Sunday, May 22, 2011

HR Data Security - How Secure is Your SaaS Deployment?

Understanding SaaS for Talent Management

Software-as-a-Service (SaaS) has become one of the fastest growing deployment models for talent management applications in the past few years. This success has brought about many benefits including lower up-front fees, reduced administration costs, less burden on IT resources, among others. However, many SaaS vendors neglect the fundamental requirements of ensuring your HR data is as secure as it can be.

For any size organization, it is important to determine whether the vendor can provide a robust set of deployment options, such as a dedicated or secure SaaS or an on-premise model, as well as understand how the system handles data privacy. These critical capabilities and options can guarantee specific application and data security standards are met. However, all vendors are not able to offer these options. Some specific, important differences between standard SaaS and a secure SaaS or on-premise deployments include:

o Dedicated hardware for each customer environment
o Physically separated customer data from all other customer instances
o Ability for unique high-security measures to be implemented as needed
o Upgrade and update schedules dictated by the customer and not the vendor
o Ability to uniquely configure the application to suit specific customer needs

Understanding vendor deployment offerings and choosing the correct one to suit your organization's needs can be the difference between a successful talent management project and a failed one.

Risks with Multi-tenant SaaS Solutions The multi-tenant nature of SaaS applications makes security an essential concern. One of the first things to consider when looking at a SaaS option is whether your deployed solution will be residing in a multi-tenant environment. While multi-tenant SaaS can often cost less on an annual basis then other deployment options, they can come with a greater risk of having your employee data breached.

This additional risk exists because in a multi-tenant environment many customers reside in one application environment simultaneously. While vendors can provide security within their applications and databases to prevent customer data from being breached or accidently leaked, these security measures are sometimes not robust enough. As a result, sensitive employee data may end up being visible to unauthorized individuals inadvertently.

Here are the key risks to consider when evaluating a multi-tenant SaaS deployment:

a. Are all customers' data kept in one shared database?

o The largest risk is if all customer data is kept shared in one database. Some talent management SaaS vendors provide no database-level segregation for customer data. This means all customer data is co-mingled in the same tables in one database and data security is only in the application. As a result, a simple application code error can breach data security enabling all customers in an environment to see each other's data.

b. What level of data security at application level does vendor offer?

o The SaaS vendor must be able to detail exactly how their application ensures that your data is kept secure and should provide sophisticated role-based and field level security that can be configure prior to deployment.

c. Does the vendor offer a more "secure" version of a SaaS solution that provides a dedicated environment?

o For many organizations, the risks of multi-tenant SaaS solutions are not acceptable but the SaaS model - from a cost perspective - is still attractive. Some vendors will provide a secure version of their SaaS offering which has similar cost structures but provides physically separate instances of the application and database, as well as other security services, which dramatically increase the overall security of the solution.

d. Do the benefits of a multi-tenant solution outweigh the risks?

o Understand and weigh the risks and benefits of multi-tenancy. The benefit may be lower initial price and total cost of ownership. The risk could be that data is co-mingled or has the possibility to be breached.

Typical SaaS Forces You to Upgrade One of the most controversial policies with a SaaS-only model is the forced upgrade policy. This policy of some SaaS vendors requires that customers upgrade to the next version of the application on the vendor's time frame, generally monthly or quarterly. This can have many bad downstream effects on the customer's organization. Some of the most costly are:

a. The upgrade has issues or fails to work: If the vendor does not manage the testing and QA process well, new releases can be unstable and existing features can stop working correctly. This is actually one of the more common issues with some talent management vendors who are enforcing the automatic upgrade policy. Beyond the direct issue(s) that application errors cause, it can also erode confidence and usability across your user base. As a result, any benefit achieved from new features can be more than offset by negative consequences.

b. Re-training the user community is constantly required: Often new releases change how an important part of the application works or in some cases it can even update the entire user interface. As a result, users often require re-training on how to use the new version of the application. This is a hidden cost of a forced upgrade policy that is not small. In large organizations especially, constant training and re-training can be very expensive. Therefore, if required to re-train frequently, any cost savings of going with a typical SaaS solution quickly disappears.

c. Added overhead for administrative change management: When an application upgrade is applied it can do more than just change how an end-user feature works, it can also change how a core process in the application works. This can mean significant change management on complex and established processes within an organization. An example would be updates to a compensation planning which may require that compensation administrators restructure their existing plans to work with the new application release. These requirements can be a significant effort on the part of the customer.

