Learnings from the IANS webinar on ‘Security that works with, not against, your SaaS business’
Are you a SaaS provider? If so, you have discovered that SaaS is unquestionably the new model for software delivery to both consumers and businesses. Speed to market, recurring revenue, elimination of product shipments, one code base to support, and higher profit margins at scale are just a few of the benefits that are undoubtedly motivating you to offer SaaS solutions.
But it’s not that simple. You are probably feeling the pain of your customers’ security and compliance concerns. In a recent webinar, Security that Works With, Not Against, Your SaaS Business, the audience of mainly SaaS providers was asked, “What are your biggest challenges in building a SaaS-based delivery model?” The leading challenge was “security of services / customer data” by a significant margin. And this ranked over other concerns such as organizational expertise in building SaaS offering, transitioning customers from perpetual licenses to subscription services, and cannibalization of existing revenue streams.
The good news is SaaS usage is growing. But customers are cautious and are ensuring that their SaaS providers are building in security and compliance controls across the entire application and infrastructure stack. Dave Shackleford, Lead Faculty at IANS, highlighted the following top customer areas of concern regarding security with SaaS solutions.
- Multi-tenancy: One of the most frequently asked security questions to SaaS vendors is, “How are you protecting my data in your multitenant SaaS environment?” This infrastructure creates several critical security issues: segmentation and isolation, policy boundaries, monitoring, and management.
- Visibility: Customers do not have visibility into the internal security controls of a cloud service provider, but they need to have some way to know that their SaaS provider is applying the security and compliance controls they require.
- Change Management: Cloud computing is built on a foundation of consistency and uniformity across the entire stack (from app to OS to to hypervisor to physical hardware), and changes can dramatically impact your customers, so change management is a key requirement for SaaS providers.
- Automation: SaaS businesses are built on rapid code pushes and “failing fast and often” (failing and recovering so fast that you customers don’t even notice). The only way SaaS infrastructure security can support this is through automation.
So how do you as a SaaS provider address these concerns for your customers? If you are trying to use traditional security tools that rely on network-based controls, resource-intensive agents, hardware constraints or heavy human intervention, you probably already realize they won’t work in an agile SaaS environments.
Instead, look to the new wave of cloud security solutions to secure your SaaS solutions. Born in the cloud and purpose-built to secure SaaS environments (whether running in public or private clouds or traditional data centers), these security-as-a-service solutions automate infrastructure security and compliance monitoring, and are built to support the multi-tenancy, visibility and change management requirements of SaaS customers. CloudPassage Halo is, of course, one such solution.
To watch the recorded webcast of ‘Security that works with, not against, your SaaS business’, go here.
For more information on how CloudPassage Halo can help SaaS providers, go here.
To try Halo for free, go here.