SaaS need not be an unmanaged risk

March 2009 Security Services & Risk Management

There are business risks associated with using the SaaS model of service delivery that many companies fail to address.

Software as a service (SaaS) is a great innovation for businesses that rely on information technology to keep operations running smoothly and cost effectively. Yet, while the services on offer are a positive step forward, there are business risks associated with using the SaaS model of service delivery that many companies fail to address.

The SaaS model allows companies to lease IT services from a central provider, using applications and storage remotely. The user does not need any servers or applications, saving on hardware, human resource and licensing costs without losing functionality. Moreover, the problem of how to deal with obsolete technology is removed as the service provider deals with those issues.

“SaaS is a great option for companies that need IT services, especially in a global recession where capital expenditure is being cut,” says Amir Lubashevsky, executive director of Magix Integration. “Using the SaaS model, companies do not need to make investments in IT infrastructure or resources, but are still able to use the latest and best applications at all times on a rental or lease basis.”

SaaS is cheaper, especially in the short term, but a lower cost does not mitigate all the risks. As with traditional outsourcing deals, SaaS requires companies to hand their confidential data over to a third party, which then takes responsibility for the security, accuracy and safekeeping of the information.

This is an enormous risk. Even in traditional outsourcing, we have seen companies losing their data when service providers went bankrupt or when the customer wanted to move to a new provider. Similar risks apply in the SaaS model for any company abdicating accountability for its own data.

“A business cannot allow its SaaS provider to retain sole responsibility for its information,” states Lubashevsky. “It is every company’s responsibility to protect its data from loss due to a disaster or any other cause, whether using the SaaS model or not.”

This may mean a separate backup and business continuity strategy that is maintained over and above the SaaS services. Whatever the particular solution chosen, corporate governance stipulations will hold each business executive responsible for the safekeeping of critical and sensitive data.

“SaaS is a great concept if it is done properly and the associated data risks are mitigated,” says Lubashevsky. “The company is able to obtain all the functionality available in the latest versions of the best applications, without the costs associated with licensing, hardware and technical human resources.”

Amir Lubashevsky, executive director, Magix Integration
Amir Lubashevsky, executive director, Magix Integration

For more information contact Amir Lubashevsky, Magix Integration, +27 (0)11 258 4442,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

BT launches new security platform
Security Services & Risk Management
Relentless growth and ever-changing nature of the threat landscape dictates a new, proactive approach to cybersecurity. Eagle-i addresses the more than 50% increase in malware traffic over the last six months.

The crucial double check
Security Services & Risk Management
Andrea Babbs, UK general manager, VIPRE SafeSend, emphasises the importance of implementing a crucial double check to improve email security culture.

The state of the distribution market
ESDA (Electronic Security Distributors Association Bosch Building Technologies Dark Horse Distribution Elvey Security Technologies Regal Distributors SA G4S Secure Solutions SA Editor's Choice Security Services & Risk Management
The distribution industry has evolved over the years and its current challenges simply mean another change is in the wind, for those who can take the next step.

Training that delivers
Technews Publishing Leaderware ESDA (Electronic Security Distributors Association BTC Training Africa Editor's Choice Security Services & Risk Management Conferences & Events Training & Education
Hi-Tech Security Solutions hosted a virtual conversation to address the challenges and solutions related to effective and measurable training and education in the security industry.

The importance of traceable records
Technews Publishing Editor's Choice Security Services & Risk Management
Traceable records streamline performance management, training, evidence records and reduce fraud, corruption and criminal activities.

Creating the district ID database
Technews Publishing Agriculture (Industry) Security Services & Risk Management
Continuing his series on preparing for and preventing farm attacks, Laurence Palmer discusses developing an identity system for districts at risk.

Expand your security company offering with mySOS
Security Services & Risk Management
Expand your existing security solutions with a mobile, branded panic button from mySOS. You can now protect your existing client base beyond the perimeter of their property and add real value.

Is industry inertia keeping SIM-swap fraud alive?
Security Services & Risk Management
SIM-swap fraud has been around for decades and according to the latest SABRIC figures, incidents increased 91% year-on-year when looking at digital banking fraud across all platforms.

Personal security awareness
LD Africa Security Services & Risk Management
Whether it’s our homes, cars, family, businesses or assets, personal security is something that has to be considered daily.

Threat level raised to Omega Status (plan for the worst)
Security Services & Risk Management
It is the security industry that is implementing the health protocols on the ground. They take the temperatures of people, manage the movement of people and are the ones criticised.