Reining in the Cloud

Software-as-a-service providers keep your information safe and secure.

by Elise Oberliesen

Data security is something many take for granted until sensitive information is breached, lost or stolen. From credit card and banking account numbers to Social Security numbers, it’s the kind of information that requires extra security measures. As more organizations turn to software-as-a-service (SaaS) — externally hosted application platforms — to run their businesses, the amount of private information swirling around on a third party’s platform is mind-boggling.

Case in point

More than 1.75 million companies use Google Apps, a collection of online hosted applications that include e-mail, word processor and spreadsheet applications. “More than a dozen federal agencies are piloting Google Apps, spurred on by the Obama Administration’s government-wide initiative on cloud computing announced in the president’s FY2010 budget report,” according to a statement from a Google spokesperson.

Monitoring the use of customer information requires reliance on tools to increase security and outsmart intruders. That’s why SaaS providers like Salt Lake City-based inContact, which offers hosted platform call routing services, turn to Secure Socket Layer or SSL-based security, says inContact COO Scott Welch. SSL is a 128-bit encryption protocol that he says is one of the most widely used when moving data across platforms.

Firewalls and intrusion detection systems also tighten security, and software monitoring adds yet another layer of defense by helping the vendor spot red flags that indicate unauthorized use. With swift action, security can investigate suspicious activity. Customers can monitor activity as well. “We have audit trails on any changes that happen,” said Welch. These include reports that indicate time, date of user login and any changes made to the environment tied to that user ID.

Backups are considered more secure when platforms are split between two locations. Customer call centers inevitably go down, and when it happens, inContact is like a S.W.A.T. team ready to bring their customers back online. “If one location is hit with natural disaster, we can disperse those calls to any location,” Welch says.

People + products + protocols = security

While some companies flock to externally hosted applications for ease of deployment and cost savings, others wonder whether such applications create vulnerability that is too great to risk. But deep pockets help companies like Google hire exceptionally skilled staff. Having some of the brightest security experts at its disposal helps the company take necessary steps to protect customer data, says Rishi Chandra, senior product manager at Google in Mountain View, Calif.

Open standards security measures and secured connections increase protection, Chandra says. Although he would not disclose exactly which technologies put the lockdown on security, Chandra did say the company uses replication technology and other “leading-edge security.” “We use all the top-level security models that you’d expect in terms of watching over data in the data center itself or even making sure those having access to it are the only ones who should have access to it.”

Considering its megaload of daily user traffic, which is in the hundreds of millions, Google’s confidence attracts large corporations like Valeo, Motorola and others that place trust in the third-party platform. Surprisingly, what’s good for the customer is good for Google. “Our business itself is running on the same infrastructure,” says Chandra. That means what Google gives itself in terms of security, it gives the same amount to its customer — no more, no less, no matter how big or small that customer may be.

Everyone should understand security risks and take steps to mitigate it, or just let third parties take the reigns. Ask inContact or PGP, a data encryption software provider, how they can protect customer data and they will share policies, procedures and strict protocols in place. But peel away the layers and what you will find are the firewalls and encryption technologies diligently slaving away to maintain data integrity.

With many options available for SaaS applications, decisions about which products best serve organizations will continue. Skepticism about managing data security in external environments instead of on-site will prevent some companies from using SaaS applications. Trust between the vendor and customer coupled with security products and their proven track records may give these partnerships a fighting chance to prosper.

Getting SaaS-y

The benefits of moving to software-as-a-service

Streamlined and versatile

Say goodbye to internal share drives, a common method that allows public access to documents across multiple departments. Google Apps allows document access through a Web browser where data is stored online. It offers messaging and collaboration tools with features like e-mail, calendars, video, word processing and spreadsheet capability. With real-time features built in, end-users edit documents on the fly, collaborate with others and share updates at rocket speed.

Quicker turnaround

SaaS-based solutions can save a precious commodity — time. Planning customer contact center startups can drag out many months, but in a SaaS environment, says inContact COO Scott Welch, although laborious requirements-gathering is a must, rapid completion happens on the back-end. “The implementation time is so much faster because there is no on-site deployment of software,” Welch says.

PGP uses inContact as a SaaS provider. Though it took about 90 days to map out a call routing system, deployment was a piece of cake. “We were able to get up and running in less than 30 days,” says Larry Miller, PGP senior manager of customer systems and service. The system also integrates well with PGP’s customer relationship management (CRM) software, creating a more streamlined enterprise solution.

Hosted environments solve other issues too. “It’s available across geographies so you can have multiple locations appear as if they were sitting in one call center environment,” Welch says.

Privacy controls happen through administrator controls

Document sharing and password protection are just a few features Lily Sarafan, COO at Home Care Assistance in Palo Alto, Calif., likes about Google Apps. And with Google Docs, Sarafan says the “administrator controls” that allow end-users degrees of access to shared files works well internally. These controls set the users’ rights that determine whether an employee can review only or update documents and whether they can delete files — all of which is typically performed by the LAN administrator in a traditional organization with locally stored data. “You can set exactly which users can have access to the info,” she says.

A cost-cutting environment

SaaS applications are often cheaper than other options. Internally hosted environments, for example, can increase costs such as technology distribution by requiring additional hardware and software, staffing and new infrastructure, Welch says. But when a company uses SaaS, they needn’t fund any of those changes — they’re taking advantage of a vendor who already has implemented them.

Using the application primarily for e-mail and blogging, Sarafan says Goggle Apps improves the bottom line. With about 150 users across the franchise, 41 locations in the U.S. and one in Canada, the company uses the Premier version of the application, which costs them only about $7,500 annually. The switch allowed the company to shed its IT resources that once cost nearly $2,000 per month. But Sarafan most enjoys the real-time accessibility. While the company expands, she says training staff is no longer a hassle.