SaaS, Security and the OWASP 10

intruderWhen considering a SaaS-based solution, people often wonder whether their data will be safe “in the cloud”.  Security is a major advantage to a SaaS solution.  In most situations, security attacks are caused because of the behaviour of legitimate users. According to a recent Forrester Research Report, 70% of all security breaches are caused by internal sources.  By locating the system outside the organisation, security risks can be significantly reduced.

Software as a Service is provided to a customer as a subscription based service that is delivered over the internet. SaaS can eliminate high upfront establishment costs and IT maintenance and support. Security measures are required to keep unauthorized people out of your system and prevent them from reading your data whilst it transmitting. More importantly, measures are used to protect internal users from vulnerabilities, and control their accessibility to ensure they only access what they’re meant to.

The OWASP Top 10 identifies the most dangerous security risks that occur on the internet. It provides a framework for evaluating a SaaS application’s security. The major security mechanisms in a SaaS application can include TLS & SSL, PGP, User management, Password & Passphrase requirements and storage, SAML and Audit Trails.

If you’re interested in finding out more, please download the free security white paper from www.webandflo.com/resources.

Workflow for SMEs

In Australia in June 2011, there were 230,638 business with between 5 and 19 employees; and a further 81,006 employers with 20-199 employees; according to the Australian Bureau of Statistics.  Businesses of this size struggle with process – they are large enough to deal with increasing specialisation of work; but the costs of specialised solutions (HRIS systems; Case Managment Solutions; Sales systems) can be prohibitive.  Often, this results in continuing with paper or spreadsheet-based systems well beyond the point at which they are efficient for those businesses.

The economies of scale to build and deploy workflows for an organisation means that it is typically large organisations who have the process knowledge, skills, and time available to undertake a process mapping and development process and to get the full benefit of a workflow automation process.  On the other hand, all organisations use workflow – the nature of work is that any process involving multipe steps or people can benefit from going through review and automation.  In many cases, this means that Small and Medium enterprises don’t get the benefits of workflow… despite being the largest category of employer.

Web and Flo, having worked with large and multinational organisations for over a decade, and an SME ourselves; have decided that enough is enough – and have started developing a library of best practice workflows that we will make available to SMEs for free, or on a subscription-model.  The idea is to consolodate the process information we’ve gathered over many years, and make the available to organisations that until now haven’t been able to benefit from BPM and Workflow Automation.  We’d welcome any input into what processes are the most painful for business as the outgrow their paper and spreadsheet-based systems.  Please feel free to comment in the blog or reach us at the Web and Flo website if you’re interested in learning more, or in registering as a Beta client.