Is SaaS office safe?

Is software as a service (SaaS) office safe? We get this question a lot and the SaaS office most often asked about is Google Apps for Business and Microsoft Office 365. This security concern reflects in our research numbers: Fewer than 18 per cent of organizations are planning to deploy SaaS office but nearly twice as many companies are evaluating.

So, is SaaS office safe? There is no clear yes or no answer; the answer depends on relative risk versus in-house operations. Really, the right question to ask is, "Does SaaS office put me at greater risk and if so, can I justify this increased risk?"

FOR MORE: 5 problems with SaaS security

So, how do you move from risk relativity to reality? We look at seven key focus areas:

• Violation of compliance requirements -- SaaS office providers need to routinely undergo a third-party audit assessing their compliance with relevant regulations and legislation. A significant issue is controlling where the providers store (physically) the data, particularly for global companies.

• Availability -- Don't expect more than 99.9 per cent availability from SaaS office. How does this compare with your in-house Exchange availability?

• Integration with identity management -- The service must integrate with in-house identity management to provide multifactor authentication and single sign-on.

• Breach disclosure concern --There must be clear breach notification terms in any agreement with the SaaS office provider. You also have to understand the data leak prevention controls; both to avoid loss and avoid costly false positives. Both Google and Microsoft make it clear they are data processors and not data owners. In this role, their only obligation is to inform you of the breach; not your customers.

• Vendor lock-in -- This is one of the biggest challenges of moving to the cloud. What if the cloud provider goes out of business? What if there is a more competitive offering? A graceful exit must be part of the agreement. Tools are getting better and vary by provider, but don't expect a quick and easy exit.

• Intentional data disclosure -- The rules of engagement must be clear that releasing one customer's data does not expose any other customer's data. This is a particularly troublesome area, given neither case law nor clear application of the Fourth Amendment to search and seizure of data in the cloud.

• Audits -- Audits are the only means to assess the security controls of the SaaS office provider. Ideally, the SaaS office provider uses trusted third parties to perform standard audits and makes this information available to you.

Discuss each one of these areas with potential SaaS office providers and then turn the magnifying glass on your own operations. For example, do you comply with ISO 27001 or Federal Information Security Management Act (FISMA)? Microsoft has passed an ISO 27001 audit and both Google and Microsoft offer FISMA-compliant solutions.

The end result of this exercise should be a table comparing the relative risk of your in-house solution against the SaaS office solution. We find SaaS office increases risk for some organizations, for some it's a wash, and for some it actually decreases risk.

Ritter is a senior research analyst with Nemertes Research. He is filling in for Andreas Antonopolis who will return soon.

Read more about software in Network World's Software section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags SaaSGoogleMicrosoftsoftwareSoftware as a servicecloud computinginternet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ted Ritter

Network World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?