Hidden risks of Software-As-A-Service

How many customers ask software-as-a-service vendors about the security of their code?

This past week is the first time, in the existance of VineHosting now a little over 1 year old, that a customer has asked about security within the TurnKey WEC installation we provide.

For many organizations outsourcing now has become synonymous with Software-As-A-Service.
Companies like – SalesForce.com, ADP, Intuit, Shelby, and others for a fee (generally expensive – but less expensive than doing it yourself) will help organizations trim down the fat off your business processes… Doing so however – may actually increase your risk of having your data exposed.

Many Churches and other ministries are unaware of the security concerns with posting user data online.
Such items as name, address, phone number are already available to the general marketplace – often for free via services such as Verizon’s Online phone directory called SuperPages, however private information such as prayer requests, financial data, health information (often hidden in prayer request postings) and other sensitive information is open to the world.

Generally for a church – their data is not on the radar of a hacker, however when it is placed online lumped together with a few hundered (sometimes thousands and thousands) of other clients data – It is Paramount we become concerned in regards to the aspects of Security.

The key difference here is within your own network – a church is able to take specific actions to reduce risk – such as installing an intrusion detection system, a firewall, password protecting data, placing important and sensitive information on entirely different subnets etc. When your data, or your entire system, is managed by someone else all you can do is make sure your provider is thinking hard about this issue.

It is suggested you make it a contractual obligation – however most will let you know they wish to be held harmless…

Dont worry – I’m sure your prayer requests, offering plate data, time sheets, hvac controls, parishoners data, 403b/401K, or whatever else you may be managing online with your Software-As-A-Service solution are fine…. or are they ?