WATCH Software as a Service Gives Your Business an Edge – Day 6 of Cybersecurity Awareness Month 2021
Mike Miller
Today we’re talking about software as a service with Craig Taylor, CyberHoot, and software as a service or SaaS is a transformational technology for businesses. Craig, can you explain a little bit about what it is, what the benefits are and challenges?
Craig Taylor
Absolutely. Thanks for having me today, Mike. And Shelly, it’s great to be here and talking about SaaS. SaaS, or software as a service as a business transformational technology that many businesses, whether you’re small medium enterprises have gone through in recent years, and it’s taking your on premise applications and moving them to the cloud.
There’s a lot of benefits, but there are some challenges that we need to be worried about. And since it’s Cybersecurity Awareness Month, I thought we talked about that today. From a benefits perspective, many businesses enjoy SaaS because it moves them from a capex to an op x spend for the solutions they use. It also enables just in time delivery of services and licensing.
So if you hire someone, you don’t have to send someone to their desk to install an application, they just fire up their browser, and they might get an email inviting them to join that SaaS solution in the cloud. There’s a lot of spare capacity and SaaS solutions out there. So if you have episodic flows and ebbs to your business, like tax companies have a lot of demand during tax season, there’s enough spare capacity to help them out. It also leverages the expertise of your of the vendors themselves for the setup, and some come with the administration that you don’t even have to administer it, you just put people in and they get the default configuration. It may be cheaper to deploy.
As we mentioned, there’s no cost for the installation of it. But you’d also don’t have to pay for expensive equipment like servers and duplicate or disaster recovery servers inside your own office space. And it’s much better suited for the remote workforce that we’re all sort of dealing with because of COVID. So those are the benefits of SaaS to most businesses today. I may have missed one. But that’s the general idea. There are however, challenges that you need to be worried about and concerned with.
And many companies today don’t track their SaaS applications use and approve them. And that can lead to problems with compliance because you may not be compliant with HIPAA or cmmc is another big one for defense contractors. They also might lead to leaking of your critical and sensitive data. If an employee decided that they were tired of using your prescribed Google Cloud or SharePoint in Microsoft case or OneDrive, and put their files into Dropbox.
Dropbox is a perfect example of a SaaS solution. But that’s beyond the scope of your control. And you may be putting that critical, insensitive data out there. So that’s a real problem, both for your business operations, continuity of service, but also for compliance regulatory compliance. Also, there is the there some companies have had challenges moving from one SaaS provider saying give me all my data back so I can move it to another SaaS provider so that that too, can be a challenge. So those are the advantages or benefits and the challenges.
Mike Miller
Okay, and as a small business, you know, how do I get started?
Craig Taylor
Well right, if you haven’t done the digital transformation, I urge you to investigate it, especially due to COVID. With your remote workforce, it can really help you out both from a productivity but also a cost perspective. But it’s important that you put some checks and balances in place, I would suggest you build a policy or process to review the SaaS solutions your employees are using and approve them, and maybe even govern them call it out with a policy that says you just can’t start using Dropbox or Box or any of these solutions without permission, you need to get approval by the company, then it’s important to work with HR on onboarding and onboarding processes. Because the last thing you want is a user or an employee that left the company six months ago still logging into your Salesforce and siphoning off your leads. So that would be a big problem.
Make sure you do a security review and you find out if it can tie into single sign on or like identity and access management. So the same username and password you log into your O 365 you can use to log into the other SaaS solutions through something called SSO or single sign on and make sure if there’s critical and sensitive data, you enable two factor authentication. In fact, I would make that a bar that you can’t sign up or approve an application if it doesn’t support 2FA or multi factor authentication.
If it contains your critical and sensitive data, if you’re talking about Travelocity for booking flights, you don’t need 2FA but if it’s got your critical and sensitive you need that and fine Ideally, I would make a process that reviews the accounts and the licenses on an quarterly semiannual annual basis so that you’re at least looking at it once in a while to make sure everybody that’s in there is both supposed to be has the permissions to be, and you’re not paying extra for licenses that are no longer needed. That’s what I would ask most SMBs to do in my consulting on SAS solutions.
Shelly Miller
Great advice. That’s awesome. Thank you.
