Winning The SaaS Security Challenge
Nov 7
Marc
Blog, Online Accounting, SaaS, Security
I spoke at the NSW.net ICT cluster last week to a bunch of potential and current Microsoft Partners (we work on all operating systems for your information). I gave our 5 minute pitch and as usual during Q&A there were lots of questions (SaaS is a hot topic at the moment). We always get a security question and my answer is always the same, it’s a bunch of questions that effectively return the challenge. I only asked a couple of these but I’ve listed some others I often ask as well.
- Can you achieve better security than us?
- Is that laptop of yours (with accounting software on it) safer in your car, home or office than in our international data centre?
- Does your laptop have a guy with a gun standing in front of it to protect it?
- Do you back up your data as many times as day as we do?
- Do your store credit card numbers in your MYOB or Quicken file? What is your liability if you lose these?
We have done a lot to earn our customer’s trust. We must have considering we manage personal financial information for thousands of users.
Sometimes you need to trust others more than yourself, particularly in specialised fields.
This feels unnatural to some but it is logical and wise. You trust your bank with your money, you trust your email service provider with your email - all that critical and confidential correspondence.
You outsource these things and trust these specialist companies because they are better at it than you. These companies use the utility approach to security. They have built systems, processes and made infrastructure investments that exceed your individual capabilities. These companies have capacity and scale that brings high-end advantages to security that you can’t achieve easily as an individual. They can re-sell these services over and over with many customers which lowers the cost for you. So you get a high value, high security service for a low cost.
Software as a Service utilities like Saasu.com are exactly the same.
These are excellent questions and similar to those that we also ask our prospective clients. We take both system and physical data security at the highest level and yes, we do have not only armed security guards protecting our data in a mission-critical special facility, but we also have CCTV cameras, bio-hand readers and keypads protecting our clients’ data 24×7. It costs us to do it that way but we would not be in this business if we did not take data security this seriously.
Comment by Don Thompson — November 13, 2007 @ 2:09 am
Thanks Don. Agree, we have the mission impossible feel also but the guy with the gun is the most scary so I always mention him
Comment by Marc — November 13, 2007 @ 7:00 am
We get asked this question all of the time. We provide a web based point-of-sale system for hair and beauty salons so our audience are typically not very computer literate which makes it even trickier.
I was interested to see how you handle this question. It turns out our answer is virtually identical to yours - in fact, we always use the example of one of our very first customers who’s salon actually burnt down - if his data was sitting on a computer on the front counter instead of safely in a secure data centre… well, it’s a convincing argument - even to our potential customers!
Comment by Adam Fox — November 26, 2007 @ 10:52 pm
Adam, as an aside our office is the same building as the Police Integrity Commission. So even where our coders and admin are is extremely well surrounded with scary crime authority people! I’m always nice to everyone in the lift
Comment by Marc — November 28, 2007 @ 12:15 pm