Application Architecture can be a Risk for SaaS While most vendors offer a SaaS deployment package option for their solutions, some are not architected to be secure. Even if the datacenter is perfectly secure, if the application is poorly architected to address the unique security requirements of a SaaS environment, your data may be at risk. Some of the most common architecture issues to pay attention to are:

a. Why an n-tier architected web application matters: The most important single issue in choosing a secure SaaS solution is whether it is developed using a current n-tier architected model. The two leading architectures in this category are J2EE and Microsoft Dot-Net. Using a contemporary architecture is inherently more secure than using an older architecture, such as.ASP or ColdFusion. These older architectures are inherently less secure because they are vulnerable to several current methods of attack, such as SQL injection (a form of attack which will let the attacker gain control over the database and have access to all information stored within it).

b. Need for fine-grained security in a SaaS solution: Core to a secure SaaS application is the security model that the application has imbedded within it. The most effective model for security in SaaS applications is a field-level security model. This means that every single data-element in the application can be individually secured. This matters because multiple customers are sharing one core application so the application needs to secure each user's instance and all the data elements which are being viewed by that user.

Data Privacy & Global Compliance Requirements Application design can also have a direct effect on whether an application complies with data privacy requirements in different parts of the world, and especially in the European Union (EU). Specifically, solutions must ensure that by design they do not make copies of data on the client machine as a part of the standard operation of the application. A very good instance of this problem is any solution that has part or all of it developed around an e-mail platform such as Microsoft Exchange or Lotus Notes.

A few talent management solutions are designed in this way. These are dangerous to choose because they have the ability to make local copies of data within each user's machine. As a result, these solutions are by design breaking EU data privacy regulations. By contrast, an n-tier architected solution stores data centrally in the data center and only shows authorized data to the user.

In addition, data privacy regulations in the EU and other geographies have specific requirements that data about employees be stored locally within a specific country. However, several of the vendors in the talent management market do not have the ability to provide SaaS anywhere other than the United States. For global organizations, this will not work.

SaaS Datacenter Security Issues For any enterprise application, datacenter security is also important; but for SaaS vendors this is especially so, as not just one, but many copies of customer data are stored in the datacenter. However, not all vendors provide adequate security when it comes to their datacenters.

Below are a few of the most important security-related points to be aware of:

a. Evaluate the infrastructure: Ultimately the largest difference between purchasing a license and "renting" a SaaS solution is the infrastructure service received as a part of the sale. Therefore, it is very important to evaluate the datacenter services the vendor provides as a part of the offering. One good approach to this is to ask for a technical overview document that outlines the datacenter services provided as part of the SaaS offering. All vendors should be able to provide you this document.

b. Dedicated hosting environment option: As discussed previously, multi-tenant SaaS can offer risks which organizations may find unacceptable. Dedicated hosting for SaaS can provide a truly secure deployment, while still offering the benefits of a SaaS deployment. Dedicated hosted SaaS deployments provide this additional security benefit by giving the customer a stand-alone hardware environment which runs the clients web, application, and database instances. This can also have the added benefit of shielding the customer from any application performance issues experienced from having multiple customers on one hardware environment.

c. Ability to configure your application in a SaaS environment: Often vendors that provide a SaaS offering do not allow customer configuration. In fact, the vendor must provide the (expensive) professional services to affect any change in the application. For larger organizations, this can pose a barrier to project success. Examples of these issues include handling non-standard single sign-on platforms (SAML), uniquely configured workflows, and changes to performance or compensation forms. Some vendors simply do not allow these configurations or will only allow them at an extreme price increase.

Conclusion SaaS has been a successful deployment option for many customers within the talent management market. But it is important to look at vendors' SaaS offerings to ensure your organization is receiving strong security for your HR data. Because the costs of a data breach are very high ($6.6 million and rising), any short-term cost savings with an inadequately secured SaaS offering are quickly erased if your HR data is compromised. In addition, understanding the indirect costs that can come with a standard SaaS offering are important as well. These include items like having a forced upgrade policy or having restrictions on configurations within a standard SaaS deployment. Evaluating vendors that offer secure SaaS alternatives can provide the economic benefits without the risk of HR data being compromised or the additional indirect costs.

Stephan Millard, Product Marketing Director
For more information, contact softscapeinfo@softscape.com

About Softscape
Softscape is the global leader in complete people management software that enable organizations to more effectively drive their business performance.

Softscape's customers span 156 countries, 30 vertical industries, and include global Fortune 500/Global 2000 enterprises, mid-market companies, higher education institutions, and public sector agencies. Current customers include 7-Eleven, AstraZeneca, Seagate, GKN, Edcon, Sony Electronics, the University of Notre Dame, and KPMG.

No comments:

Post a Comment