Remember to Consider SaaS in Your Cybersecurity Plan
- 15 March, 2019 15:42
Businesses around the world have quickly embraced cloud technology as a critical solution to tackle operational complexities. Worldwide spending on public cloud services is expected to reach over AUD$283 billion in 2019. Australian spending on public cloud services alone is expected to reach AUD$5.6 billion in 2019, growing 20.3 per cent year-on-year. Whether it’s internal solutions that increase employee efficiency, or applications that provide superior levels of service to customers, the cloud is revolutionising how businesses operate.
On the flip side, as more cloud services are implemented, more endpoints are added to the metaphorical house in the form of a business network. These endpoints are like doors which must be locked to protect business data and customer privacy. If there is a vulnerability, businesses risk giving an outside threat actor access to their data. Given the prevalence of the Notifiable Data Breach scheme and GDPR in today’s business world, data protection and privacy have become important considerations for all organisations. Enterprises deploying software-as-a-service (SaaS) must consider this when implementing solutions.
Digital communication platforms, like other cloud services, need security layers that emphasise the protection of customer data. In industries like finance, health, and legal where client confidentiality is important and customer communication is being held online, enterprises need to be guaranteed that their online conversations are efficient and secure.
By searching for cloud communication platforms that prioritise encrypted communications and the ability to integrate into existing security infrastructures, businesses can be satisfied that their communication and data remains secure.
Encryption is currently in the spotlight across Australia, and businesses must understand the importance of using communication channels that prioritise encryption. Encryption ensures any digital communication, whether text-based, such as email and instant message, or spoken through audio and video services, is kept private and only visible by the host and meeting participants.
Many industries require some degree of confidentiality when sharing internal and external correspondence. Whether it’s the specifics of an important business deal that are being discussed through a video call, or a conversation with a client or patient, businesses have a duty of care to keep conversations private. Audio and video messages contain metadata, and end-to-end encryption ensures an unauthorised party cannot view that data.
Video and audio can carry as much confidential information as text communication, so organisations must be comfortable knowing when they are discussing important business deals, the news won’t spread past the virtual walls of their meeting.
Many enterprises can’t afford from a financial and reputational position to report to the Office of the Australian Information Commissioner saying they lost data because they weren’t diligent enough to understand how a third-party program was transferring its data.
Integrate into existing security infrastructure
Businesses should consider applications that allow their own identity provider such as Microsoft Active Directory, Centrify, Okta or Google to access applications. By integrating cloud services into existing single sign-on platforms, businesses will ensure an enterprises’ IT teams can have visibility and control who has access to communication services and, as a bonus, make using services easier for employees. As with other areas of the business, the ability to authorise and revoke access to communication platforms is vital for data protection.
Authentication Goes Two Ways
Authentication is a fundamental security measure that is found across smart phones, email platforms and online banking apps to name a few. While people might fail to see the importance of controlling who is able to join a conference or video call, it’s not so strange to see businesses limit who is allowed to join board meetings or internal staff meetings. As more businesses rely on mobile working and decide to move critical meeting platforms to digital spaces, it’s essential to control who is a part of those discussions as if it were a face to face meeting in the board room. While a video communication platform would lack physical security guards like an office building, video communication tools can leverage authentication and user credentials to confirm the identity of people joining a video meeting. It’s these authentication practices that make every meeting unique, and impossible for outsiders to join unless they have been invited.
Lock It Up
Privacy and data protection are important aspects that all organisations should keep front of mind when deciding which applications and services to incorporate into their day-to-day business operations. Deploying SaaS applications has proven to be very beneficial for organisations, but businesses must ensure the applications they choose have the security functionality in place to protect their data from outside threats. By ensuring cloud communication platforms feature end-to-end encryption, integrate with existing services like single sign-on and authenticate identity effectively, businesses can be satisfied knowing their digital communications will be secure as they move into a new era of efficiency.