Security is a top concern for businesses moving into the Software-as-a-Service (SaaS) environment. These concerns are influenced by beliefs that that the internet is susceptible to hacking, data loss, and data theft. Contrary to common belief, the SaaS environment is usually more secure compared to most in-house IT environments. This is because the majority of businesses lack the capital budget to create a safe and secure in-house IT environment whereas SaaS providers invest heavily to create a secure environment.

When evaluating SaaS security, there are three areas that require specific attention: data center, application, and user. Each of these areas should have a security protocol because they are a point of security vulnerability.  After you have finished reading, you will understand why SaaS providers often state that their security are more secure than an in-house IT environment.

Data Center Security
Data center security can be broken down into two sections: property and people. The property section addresses the facility and issues regarding disaster prevention/recovery. Does the data center provide back-up power, back-up internet lines, and earthquake/fire safeguards? In addition, the property should include other devices such as cooling towers, surveillance, access point authentications (i.e. badge reader), and a proper server room.  Addressing these issues properly will prevent data loss from natural or unforeseen disasters.

The people section in data center security addresses data theft and unauthorized personnel in your facility. Are the server racks locked to prevent unauthorized access? Can wayward individuals touch or access the servers and your hardware? Does your facility have a security protocol against unauthorized personnel accessing the facility? Are there 24/7 security guard patrols? Addressing these issues properly will protect your data from outside intrusion into your mainframe servers.

Application Security
Application security is associated with the access rules to the application. These features include user authentication by username, passwords, password policies, session time out, and number of login attempts.  Application security should also provide a secure access gateway while encrypting data, passwords, and URL’s. Lastly, application security should also include firewall settings that prevent unauthorized intrusions, network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, and more. Addressing these issues properly will prevent unauthorized application access and deter hackers.

User Security
User security deals with the role-based data access rules within the application. It governs the types of information a user can view, even if the user has authorized access to the application. For instance, access rules can prevent someone in the sales department from seeing sensitive company financial information. Role-based access rules will also prevent individuals from snooping around other employee’s information. Whether these rules govern inter-departmental data restrictions or restrictions within a department, this level of data security is needed to ensure that your data will not be compromised.


To learn more about Servora’s data center security, please contact us.
To learn more about Servora’s application security, please visit data security.
To learn more about Servora’s user security, please visit internal controls.

Have questions about Servora’s security? Please contact us.

About Servora
Servora uses cloud computing technology to deliver CRM, ERP, Accounting, and Ecommerce applications via SaaS to small and mid-sized businesses.  See a list of solutions that Servora offers.