In our previous article we outlined some of the caveats you should consider before you embrace the transformative power of the software as a service business model. Today, we will discuss ways to keep your data safe in spite of storing it with your SaaS vendor – and also preparing contingencies for the possibility that your SaaS vendor goes out of business.
Keeping your data safe
How to keep your data safe when you entrust it in the hands of an external SaaS provider? This is the conundrum which keeps many companies from fully embracing the SaaS business model. It is impossible to overstate the importance of security, both from a business competitiveness perspective and from the perspective of safeguarding your customer’s privacy. Still, given the ubiquitousness of online banking and online payment systems, it would seem that the security concerns are somewhat hyped up. After all, if we are comfortable putting our bank accounts (and all of the associated identifying information) on the cloud, why should parking our data with a SaaS provider be more of a concern.
The fact of the matter is that your data is as secure as your server is – regardless as whether the server is right next to you or on the other side of the globe. And at the end of the day SaaS providers have more resources, more expertise, and greater specialization in securing data than you do, especially if you are a small or medium business (SMB). Moreover, if you word your SLA correctly it is they who are liable, at least in part for any data breach – an additional, and not insignificant safety margin for your business. If you are still concerned you can ask your SaaS vendor to provide you with their SAS70 Type II audit confirmation. The procedure tests the data center’s level of security far more stringently than the common SMB does, no matter how proud you are of your IT department.
Marooned: what happens to your data if the vendor goes out of business?
This is a contingency that you must ensure is addressed in the SLA – you absolutely must make sure that it’s clauses ensure that the data you entrust to your SaaS vendor is your to keep even if it goes bust or is consolidated. Also, ask and require the SaaS vendor to provide you with its procedures with their data hosting company. Generally, they prepay them to “keep the lights on”, giving you time to access and back up your data in case something unexpected happens to disrupt vendor operations.
Things to keep in mind when drafting and editing your SLA is to include a clause explicitly defining your right to export your own data from your SaaS vendor. The clause should also define how often and in what format your data can be accessed.