Your data is more secure with SaaS companies than it is with you

Lee Atchison Profile picture for user Lee Atchison October 25, 2017
Conventional wisdom says you should protect your data by keeping it close. In reality, it's more secure with SaaS companies, says New Relic's Lee Atchison

Data security concept in blue with circuit board background © adrian_ilie825 -
‘Keep your critical data onsite’ is a common mantra within the realms of IT organizations worldwide. If you want to make sure your data is secure, keep it within the walls of your organization and don’t let it out of your sight. The only way you can protect critical data is to build high walls around the data and keep it in close proximity. After all, nobody but you could possibly care more and provide protection for your data.

This mindset has been around for as long as data has been around.

The issue of data security entrusted to partners has grown in importance in recent years as SaaS products have started to become widely adopted across every business function. It is growing in even more importance as regional requirements such as GDPR become a reality. Enterprises have been gaining trust in SaaS companies with non-critical data for some time now, but what about mission critical data? What about sensitive customer data? How can a responsible corporation that cares about the security of its data, trust another company with its most critical data?

But I suggest you ask yourself a different question. When it comes to a reputable SaaS company, why can’t you trust them with your most sensitive data?

The reality of reputable SaaS security

The reality is that your company’s data – even the most critical – may actually be safer in a SaaS environment than it is in your own data centers. How can this be true?

To survive and thrive, a well-run SaaS company must have a strong focus on security and data protection as a discipline. Security becomes a core competency for SaaS companies. It’s part of their value add as a strategic partner and it becomes part of their DNA. A well-run SaaS company has a strong, dedicated, and trusted security team that is solidly engaged in the security industry. Its members are often known within the security industry and are leaders in creating and improving state of the art security practices and defining industry best practices.

Security is also constantly discussed and reviewed at the highest levels of the executive leadership of a SaaS company, and all members of the organization have security responsibilities and training. A SaaS company cannot survive unless the entire organization feels responsible for the security of its customers’ data.

The reality of corporate data security

On the other hand, for most corporations, information security can often be lost within their business focus. While security is obviously important to them, it is not a core aspect of their business’s cultural DNA. They may not have as many dedicated or experienced security personnel. Those individuals responsible for security often will have other responsibilities and typically aren’t leaders within the security industry as a whole.

Data security often is not discussed at the highest levels of the corporation until there is a security breach they have to react to, and organization-wide security training may be minimal or non-existent.

Trust SaaS partners with your data

As a result, your data can actually be safer with a SaaS organization than in company-owned datacenters. By working with a SaaS partner, your organization can learn security best practices that can improve the overall security of your data within your own corporate walls.

To your organization, a trusted and reputable SaaS partner can become a security asset for your organization, not a security liability.

The elephant in the room

The key words in all of this discussion, though, are reputable and well-run. How can you tell if the SaaS organization you are considering can be trusted? Here are some key questions to ask yourself to see if your data can be trusted with a vendor.

  1. Native SaaS company. Is the company you are looking at a native SaaS company, or are their SaaS services coming in reaction to upstarts in the market? Native SaaS companies have a tighter, native security DNA than companies that have wider offerings than just SaaS.
  2. Visible security team. Does the company have a visible full-time security team that is actively involved in the security industry? Do they give presentations at security conferences? Do they have a voice in security best practices and standards?
  3. Transparent about security. Is the company transparent about how it deals with security? Is it honest and forthright about the risks of data security and the steps it takes to keep your data secure?
  4. Security concern track record. Does the company have a strong track record of caring about security and security concerns? What do other customers say about their security practices?

By keeping these questions in mind when you pick a SaaS provider, you can ensure your data is in good hands and just as safe as it is in your own data center, if not safer.

A grey colored placeholder image