SaaS Clients and Providers Rethinking Data Security after NSA Leaks

In his role as vice president of finance and corporate controller at Talari Networks in San Jose, California, Robert Colaizzi relies on his Software as a Service (SaaS) expertise to support business processes such as sales forecasting and financial reporting. Now that companies are more aware of the potential for their data to be viewed by the government, SaaS experts like Robert Colaizzi are being challenged to rethink some business practices to ensure that their data security needs are met.

Despite the fact that many SaaS and cloud computing providers have asserted that they do not allow the National Security Agency or other organizations direct access to their databases, recent events have shown that government agencies have the ability to access more data than previously thought. Federal authorities also can demand data access and place businesses under gag orders so that their clients are unaware that their data has been compromised.

To start to address the problem, many IT experts have recommended that businesses categorize their data files into high, medium, and low sensitivity groupings. Those files that are labeled low sensitivity can be stored in a third-party cloud, while high-sensitivity data should be encrypted and stored on local servers to reduce the possibility of a data breach. Fortunately, most SaaS applications can be designed to work across a variety of data access paths.