Data Security Solutions for Software as a Service (SaaS)

SaaS Providers

Cloud Security Responsibilities

If you hold anyone's sensitive data, you're partially responsible for it. You face compliance mandates for data protection such as PCI-DSS, HIPAA, GDPR, CCPA, and state data breach notification laws.

Your Customers and Prospects Have the Questions

You're likely to be handed the Cloud Security Alliance Consensus Assessment Initiative Questionnaire, or CAIQ, which includes queries such as:

• Do you have procedures in place to protect against unauthorized access to system resources?
• Do you have platform and data appropriate encryption that uses open/validated formats and standard algorithms?
• Are your encryption keys maintained by the cloud consumer or a trusted key management provider?
• Do you support secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data as determined by the tenant?

You Need to Have the Security Solutions

Avoid breach notifications and have the SaaS security solutions your customer and prospects require to meet their policy and compliance needs.

SaaS Consumers

Questions you need to ask:

• Does any data you are uploading to your SaaS provider include personally-identifiable information (PII)?
• Are you in an industry with data security mandate for which compliance extends to SaaS applications?
• Is your data being encrypted?
• Do you control the encryption keys?
• Do you know what questions to ask SaaS providers about data security?

Even if your SaaS provider has assured you that they are encrypting your data, here are a few critical questions you still need to ask:

• Is there a unique encryption key per customer? 
• Do you have key management procedures? Is there risk of key loss?
• Can I control the keys to my data?

These questions represent security best practices. Please refer to the Cloud Security Alliance Cloud Controls Matrix.

Data Compliance in SaaS Environments

It’s easy to forget that you are ultimately responsible for ensuring compliance with data privacy and protection mandates, regardless of data location. So when you consider SaaS solutions, make sure your SaaS provider offers the same controls you employ in your own data centers. If your SaaS provider cannot, find one who can.

Industry Best Practice Resources for learning about SaaS data security

Don't just take our word regarding best practices for data security and key management for Cloud and SaaS. Join the Cloud Security Alliance LinkedIn Group. Please refer to the Cloud Security Alliance Cloud Controls Matrix. Give your SaaS providers the Cloud Security Alliance Consensus Assessment Initiative Questionnaire so that you can consistently compare SaaS provider security offerings.

Thales helps SaaS organizations move past silos of encryption and crypto management solutions to attain central and uniform deployments of data security solutions and prepare your organization for the next security challenge and new compliance requirements at the lowest TCO.

• CipherTrust Data Security Platform
  Discover, protect and control your organization’s sensitive data anywhere with next-generation unified data protection
   
• CipherTrust Cloud Key Management
  Centralized lifecycle management for BYOK, HYOK and cloud native encryption keys
   
• CipherTrust Enterprise Key Management
  Streamline and strengthen encryption key management on-premises or in the cloud
   
• CipherTrust Transparent Encryption
  Advanced data-at-rest encryption, access control and data access audit logging
   
• CipherTrust Tokenization
  Tokenize sensitive data, vaulted or vaultless
   
• CipherTrust Application Data Protection
  Data protection for DevOps and DevSecOps
   
• Thales High Speed Encryption
  Network independent data-in-motion encryption (Layers 2, 3 and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back
   
• Data Protection on Demand
  A cloud-based platform providing a wide range of cloud HSM and key management services through a simple online marketplace
   
• Luna Hardware Security Modules (HSMs)
  Safeguard your sensitive data with Thales HSMs – the foundation of digital trust

For both SaaS providers and enterprise SaaS consumers, Thales Data Security products and offerings deliver value to you and your customers, and help accelerate SaaS revenue growth.

Peace of Mind

Thales solutions help deliver Peace of Mind. As a SaaS consumer, selecting the right SaaS providers who protect and give you control of your data, gives you the assurance you need to sleep well at night. As a SaaS provider, you want your customers to have full confidence in your data protection offerings.

Compliance

Thales solutions help both SaaS providers and consumers on regulatory compliance with the relevant Data Security, Cloud Security, Data Privacy and Data Sovereignty regulatory frameworks. 

Control

Leveraging Thales solutions, SaaS providers can enable SaaS consumers to be in control of their data in SaaS clouds.

Efficiency and Operational Resilience

Thales solutions help achieve operational efficiencies by automating SaaS data protection lifecycle management, via a common set of APIs across clouds and a user-friendly interface with a single pane of glass view.

Multi Cloud & Hybrid Cloud Support

Leveraging Thales solutions, both SaaS providers and consumer can maximize their Choice of Cloud. And choose deployment of SaaS data security solutions across any combination of public clouds or private/on-prem infrastructure, as well as hybrid deployment scenarios.

Click-and-Deploy Data Security

Thales solutions help enable convenient deployment of best-in-class encryption and key management services — making security simpler, more cost effective, and easier to manage.