Feature

7 Security Questions to Ask Your SaaS Provider

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."

Download it now to read this article plus other related content.

QUESTION 4: Is there a single-tenant hosting option separated from that of other customers?
Another complicating factor is that in a true SaaS multi-tenant deployment, your company's data may be side-by-side with another company's data.

So it's important to understand how things are kept separate.

"The risk is that your data could leak out of your environment and be seen by other customers, potentially even their competitors," says Acumen's Stanley.

There are several ways in which customer data can be separated, and it's important to understand which method your SaaS provider uses, she says. For example, if the division occurs within the application itself, a bug within the application could cause a failure of separation, meaning your data could be exposed to other customers or, in a worst-case scenario, to the outside world. Another way of keeping customers separate involves working with separate Web servers running on shared hardware.

The rise of virtualization, with customers potentially hosted on different virtual machines, should make separation easier. But Burton Group cautions that while this will cut down on risks, these virtual operating systems are subject to the same risks. Moreover, the hypervisor management layer adds a level of vulnerability.

Stanley says your provider should run regular

    Requires Free Membership to View

tests for data leaks. If it is not, you might be better off insisting on a single-tenant data storage option (closer to outsourcing) or looking for a provider that offers this choice, she says.

This was first published in May 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: