Software-as-a-service solutions bring more agility, convenience, and efficiency to field operations. However, it is also necessary that the company that provides them always consider the highest priority to the security of their clients’ sensitive data.
In an increasingly dynamic, volatile and challenging scenario, the adoption of efficient and agile digital processes provides a key competitive differentiation to companies that provide services in the field.
This trend is consolidating more every day, since, according to the “2020 Service Leader Agenda”, prepared by the Service Council, optimizing commercial operations of field services through the purchase of new technology represents the most significant increase in investment this year.
As the same study establishes, most of these acquisitions correspond to the contracting of SaaS solutions (Software as a Service).
This is a software distribution model where managed software and data are hosted in the cloud. More specifically, in the servers or data centers of an IT provider, which the client can access remotely, via the Internet.
In this way, the IT provider is responsible for the maintenance, daily operation and support of the software used by the client, while he latter focuses directly and more effectively on its core business.
According to a recent report by Finances Online, 63% of companies that opt for SaaS seek flexibility to deal with changing market conditions; while another 58% hope to achieve more business continuity.
Other reasons to adopt SaaS solutions are:
– Update services or customer support
– Replace technology and,
– Access data in real time.
All of these features allow most experts to agree that SaaS is an efficient option to bring more efficiency to field teams. However, in order this advantage translate itself in a competitive value, must be permanently linked to the essential data security.
This last variable has as much or more relevance in the client’s final option, since it represents 47% of purchase decisions in the IT field, becoming the second preference, after cost.
The importance of the security is based on the fact that most SaaS platforms use cloud-based services, which, by itself, carries a risk factor associated with the possibility of an external attacker access critical or sensitive data of the contracting companies.
This is not a minor consideration, because according to Finances Online estimates, 18.1% of files uploaded to cloud-based file sharing and collaboration services contain confidential data. A factor that is especially critical for highly confidential organizations that collect and store ePHI (Electronic Protected Health Information).
Therefore, when a company opt for a SaaS solution that optimizes its work in the field, the security offered by its respective provider must be the first priority, from every point of view.
Given the importance of security, before opting for a SaaS it is important to develop a list of reliable providers, according to objective and measurable parameters. This will make it possible to check whether the chosen solution and its respective provider give priority to data security.
According to experts, this list should be structured according to six key factors:
1. Certifications of compliance
Does the provider have a formal security and compliance program, ensuring the protection of all data collected, stored, or processed through its service?
To answer this question it is necessary to know the current security certifications of each supplier. Most of them should not be shy about sharing a full safety report with their potential customers, through a nondisclosure agreement. It is very important to pay due attention to the dates and details of these reports, to be certain that the certifications are current and relevant.
Once the provider has been selected, these reports should continue to be compiled on an ongoing basis. This is the only way to be sure that compliance with the standards is permanent.
2. Need for Encryption
At this point, it is necessary to ask the following questions:
– Does the provider encrypt all data in transit using a Transport Layer Security 1.2 system, or equivalent?
– Does he protect data at rest with AES 256-bit object-level encryption?
– What is his responsibility (an efficiency) to maintain data security on end users’ devices?
3. Disaster recovery
Here are the top topics that should be clear:
– What is the backup plan?
– What is the provider’s recovery time objective (RTO), and recovery point objective (RPO)?
– Will the vendor responsibly support all aspects of the implementation, including setup, and not only the data?
Does the provider reveal the status of their system on a self-service portal connected to the customer’s network? If not, how will he notify you of expected and unexpected system outages that may affect company business?
If you are unsure on this point, review the provider’s service history, get references from other customers, and ask them about their experiences with concerns about privacy, reliability, and security vulnerabilities.
Post-sale is essential, and you have to have absolute clarity about how the support process is being maintained. To do this, you can send a support request, and then evaluate the quality of the response received.
However, if you are dealing with a large SaaS implementation, it is a good idea to thoroughly investigate the support model. Only then will it be possible to know if the provider’s internal help desk will be able to maintain “Level 1” support, without users having to call it directly.
6. Legal considerations
Finally, it is very important to consider whether the provider is willing to sign a “data processing agreement”, or a “business partner agreement” and other similar elements, if these are required by his client’s compliance program.