The small and medium-sized business (SMB) landscape is defined by its competitiveness. These dog-eat-dog dynamics force business leaders to trim costs, improve worker productivity, and create new, sustainable business models. That’s why almost 90 percent of businesses want a cloud environment and adoption is expected to double in the next four years.
But many small business owners remain on the sidelines, wondering if moving some processes and applications to the cloud is worthwhile. And many of the businesses moving to software-as-a-service (SaaS) solutions are making the same mistake, regardless of the industry: failing to improve their cloud security. Though we’ve come a long way in terms of protecting the cloud, risks always exist.
For some, SaaS might not even be necessary, and you won’t have to worry about the risks. But if you use SaaS applications or are considering them, an additional security layer on top of the built-in controls of your SaaS solution is smart thinking.
Is moving to the cloud right for me?
Moving all-in to a SaaS environment can be a major undertaking, so don’t start without some careful consideration. To determine whether a SaaS environment might work for your organization, ask yourself these four questions.
- Are my customers cloud-adverse? Is there a compliance reason for that stance? Some organizations’ applications won’t adhere to industry regulations in the cloud, so if that applies, you have your answer. For those with more flexibility, think of your customer base, now and in the future, before adopting a SaaS solution. Do your customers utilize the cloud now? Would your work with them be improved through a SaaS approach? Are you expanding into new markets where future customers depend on the cloud?
- What is my current cost structure? How much you spend on IT will help determine if a cloud solution is best. Are you moving to the cloud just to reduce cost? That and greater efficiency are the major drivers of cloud adoption, but maybe your IT environment and cost of operations are already efficient and moving to the cloud won’t significantly reduce costs in the long run.
- What are my competitors doing? This is the canary in the coal mine: If your competitors are promoting their SaaS capabilities and are pushing their customers to the cloud, there might be something to it. If you don’t follow suit, you might lose new customers.
- Is my IT team working at capacity? Is your IT team maxed out? Does it need more bandwidth? Moving to the cloud might be one way to free up resources.
After adopting SaaS, don’t forget about security
Many organizations adopt SaaS solutions to reduce cost while improving workflow, efficiency, and productivity. But too few of them invest heavily in security protocols for their new SaaS solution.
That’s a problem, because standard SaaS security protocols often leave your IT environment open to weaknesses. Organizations using only the basic protections may realize that weeks can pass before they discover a vulnerability or malicious attack, depending on their threat detection capabilities and corporate policies.
The bottom line is that reducing costs shouldn’t come at the expense of security. Thus, organizations face this dilemma: Many SMBs want to implement SaaS solutions that reduce costs and keep security expenses at bay, but while maintaining iron-tight security for sensitive data.
In many instances, organizations will need additional security protections on top of what comes packaged with SaaS solutions. In IDC’s 2015 Cyber Threat Survey, more than 300 security practitioners found that despite the adoption of SaaS-based services that have embedded security capabilities, 53 percent increased their security budget by 25 percent or more.
Organizations need additional security layers because threats like ransomware evolve and grow in sophistication every day. Basic security layers often don’t include behavior monitoring that prevents sensitive data from being uploaded to personal cloud drives, shared among internal drives, or emailed to outside sources. The proliferation of BYOD creates another issue that requires deeper security, as workers are able to access important and sensitive data from anywhere, at any time.
The answer to the dilemma is a security tool that provides additional layers of protection on top of the baseline controls of a SaaS solution. Look for an out-of-the-box option with monitoring tools that give administrators visibility into how data is moving across the network. That’s especially important for keeping track of employees accessing data on their mobile devices. Your security solution should integrate with multiple mobile operating systems, too. These monitoring checks and heuristic tools, which usually aren’t standard in embedded SaaS-based security systems, also improve over time.
Finally, the security should have strong back-end support, meaning the manufacturer is constantly providing updates to combat the latest threat or attack.
Stay on top of your security program
So you’ve decided to move forward with a SaaS solution (you’ve done your homework above, and it’s the right decision). If you lay out appropriate capital for a robust security protocol, you’ll avoid suffering the dreaded “SaaS versus security” dilemma. But there are other steps you should take to beef up the security around your SaaS solution.
- Set up strong security guidelines: If you have remote workers and allow BYOD, make sure your employees understand and fully adhere to your corporate guidelines. Be vigilant about these guidelines, but flexible enough to adapt to changes as threats evolve. Make sure your solution covers other APIs, especially for mobile devices.
- Stay apprised of threats: Knowing what threats are out there is half the battle. Once you decide on a security solution, make sure you stay updated on the latest cyber threats and know what your solution covers and what it doesn’t. You should be confident that your solution is agile enough to protect you from the latest threat.
- Be sure to always backup: One policy you should establish is a regular schedule of backups. Build a recovery plan in case an attack occurs. Every organization must have a security strategy, and it should start with backup and recovery.
What questions do you have about SaaS security protocols and solutions? Leave us a comment below.
About the author
Jonathan White, Director — SMB Channel Marketing at Trend Micro
I have 12+ years of Channel experience within the SMB arena. I have had the opportunity to lead successful teams that accomplish targeted objectives via execution of GTM strategies, management of data and analytics, and driving channel enablement. I leverage thought leadership to drive collaboration, innovation, and win-win scenarios. What makes my teams successful? Simply put, WE BRING THE WOW!