5 Steps to Secure SaaS

A recent InformationWeek Analytics SaaS Survey revealed a 13-point jump in the percentage of companies using SaaS, up to 60 percent from 47 percent in just 11 months. But how can businesses ensure that their data is being protected by top-notch SaaS security measures?

In a recent InformationWeek article, Adam Ely, director of security for TiVo, outlined the following five steps to making smart risk decisions:

1. Go through back channels. Officially documenting controls is important but also getting “off-the-record” information never hurts.

2. Don’t put stock in reference customers. Seek out current or former customers and ask them to share relevant information.

3. Go online to investigate the vendor’s presentations and responses to past security incidents. Some providers, such as Google, publish statements about their views on security and risk management. Providers that show a level of understanding and due diligence may rise above the competition.

4. Ask to test controls. Even conducting a few vulnerability scans and code reviews can provide valuable insight into a SaaS provider’s practices.

5. Use your leverage to its fullest. SaaS vendors always need marketing fodder. Your company’s particular use case or industry sector may make for a valuable reference account to the vendor. Use that as a bargaining chip to gain more security insight and other information.

According to Ely, “Sometimes it comes down to a gut feeling. If a vendor doesn’t inspire confidence, or if you find reason to doubt it’s doing a good job managing risk on your behalf, move on. New providers are popping up all the time, and if enough of us force the security issue, we’ll all benefit from better visibility.”

For more information on the five 5 Steps to Secure SaaS, read the full article:http://www.informationweek.com/news/security/management