Software as a Service (SaaS) is considered as the most thriving branch on the IT market. Analysts from Forrester Research estimated the average market value growth at 56.2% annually and forecast that it will continue to burgeon by 2020 at a speed of 18.9% per year. It does not shock anyone that the SaaS is growing quickly. This type of business model has plenty of advantages that attract new entrepreneurs to follow the very software distribution model. Then again, organizations are all the more eager to pick SaaS over on-premises applications, as it is more gainful and secure arrangement.
What is SaaS?
Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. SaaS is one of three fundamental classes of distributed computing, close by infrastructure as a service (IaaS) and platform as a service (PaaS).
It eliminates the need for an organization to install and run applications on their devices. This reduces the expense of hardware purchasing, installing and maintenance; as well as software licensing, installation and support.
Benefits of SaaS
1) Pay Per Use: With Saas, you pay for what you need, without worrying to purchase hardware to host your new applications. Instead of arranging internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.
2) Automatic updates: Rather than purchasing new programming, clients can depend on a SaaS supplier to consequently perform updates and fix administration.
3) Eliminates waste of time: Entirely customizable and configurable, SaaS will deliver exactly what your business requires. This eliminates excessive software and disarray as well as streamlines your workforce by saving time.
4) Scalability: Additional storage or services can be accessed on demand without needing to install new hardware and software.
5) Work from anywhere: Since the software is hosted on the cloud and accessible over the internet, users can access it via mobile devices where they are connected. This includes checking customer order histories prior to a sales call as well as having access to the real time data and real time order while talking to the customers.
SaaS can optimize and enhance a small business is just one step towards financial freedom and success. SaaS providers handle much of the security for cloud applications. SaaS providers are responsible for securing platform, network, applications, operating system, and physical infrastructure. However, providers are not responsible for securing customer data or user access to it, ultimately you are at the mercy of promoters of a SaaS entity. For enterprises that don’t want to spend their money on software-as-a-service (SaaS) licensing fees and data misuse, open source offers compelling premises-based alternatives.
Here are few cons to consider.
1. Identity management in the cloud is immature
Cloud providers themselves aren’t always sophisticated about integrating their platforms with identity services that exist behind the enterprise firewall. There are some third-party technologies that let IT extend role-based access controls into the cloud with single sign-on. Customers that use numerous SaaS applications could find themselves dealing with many different security tools. Third-party products at least offer the advantage of connecting to many different types of SaaS applications.
Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today. While an enterprise may be able to leverage several cloud computing services without a good identity and access management strategy, in the long run extending an organization’s identity services into the cloud is a necessary prerequisite for strategic use of on-demand computing services.
2. Cloud standards are weak
We’ve completed a SAS 70 audit, is one of the first things you’ll hear from any cloud vendor touting its security credentials. SAS 70 is an auditing standard designed to show that service providers have sufficient control over data. The standard wasn’t crafted with cloud computing in mind, but it’s become stand-in benchmark in the absence of cloud-specific standards. Better than SAS 70 is ISO 27001, an information security specification published by the International Organization for Standardization in Switzerland, analysts say.
While completing a SAS 70 audit is more of a self-imposed exercise, ISO 27001 is a fairly comprehensive standard that covers a lot of the operational security aspects that customers might be concerned about. ISO 27001 is not perfect but it’s a step in the right direction, but that doesn’t mean it’s sufficient.
There’s no guarantee that your data will be safe with an ISO 27001-compliant vendor, however. Numerous companies that claim to be compliant with ISO 27001 yet admit to bad practices with regard to privileged user management, including sharing of administrator accounts between users and granting broader privileges to users than is necessary.
3. Secrecy & Privacy
Cloud vendors argue that they are more able to secure data than a typical customer, and that SaaS security is actually better than most people think. But some customers find this hard to believe because SaaS vendors tend to be rather secretive about their security processes. Many cloud service providers release very few details about their data centers and operations, claiming it would compromise security. Customers should assume the worst-case scenario in terms of security when a vendor is being secretive.
If a vendor is not being transparent, it’s not that we distrust them, it’s that they haven’t given us enough evidence to trust them. The ability to analyze the security of SaaS applications is more limited than the ability to analyze the security of in-house systems, but that shouldn’t prevent customers from demanding proof of vendor claims.
Be skeptical of vendor claims, and demand written or in-person evidence. Service-level agreements (SLA) have sometimes proven deceptive or confusing. But at least in theory, enterprises should be able to receive strong guarantees in SLAs, particularly if they have the time and expertise to negotiate with the vendors beforehand.
4. Access everywhere for convenience, but also risk
One major benefit of software-as-a-service, that business applications can be accessed wherever there is Internet connectivity, which also poses new risks. Coupled with the proliferation of laptops and smartphones, SaaS makes it even more important for IT shops to secure endpoints. Because of the nature of SaaS, it’s accessible anywhere, if you decide to put your e-mail on Gmail, an employee could log in from a coffee shop on an unsecured computer. It’s one of the benefits of software-as-a-service, but it’s also one of the downsides. That endpoint isn’t necessarily secure. The data is no longer in your walls in the physical sense and in the virtual sense.
Maintaining control over e-mails and documents is easier when those files are stored on your local servers, rather than in the cloud. Enterprises that make use of SaaS need to implement policies to control connectivity. A customer could, for example, work with the SaaS vendor to make sure a service can be accessed only from certain IP addresses, and require remote users to go through a VPN.
Access can also be regulated by using secure Web gateway appliances, which broker the connection between a customer and cloud services. In one simple example, a company could allow employees access to Facebook, but block the chat feature. The approach of blocking access to certain types of functionality can be applied to business-focused cloud services as well.
There is also the problem of employees accessing SaaS products without IT knowledge. The keys to preventing this are educating employees and using various network monitoring and Web filtering technologies.
5. You don’t always know where your data is
Regulations such as the Federal Information Security Management Act (FISMA) require customers to keep sensitive data within the country. Although keeping data within U.S. borders seems like a relatively simple task on its face, cloud vendors will often not make that guarantee.
In highly virtualized systems, data and virtual machines can move dynamically from one country to another in response to load balancing needs and other factors. Google, for example, would note that if an end user in California goes on a business trip to London, it’s better (or at least faster) for that user’s data to be served up by a data center in Europe.
The typical SaaS vendors have held the view that it doesn’t matter where the servers are, we understand your laws, but the Internet doesn’t work that way. But this is still considered a relatively rare feature. Even if data stays within a country, customers need to be able to verify the data’s location in order to meet regulatory requirements. That’s why some are developing technology to track and verify the location of virtual machines in cloud networks?