It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Data Security Often Ignored in SaaS Integrations

Posted by on in Cloud

Cloud computing is already among the most disruptive technologies of the decade, and companies are only finding additional reasons to welcome hosted services into their IT ecosystem. But as corporate Software-as-a-Service (SaaS) menus continue to expand, managers must make sure crucial data security protections are not being neglected amid increasingly challenging integration processes.

According to ZDNet, IT managers are only now beginning to understand that the variable environments their applications are hosted in require unique data security solutions as well. However, the complexity of integrating their on-site and remotely hosted assets often inspires administrators to take certain shortcuts. Instead of contracting outside experts to seamlessly and securely orchestrate the company's expanding cloud service lineup, for example, IT staffers often insist on saving money with manual coding.

"Self-programmed integration is also more likely to use exposed transport protocols without encryption, and decryption of messages and data with the cloud, which poses a security risk as a result of the disparity," one software executive told the news source.

Aside from protections such as data encryption software, a number of companies are also having trouble collaborating with providers to extend access control and data governance policies into the cloud. According to ZDNet, today's increasingly connected and tech-savvy business professionals tend to amplify the consequences of such security oversights as they carry corporate assets onto social media sites and other unprotected online portals. 

Identifying cloud security obligations
Before companies pursue a new SaaS project, companies must first outline any potential sources of data security vulnerability as well as their proposed resolution. Data Center Knowledge columnist Bill Kleyman recommends a three-step approach, with administrators safeguarding the local network, endpoints and "the middle" that lies between.

Not surprisingly, encryption was included at every level of Kleyman's plan. IT staff will first want to confirm that data is being encoded internally as it travels across the in-house network. Next, administrators need to establish visibility over each of the endpoints accessing data, and how they are connecting back to the central network. For instance, is the IT team relying on an encrypted virtual private network (VPN) or secure client?

Finally, a clean path to transmission needs to be established. Fast and flexible transfer of information is central to cloud software strategies, and perhaps the only comprehensive means of protecting it along the way is to package it inside the secure wrapping afforded by data encryption software.

Tagged in: Cloud Data Security Encryption SaaS

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013