BYOD Security: Open access SaaS for Workplace Collaboration
Companies that experiment with the burgeoning "bring your own device" or BYOD philosophy are engaged in a constant struggle to find the balance between security and connectivity. In order for employees to collaborate and connect, they must be granted access to remote, cloud-based networks through their own mobile devices. As noted in a recent industry publication, this multi-pronged access means that businesses "must now rely not only on the security of their own infrastructures, but also of employees' mobile devices, cloud providers and 'downstream' entities such as Internet service providers, registrars and business partners."
Defined as a "delivery method that provides access to software and its functions remotely as a Web-based service," software as a service or SaaS is a key lynchpin in the foundation of many BYOD workplaces. Because they are the first and best line of defense for a BYOD organization's security, SaaS providers must also be experts at a second kind of SaaS storage as a service. The client business is not only accessing software provided and maintained by the SaaS host, but it is also trusting the sensitive data that passes through that software to the SaaS firm. Therefore, to establish a BYOD initiative that is as secure as it is accessible, the client business must start by partnering with a stellar SaaS provider.
Pros and Cons of SaaS
BYOD increases the area of potential attacks by opening up the business's network to Internet-exposed cloud applications. With that in mind, there are several benefits and drawbacks to SaaS. Unlike licensed and purchased software, remotely hosted software is always up to date. Seats can constantly be added or removed, and functions and applications can always be upgraded. SaaS provides unlimited mobility from remote locations for as many employees as are needed. Finally, there is essentially zero tech debt and your company doesn't need to own, maintain or secure servers or databanks, install or repair hardware or hire a dedicated IT team.
The drawbacks, however, are that update control is no longer in your hands. Also, a reliable Web connection is an absolute must without it, even the SaaS provider's service team won't be able to help you. Customization can be difficult if your provider offers just one version of their software to everyone. In that situation, large numbers of clients would need to request a change for a change to be implemented.
If a business decides to opt out of self management and trust their security to an SaaS provider, experts conclude that the provider should do the following and do it at least as well as the client business could on its own:
- Store their data in SSAE16 data centers
- Contract audits from independent third parties
- Implement biometric safeguards
- Hire 24/7 staffed security and foot patrols
- Implement environmental controls
- Implement advanced firewalls
- Establish protocols for backups and redundancies
SaaS provides a practical alternative for entities that don't realistically have the resources or staff to implement their own network of hardware, security, infrastructure and IT all of which is necessary for a BYOD enterprise. As employees seek greater mobility and greater leeway to work on their own devices and on their own time and businesses must keep up with the increased security demands that BYOD requires. Too much security, and the fluidity of BYOD is suffocated. Too much open access, and sensitive data can easily be compromised. For many businesses, SaaS has proven to be a stable bridge between the two necessities of security and access.