, the various compliance standards and security implementations should be thoroughly examined. Is the service simply aligned with the standard or has the service been certified? How is the information stored? What level of encryption is supported? How are updates handled?

All cloud providers claim to have secure systems, but few offer the higher levels of protection needed with an enterprise’s valuable data. Carefully examining a vendor’s solution, however good it may seem on the surface, is key to a breach-free, compliant cloud future.