Services Industries Cloud Cybersecurity Digital EngineeringNXT HOLMES Geographies

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
< Dean Pappas

Cloud Applications and Security

Services
Industries
Cloud
Cybersecurity
Digital
EngineeringNXT
HOLMES
Geographies
Contact Us
About Wipro
Careers
Locations
Leadership
Investors
Innovation
News and Events
Insights
Analyst speak
Products & Platforms
Partner Ecosystem
Sustainability

January | 2011

Enterprise Cloud Applications (ECA) or Software as a Service (SaaS) is clearly the next evolution in business application software. Watching Marc Benioff at Dreamforce say the same thing confirms this. The question is what is holding business back from achieving lower Total Cost of Ownership (TCO) and higher functionality offered by SaaS solutions?

Security is a key concern among potential clients. These concerns are understandable. There are three facets of security that I would like to address today:

  • User Security - Security from internal attack
  • Data Security - Data Retention and Fail Over
  • External Attack - Attacks from external parties to extract data

Ensuring users do not get access to data or views they do not have privileges for, is a well understood problem. It is addressed by SaaS providers such as Salesforce.com and Workday, leveraging role-based security. Additionally, direct data access is managed by restricting IT access to the data via a trusted source within the company. Most SaaS providers offer change logs to allow an IT indiscretion to be tracked and addressed. Additionally, data access is restricted for the SaaS provider’s resources as well. It is safe to say that SaaS is just as secure as traditional on-premise solutions.

High availability, fail over and data retention strategies are crucial to the survival of SaaS companies. A small to mid-market business can only afford lower end equipment and solutions to address these challenges. However the economies of scale and use of the multi-tenant strategy of SaaS vendors allows the purchase and deployment of world class data security technology and provides this to all clients equally. To ensure confidence in the market, SaaS companies achieve the highest levels of certifications. These security measures far exceed what most small and mid-size enterprises can put into place. They also go beyond the safeguards of many large-scale enterprises by providing integrated audit capabilities. Additionally, the off-site hosting brings built-in disaster recovery and business continuity benefits.

SaaS solutions are designed to be hosted in secure efficient sites and deployed to users over the Internet. It also enables them to be accessed globally, in many languages, through many devices (PCs, Notebooks, iPad, smart phones etc.). SaaS providers use network encryption with Secure Socket Layer (SSL) for securing data flow over the Internet as well as specific data encryption. Sufficient safeguards are adopted against network security issues such as Man-in-The-Middle (MITM) attacks, IP spoofing, port scanning, packet sniffing, etc. Furthermore, independent security researchers should be utilized to validate SaaS claims. The SaaS leaders are acutely aware of this challenge and use their economies of scale to deploy security professionals to develop, test, and detect attempted intrusions. You have to ask yourself as a potential client, "How much expertise do I have compared to this SaaS provider in the area of security?"

Legacy software was built to sit behind a firewall with limited access to end-users or authorized third parties. This has made traditional, on-premise software less useful not only for a mobile workforce, but also for geographically dispersed customers and business partners. It also puts the burden of security on small security teams (or a single resource). While you should ask the questions necessary to build your comfort, the SaaS security expertise is typically world class and far stronger than what an end business can provide for itself.

About the Author

Dean Pappas comes to Wipro with 17 years of experience in application software consulting. Dean has focused on Relationship Management, Social Media, and ERP applications including Siebel, Oracle EBS, PeopleSoft, Salesforce.com, and other leading enterprise technologies. Dean draws his experience working for companies like Sapient, Siebel, and Oracle with a variety of clients. Dean has a track record of successful delivery and project rescue. Dean lives in Atlanta with his daughter and is a multi-time Ironman finisher.
X