SaaS need not be an unmanaged risk

March 2009 Security Services & Risk Management

There are business risks associated with using the SaaS model of service delivery that many companies fail to address.

Software as a service (SaaS) is a great innovation for businesses that rely on information technology to keep operations running smoothly and cost effectively. Yet, while the services on offer are a positive step forward, there are business risks associated with using the SaaS model of service delivery that many companies fail to address.

The SaaS model allows companies to lease IT services from a central provider, using applications and storage remotely. The user does not need any servers or applications, saving on hardware, human resource and licensing costs without losing functionality. Moreover, the problem of how to deal with obsolete technology is removed as the service provider deals with those issues.

“SaaS is a great option for companies that need IT services, especially in a global recession where capital expenditure is being cut,” says Amir Lubashevsky, executive director of Magix Integration. “Using the SaaS model, companies do not need to make investments in IT infrastructure or resources, but are still able to use the latest and best applications at all times on a rental or lease basis.”

SaaS is cheaper, especially in the short term, but a lower cost does not mitigate all the risks. As with traditional outsourcing deals, SaaS requires companies to hand their confidential data over to a third party, which then takes responsibility for the security, accuracy and safekeeping of the information.

This is an enormous risk. Even in traditional outsourcing, we have seen companies losing their data when service providers went bankrupt or when the customer wanted to move to a new provider. Similar risks apply in the SaaS model for any company abdicating accountability for its own data.

“A business cannot allow its SaaS provider to retain sole responsibility for its information,” states Lubashevsky. “It is every company’s responsibility to protect its data from loss due to a disaster or any other cause, whether using the SaaS model or not.”

This may mean a separate backup and business continuity strategy that is maintained over and above the SaaS services. Whatever the particular solution chosen, corporate governance stipulations will hold each business executive responsible for the safekeeping of critical and sensitive data.

“SaaS is a great concept if it is done properly and the associated data risks are mitigated,” says Lubashevsky. “The company is able to obtain all the functionality available in the latest versions of the best applications, without the costs associated with licensing, hardware and technical human resources.”

Amir Lubashevsky, executive director, Magix Integration
Amir Lubashevsky, executive director, Magix Integration

For more information contact Amir Lubashevsky, Magix Integration, +27 (0)11 258 4442, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.