57NETWORK
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US

Assessing SaaS? 3 Security Questions to Ask.

1/22/2018

 
by Chris Magill on February 2, 2017

Picture
As more enterprises undertake digital transformation, cloud services and solutions are one of the top technology investments that CIOs plan to make this year. Yet security and privacy remains the top concern for CIOs going into 2017. This doesn’t mean that CIOs should rethink their strategy, but it does reflect the need for thorough vetting of security for any cloud services or solutions IT buyers plan to add to their portfolio.
​
Here are three questions to ask when assessing SaaS software to get a clearer picture of security:
​​

Has the company submitted itself to independent assessment, and are they willing to share the results with you?

This first question is a big one, because it not only demands that the SaaS service meets the top security criteria available, but also shows how transparent the company is willing to be when it comes to security issues.

There are at least two assessments we require for any SaaS service that we approve of for employee use here at Smartsheet (and we hold our own service to these assessments as well):
  • SOC 2 Type 2 Audit – Have they subjected themselves to an independent audit with AICPA to show that they do what they say they’re going to do with regard to security, availability, processing integrity, confidentiality, and privacy?
  • Penetration Test – Have they had an independent security company test their security, product, infrastructure, and processes?

If their answer is yes, and it should be, ask if they’re willing to share the results of those assessments. What you want to learn here is the results of the assessments, any weaknesses that they demonstrated, and what the company has done to respond to those findings.

A few follow up questions to ask: If something goes wrong, and there’s a threat to security, when and how will the company notify you of an incident? How will they work with you to resolve it?
​

Was the service designed with security in mind?

When assessing SaaS companies, find out if the product was designed with security in mind, or if it’s a bolt-on. Look for software with security built in early on; otherwise, developers are spending their time plugging holes rather than building a great ship.

Find out if the software was designed with intrusion prevention built in and engineered with the ability to block malware from executing, or if there’s a third party control, or if it’s up to you as the customer to take on security controls. After market security is a risk you should think hard about. Giving third-party vendors access to your network and data can have weighty consequences.
​

Is there redundancy in their data recovery?

In addition to verifying transparency and data security, it’s critical to find out if there is redundancy in the SaaS company’s data recovery. Are there multiple paths to disaster recovery? Does the company have an API available for you to run your own backups? Will you have the ability to create your own backups on-demand or on schedule? In addition to your own backups, are there retention copies that the SaaS company makes on your behalf in case of disaster?
​

From Assessment to Purchase

The answers a company gives you to these questions, in addition to any specific requirements questions you have for them, will help give you a clearer picture of whether you would like to bring them under your IT umbrella and roll them out across your organization. Listen carefully, and make sure you really understand what it would mean to your company to rely on that SaaS vendor.

Source: Smartsheet Blog
​

    Author

    Writers and Bloggers from Smartsheet.

