1 / 18

Essentials for SaaS Vendors’ Evaluation

SaaS is the abbreviation for Software as a Service. There are certain factors that need to be considered when evaluating SaaS providers, such as reviewing patching policies, thorough testing of SaaS during free trials, ensuring the compliance of SaaS providers with necessary regulations etc.

htshosting
Download Presentation

Essentials for SaaS Vendors’ Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Essentials for SaaS Vendors’ Evaluation

  2. Table of Contents • Software as a Service (SaaS) • Main Characteristics of SaaS • Benefits of SaaS • Factors for SaaS providers’ Evaluation • Reviewing SaaS Patching Policies • Checking SaaS Alignment along with Internal Security Controls • Ascertaining that One owns One’s Data • Ensuring SaaS Providers’ Compliance with Relevant Regulations • Knowledge regarding the Storage of Data • Checking Data Loss • Involving Security in the SaaS Procurement • Identifying the Sub-services that are used by the SaaS Provider • Thorough Testing during Free SaaS Trials • Reviewing Third-party Audits of SaaS Providers

  3. Software as a Service (SaaS) • SaaS is the abbreviation for Software as a Service. It is a type of cloud service model. Software as a Service is the most commonly utilized option by organizations in the cloud market. SaaS uses the Internet to deploy software to various businesses and is an ideal option for short-term projects. It acts as an important tool for applications requiring a considerable amount of web or mobile access. • Since the management of SaaS happens from a centralized location, enterprises do not need to worry about its maintenance. SaaS delivers applications to its users over the Internet. Most of these applications are capable of being run directly via the web browser. This aids to eliminate the need for installations or downloads on the client side. • To digress, cloud technology is used in cloud hosting, which is one of the types of web hosting and is meant to make websites accessible over the Internet. The best cloud hosting companies are often termed as the “Top Cloud Hosting Company”. Others terms that refer to the most reliable web hosting companies are the “Best Windows Hosting Company”, the “Best Web Hosting Company” etc.

  4. Main Characteristics of SaaS The main characteristics of SaaS are described below. These are mentioned in no particular order. • It can be managed from a centralized location • It is accessible over the Internet • In it users are not responsible for hardware or software updates • SaaS is hosted on a remote server

  5. Benefits of SaaS • Accessibility from anywhere with an active Internet connection • Backups and data recovery • Security • High adoption rate and virtually no learning curve The main benefits of SaaS are as follows- • Quick and easy deployment • Reduced time for installation and configuration • Affordability • Scalability • Seamless upgrades

  6. 1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?

  7. Factors for SaaS Providers’ Evaluation SaaS providers’ evaluation process should be based on the following factors- • Reviewing SaaS patching policies • Checking SaaS alignment along with internal security controls • Ascertaining that one owns one’s data • Ensuring SaaS providers’ compliance with relevant regulations • Knowledge regarding the storage of data • Checking data loss • Involving security in the SaaS procurement • Identifying the sub-services that are used by the SaaS provider • Thorough testing during free SaaS trials • Reviewing third-party audits of SaaS providers These factors will be discussed in brief in the following slides.

  8. Reviewing SaaS Patching Policies • Usually SaaS providers fall behind in patching. This happens more frequently with those that are multi-tenant. Hence, when evaluating a SaaS provider this needs to be taken into account.

  9. Checking SaaS Alignment along with Internal Security Controls • Using SaaS, calls for the security teams to focus on the interface between their company’s security environment and the security environment of the SaaS provider. Companies need to pay attention to the shift in responsibilities that has to do with security control.

  10. Ascertaining that One owns One’s Data • Close attention should be paid to the privacy policies or the terms of service of providers with regard to them not sharing any personal information of their clients. Unless it is stated clearly, it needs to be confirmed that the provider won’t resell its clients’ business data.

  11. Ensuring SaaS Providers’ Compliance with Relevant Regulations • The privacy policy should include a statement that has to do with compliance with relevant regulations. Any omission might indicate non-compliance with laws on the part of the SaaS provider.

  12. Knowledge regarding the Storage of Data • It is important to be aware of the type of data that is being stored as well as that which is being transmitted through SaaS solutions. Moreover, it is crucial to be aware of the owner of the data, those who have access to it, the ways in which the data is being protected and those that are liable if a security breach occurs. Thorough knowledge of all these factors helps to maintain data security and privacy.

  13. Checking Data Loss • Companies often don’t realize that SaaS agreements usually don’t cover data loss in their disaster recovery provisions.

  14. Involving Security in the SaaS Procurement • It is essential to ensure the involvement of the security and risk team with the procurement team during the entire procurement process in order to quantify risks. The presence of IT security teams should be ensured during all key discussions.

  15. Identifying the Sub-services that are used by the SaaS Provider • It is important to discuss the sub-service organizations that might be used by a SaaS provider. This needs to be addressed prior to signing any contract as it might impact the requirements with regard to the location of data storage of one’s organization.

  16. Thorough Testing during Free SaaS Trials • Capabilities, such as maximum capacity as well as surge usage, should be tested during a free SaaS trial. Concurrent and multi-process activities should be tested. During internal testing, evaluation should be carried out with regard to integrating the company’s key security processes with the solution of the SaaS provider.

  17. Reviewing Third-party Audits of SaaS Providers • It is necessary to request as well as review the most recent 3rd party audit reports of a provider. The results of penetration testing should also be reviewed to ensure the suitability as well as the effectiveness of security controls.

  18. Thanks! ANY QUESTIONS? www.htshosting.org

More Related