SaaS adoption is outpacing business’s ability to secure it


Esther Kezia Thorpe

30 Apr, 2018

As the rate of cloud and SaaS adoption increases in businesses, IT teams are primarily concerned with data privacy, new research contends, with 64% of ITDMs believing that their organisation’s SaaS adoption is outpacing their ability to secure it.

But nearly half agree that their organisation is hesitant to adopt SaaS-based security solutions, according to a survey of 200 ITDMs by cyber security firm iboss for its 2018 Enterprise Cloud Trends Survey Report.

In the early days of SaaS, security was one of the primary concerns limiting adoption because the SaaS delivery model was relatively new, and companies felt uncomfortable storing sensitive data outside their own security measures.

Although the SaaS model has matured and has so far proved to be highly stable and secure when compared to on-premises solutions, it is easy to understand why there are still outstanding concerns around it.

Three-quarters of ITDMs told iboss that their organisation’s data was more secure using on-premises, purpose-built appliances rather than a SaaS solution. The most likely reason for this is because they feel that their data is less secure when using a SaaS solution, because such solutions store their data on shared servers – a reason 66% of respondents agreed with. A quarter also thought that security wasn’t a priority for SaaS solution providers.


‘The Real SaaS Manifesto’ explores the security characteristics to look for when evaluating SaaS solutions and detailed checklists to help. Download it here for free.

Download now


“While these concerns aren’t unfounded, they also aren’t completely legitimate,” argued iboss CEO Paul Martini, analysing the findings of the report. “There are an array of cloud types and delivery models that both laymen and tech pros aren’t aware of that address many of the top concerns found in the survey head-on.”

Of course, there are many vendors who are committed to security, and to keeping their clients’ data safe, with incoming GDPR data protection rules meaning that they could be held partially responsible for any breaches.  Part of the solution is being diligent when choosing an SaaS provider, especially if they will be processing personally identifiable information or financial data.

A good vendor will be transparent in their security practices and be able to demonstrate multiple layers of security to protect customer data. This can include physical site security of the data centre facility, as well as application and database security, where defences are core to the software development process.