    Categories

    All
    2019
    360 Reviews
    Abacus
    Accelerate
    Accountability
    Accountabillity
    Administrative Control
    Adoption
    Agile
    Agility
    AI
    Alert
    Artificial Intelligence
    Asset Management
    Authentication
    Automation
    Automation In Workplace
    Autopsies
    AWS
    Barcode Inventory
    Better Communication
    Better Decision
    Borderless Team
    Bottom-Up
    Brainstorm
    Business
    Business Leaders
    Business Moves Fast
    Business Software
    Card View
    Chat
    Chatbot
    Chatflow
    CIO
    Clear Vision
    Cloud
    Collaboration
    Collaborative Work Management
    Comfort Zone
    Competitive Advantage
    Compliance
    Construction
    Converse.ai
    Creativity
    Critical Path
    Cross-functional
    Csuite
    CTO
    Customer Experience
    CWM
    Dashboard
    Data Control
    Data Privacy
    Data Security
    Data Visibility
    Decision Making
    Delegation
    Digital Technology
    Digital Transformation
    Direction
    Efficiency
    Email
    Employees
    Employee Spotlight
    Empower
    Engage
    Enterprise
    EVENT
    Flexible
    Future Of Work
    Gantt Chart
    GDPR
    Google
    Google Hangouts
    Google Maps
    Google Sheets
    Grow
    Hacker
    High Value Work
    Hours Saved
    HP
    Information Access
    Innovation
    Issue Tracker
    IT
    IT Team
    Kevin Carroll
    Killer App
    Location Capture
    Location Sharing
    Logged Locations
    Luca Pacioli
    Machine Learning
    Make Better Decisions
    Maximise Productivity
    Maximum Value
    Meeting Management
    Meetings
    Meltdown
    Messaging Integration
    Microsoft
    Microsoft 365 Tips
    Microsoft Excel
    Microsoft Teams
    Mobile
    Navigation
    New Interface
    Old Systems
    Onboarding
    Permissions
    Phishing
    Portals
    Portfolio Reporting
    Post-mortem
    Praerit Garg
    Productive
    Productivity
    Project Management
    Project Managers
    Project Tracking
    Quality
    Quantum
    Real Time Information
    Real-time Information
    Request Management
    Risk
    SAAS
    SaaS Adoption
    Scalable
    Scam
    SECURITY
    Security Control
    Silo
    Skype For Business
    Slack
    Smart Meeting
    Smartsheet
    Smartsheet Dashboard
    Smartsheet Mobile
    Smartsheet Portals
    SMARTSHEET TECHNICAL
    Spectre
    Speed
    Spoofing
    Spreadsheet
    Stay Connected
    Streamlined Processes
    Successful
    Teamwork
    Team Work
    Technology
    Time Saved
    Top-Down
    Track Submissions
    Transform
    Transparency
    Trust
    Upgrading
    Visibility
    Waterfall
    William Oughtred
    Work Anywhere
    Work Better
    Work Collaboration Platform
    Work Communications
    Work Execution Platform
    Workflows
    Workplace
    Workplace By Facebook
    Workplace Messaging
    Work Smart

    Archives

    December 2022
    November 2022
    October 2022
    February 2022
    October 2021
    September 2021
    July 2021
    May 2021
    December 2020
    October 2020
    July 2020
    November 2019
    September 2019
    July 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    August 2017

    RSS Feed

Malaysian accounting firm CKP improves both sales and productivity 30% by digitizing and automating with Smartsheet


Care line: +603-9212 0157

Leave us your inquiry

Contact us
Picture
Reach us via Whatsapp

Picture
Picture
57Network has been helping global companies in digitizing work management for greater transformation.
Copyright © 2022 57Network Consultancy Sdn. Bhd.
Company Registration number : 202001020346 (1376666-K) 
​(Formerly FIFTY SEVEN NETWORK since May 2015). All rights reserved.
 Privacy Policy ​ | ​Integrity Pledge | Site Map
Designed by 57 Web
  • About
    • VALUES & MISSION >
      • Integrity Declaration
      • PDPA
      • PDPA - Job Applicant
  • SMARTSHEET
    • Try Smartsheet For Free
    • BrandFolder >
      • BrandFolder + SMAR
    • Services >
      • Training For Success
      • Solution Building
      • Add-on Premium App >
        • Microsoft + Smartsheet
        • Docusign + Smartsheet
        • Dynamic View
    • Solutions >
      • Smartsheet For PMO >
        • Control Center
        • WorkApps
        • JIRA + Smartsheet
      • Smartsheet For Accounting Finance
      • Smartsheet For Legal Firm
      • Smartsheet For Marketing
      • Smartsheet For IT Operations
      • Smartsheet For Education
      • Smartsheet For Construction
      • Smartsheet For Healthcare
      • Smartsheet For Government
      • Smartsheet For Non-profit
      • Smartsheet For Software Development
      • Smartsheet For Sales
      • Smartsheet For IT PMO
      • Smartsheet For Professional Services
      • Smartsheet For Media Entertainment
      • Smartsheet For Telco
      • Smartsheet For SME
      • Smartsheet For Retail
      • Smartsheet For Energy and Utilities
      • Smartsheet For HR
      • Smartsheet For Tech Company
      • Smartsheet For Manufacturing
    • Customers Stories
    • Smartsheet Enquiry
  • Blog
  • CYBERSECURITY
    • Ransomware Mitigation
    • Prevent Email Fraud | Email Security
    • Installation Guide | Bitdefender Gravityzone
    • Patch Management
    • Nutanix Integration with Bitdefender Gravityzone
  • CONTACT US