With concern growing over the easy accessibility of personal information on enterprise platforms, companies begin to question the need to enhance encryption efforts for data uploaded to SaaS providers. We turned to our panel of data security experts and asked them to share their opinions on the steps that must be taken to prevent personal information from being compromised. Here’s what they had to say:
Greg Robin, a consultant specializing in technology and advisory services for companies like Gap Online, Intuit, and Warner Bros, does not feel that it is necessary to give consumers the option to encrypt uploaded data. Although Robin acknowledges that SaaS is probably a more secure way to store data, these solutions “tend to be deployed with a security model in place.” SaaS vendors that are name brand also have better security policies than most Fortune 500 IT companies. Therefore, only people with the right credentials can have access to the correct data on programs like Salesforce. However, Robin recommends that all individuals encrypt Social Security numbers and credit cards stored in SaaS apps. This is particularly crucial when information is available on a desktop because of the vulnerability caused by email and USB devices.
Richard Bodien, with over 20 years of experience in brand, strategy, and communications for both large corporations like AOL, Boeing, and Microsoft, says that encryption will always be a requirement for large enterprises, and subsequently should be made available with all SaaS solutions. Because the loudest objection to the adoption of SaaS and Cloud Computing centers around security, it is vital that SaaS providers “not cut corners.” Instead, customers should hold providers accountable to implement the highest levels of data security and privacy. Avishai Ziv, CEO and owner of Consulix an independent consultant specializing in SaaS management and infrastructure, cloud computing, and IT security, states that usually this scenario would be unnecessary since most serious SaaS providers either comply with SAS70 standard or are hosted at data-centers complying with SAS70, ensuring that a customer’s data is secure. However, Ziv demonstrates that the “remaining problem of securing the data is divided between the user’s terminal/end-point and the data-in transit,” like when the user is interacting with the SaaS application. In order to resolve this, the customer should utilize a form of data protection to secure the data-in-transit and strong authentication to secure the end-point terminal.
Joanne_F, with 25 years of experience as a respected IT industry though leader, a proven C-level change agent for Fortune 500 companies and top tier consulting organizations, believes that the answer is not necessarily to offer encryption because “it may not meet the regulatory standards or compliance mandates required by law or which may interfere with same.” She explains further that the crux of issue is about protecting intellectual capital and property as well as control over the data. This is why many SaaS providers offer a different alternative, such as dedicated virtualized servers or tunnel VPNS. Ultimately, Joanne_F understands that “as long as the client can control the ownership, and ensure its protection, the barriers to adoption tend to be less arduous to overcome.”
Do you have a question (about encrypted data and SaaS or any other topic) you would like to ask Zintro’s experts? Click here. Would you be interested in signing to be a Zintro expert and generate free leads for your business? Click here.