Cloud Computing: reduced IT Teams and limited budgets; IT management in SMEs is often done in a very constrained environment. The temptation of SaaS services is therefore high. What are the risks and benefits? How to ensure the security of its data in this context?
By William Series | Tuesday, April 22, 2014
For larger SMEs, the use of SaaS (Service as a Software) may be a way to switch budgets from Capex to Opex. In this regard, a TNS Sofres / Ipsos survey reveals that 48% of CIOs consider as priority the increase of outsourcing in response to their need to reduce costs.
Using a SaaS solution allows mostly upstream to ensure a pricing which excludes hidden costs, and only pay for what is actually consumed, usually on a work unit basis..
On the Market side, these arguments seem to be, since Pierre Audoin Consultants predicts that the share of SaaS is expected to reach 60% of the IT market in France in 2020.
PUBLICITY
and this popularity is not noticeable only in the forecast of market analyst firms. Many publishers have henceforth been directing all or part of their production on this model. Last November, SAP announced its SaaS solutions offer in China. And here in France, the SMEs can use SaaS HR software, IT security solutions, or Help Desk tools on the same model
Choose a scalable SaaS solution
But SaaS is not a panacea to all the problems of IT managers in SMEs.
We must “choose a solution that can easily integrate with your internal management system,” explains Christophe Rebecchi, Read Soft. Above all, we must ask if the chosen SaaS solution has a future. “Is it scalable? It is important to choose a solution that can grow with your company,” says Christophe Rebecchi.
In fact, using a SaaS solution means deporting outside the perimeter of the IF part of the IT assets of the company which is so much attention to ensure that this will not stop the operation of your business.
But beyond that, it is the question of the sovereignty of data hosting which arises. Jean-Cédric Miniot, general delegate of Ibelem, remembers the “case of a company which performed a proof of concept for more than a month of a SaaS mobility solution before realizing she was losing her time. Indeed, the solution was hosted abroad while a sine qua non condition not expressed was itshosting in France. ”
Ensure the confidentiality of data and processing
CNIL formulates on this issue a number of recommendations (PDF) to help companies which want to secure the services of a SaaS provider.
The first recommendation concerns the identification of the data and processes used by the SaaS solution. Personal data, sensitive data, critical data for enterprise, data used in business applications; A strict classification must be made to ensure that these data are made by the SaaS service knowingly.
On this basis, the use of an e-mail solution like Gmail in a professional setting poses question: the content of the accompanying mails and attachments are fully entrusted to a service provider. What are the privacy safe guards?
Above all, the CNIL states that some data, such as health data, “can only be stored by a healthcare data hosting provider approved by the Ministry of Health.” Some data are subject to regulatory constraints concerning its hosting. This is a point to check before using SaaS solutions.
Recover data in case of breach of contract
A second recommendation finally deals with the verification of the practical constraints of using SaaS solutions. Data availability, reversibility, portability, interoperability with the existing system; is ensuring that the quality of supplier is of an acceptable level.
For example, the question of reversibility is crucial: in case of breach of contract,the SMEs must clearly ensure that it cannot only recover its data, but most continue to use them with a different system.
Sovereignty and reversibility of data are therefore two factors to check before adopting a SaaS solution in business.
