A security checklist for Saas apps
2017-12-17
Putting your clients’ security first
MSP’s have an obligation to their clients - not only to provide the best solutions they possibly can, but also to ensure that client security is always given the upmost importance.
SaaS apps are growing in popularity, but with this growth comes a whole new set of problems. It is vital that you are offering the same level – of not more – than your client’s in house security policy. The following will help you with regards to risk management and security policy:
If your application is not secure, your clients’ critical business information could potentially be exposed to hackers. Can you guarantee that your app is completely secure? It is all too common for some SaaS vendors to not instantly patch a flaw in their security. Make sur you’re not one of these! It is vital to be open and honest.
If your client is worried about the security of their business if they outsource any part of it to you, simply give them the following checklist which they can read through with you and make sure that you comply with everything on the list!
Give the following to your clients:
Review our service history through references or reviews and please feel free to ask them about our security, reliability, privacy and any vulnerability.
Ensure you are happy with the contract and that the security requirements are clearly detailed within this contract.
Ensure we have a mutually agreed service level agreement. We will ensure that we meet Six Sigma levels of service quality (this includes 99.9997% of security patches made within a certain number of hours, after public disclosure).
Check we have made no silent fixes to our service.
Insist that our own development process (for software) follows a vigorous life cycle including tollgates that check for secure coding.
Make sure you thoroughly examine our data recovery policies and find out how long before we retrieve your data if you decide to terminate the contract – you can also check how long it will take us to make it inaccessible online.
Make sure that your users are not the weak link if the critical security chain. Make sure you are clear about which browsers should be used for services and ensure that regular updates are undertaken.
We will never ask you for these, but make sure you never handover ownership of your domain names. You should also try to control domain access whenever you are worried about security breaches.
Security should never ever be compromised and as an MSPP, if you can put people’s minds at rest when it comes to security, you will find this is worth so much more.
If you would like any more information on how to maintain your security levels, please feel free to contact us for more information!