Thales Blog

SaaS IT Security Resolutions

January 14, 2016

3 SaaS new years resolutionsHappy New Year from all of us here at Vormetric! We hope your year is off to a happy, healthy and secure start. And as we contemplate the year to come, it’s only natural to reflect on the year gone by.

2015 was marked by an explosion of software as a service (SaaS) offerings. In fact, according to the 2015 Vormetric Insider Threat Report, we found that 80% of enterprises are leveraging SaaS, with 60% of enterprises globally also storing sensitive data within SaaS environments.

ClickToTweet: 3 SaaS Security New Year's Resolutions from@cjrad

In perhaps the biggest development this year in the world of SaaS security, Salesforce made a splash with the announcement of Salesforce Shield. This new set of tools includes a strong set of data security features targeted directly at the needs of their enterprise customers. With this recent announcement, Salesforce has set a very high expectation, one that enterprises will be requiring as a capability from all of their SaaS vendors. If you didn’t get a chance to review my blog post on this topic, you can find it here.

In a recent blog post, my colleague, Alan Kessler – CEO, president and fearless leader of Vormetric – enumerated his New Year’s resolutions for IT security. In the spirit of the New Year, I’ve compiled my own 2016 IT security resolutions – tailored specifically for SaaS providers.

Resolution #1 – Tailor Security to Business Needs

For any organization developing its IT security strategy, it is imperative to keep your specific business needs in mind. The same is true for SaaS providers. For example, SaaS providers focusing on the healthcare or financial services industries will likely require higher levels of control around their customer’s data. By evolving their security posture to protect against more threats, SaaS companies can ensure their customers’ data is protected within their environment – and protected to the level that is appropriate for their customers’ business needs.

By tailoring SaaS vendors’ approach to customers’ specific security demands and business models, not only can SaaS providers ensure their customers’ most critical data is kept safe, but also likely ‘unlock’ revenue opportunities with existing customers and prospects.

Resolution #2 – Get Smart about Data Security Legislation

Last year, one of the most notable and longest-standing data privacy agreements was overturned by the European Union. The agreement – dubbed “Safe Harbor” – was a treaty between the EU and the U.S. government, which allowed any U.S. entity complying with its data security requirements to be certified. Once certified, these entities were permitted to process personal data which had been transferred from Europe.

The overturning of this agreement has created major challenges for multinational organizations that transfer personal information from Europe to the U.S. as part of their business, including SaaS providers who operate at a global scale. SaaS providers who want to expand on an international level will need to get smart about past, current and possible future changes in data security legislation in order to maintain compliance and grow their business.

Resolution #3 – Keep Compliance in Mind

More than ever, enterprises who consume SaaS are evaluating SaaS vendors to determine whether or not they are in compliance with their own policies for securing and protecting data. A SaaS offering represents an extension of an enterprises’ IT environment. And for SaaS providers to increase their footprint in the enterprise, they must address enterprise requirements for security, data protection and data management. More specifically, SaaS companies need to provide higher levels of protection and greater visibility and transparency to their customers on how their data is protected.

In addition to internal security policies, enterprises may also ensure their SaaS vendor is in compliance with various government agency mandates (pick your favorite). While companies can and should go above and beyond compliance to protect their data (compliance does not equal security, after all), regulatory compliance is a necessary consideration – especially for SaaS vendors who wish to do business with enterprises that operate under these government agency mandates.


While there are many unknowns in the year to come, I encourage SaaS vendors – and indeed all organizations – to be resolute in making data security a top priority in 2016.

Do you have questions? Perhaps other resolutions to add to the list? Feel free to leave a comment below, or tweet me @cjrad.