Only yesterday I was discussing the pros and cons of Software-as-a-Service (SaaS) with a construction journalist. I referred her to some material I had written in the past, and a couple of recent articles on the topic. Today, I found another good generic piece on ASPnews.com.
SaaS Advice from the Experts stresses that customers cannot abdicate responsibility by offloading their applications, particularly in respect of security. One vendor counsels IT managers to examine five key areas when deciding on a SaaS provider:
- privacy and security policies
- transparency into the provider’s organization
- metrics regarding audits and response to security breaches
- strong feedback loops, and
- continuous education for customers.
Other areas mentioned:
- authorization and access controls
- access to testing schedules, software development life cycles, and upgrade and patch deployments
- a backup and exit strategy for data, and
- accounting methods