SaaS (Hosted) ERP: How Safe is Your Data?

Mark Canes

The trend towards SaaS (software as a service) / Cloud Computing / hosted software continues, although in the ERP and Accounting software space, it's an evolution rather than a revolution. In dealing with smaller owner-managed companies, I note that one of the ongoing reservations that business owners have about going the SaaS route is the whereabouts of their key business data.

Sometimes its the geographic location of the data - such as the concern that if data is physically located in a different company, it may be subject to laws of access different from those in your own country - the very legitimate fear that a foreign government may be able to legislate its way into your confidential business information. But more commonly, the concern relates to not having the data in their own building. and not knowing where it is.

In a typical SaaS implementation, the data is housed inside a very secure data center, usually employing multiple levels of firewall and up to date security, whereas most smaller businesses have network and server infrastructure that is much more vulnerable to hackers. Additionally, the odds of someone breaking into the average small business and stealing the actual server (or storage array) are much better than getting into a secure data center. So realistically (for the most part) your data is actually much safer and more secure in a cloud computing environment than in-house.

However, there is a question around backup strategy in the hosted environment. This post was inspired by a story I heard last week (not sure how true it is, but it could happen): a company provides SaaS using a 3rd party data center, but managing their own equipment in the data center. All is very secure and safe. However, the company's strategy for off-site backup of client files in the data center is to back it up onto removable media and store than removable media at an employee's house. What this means is that someone who breaks into that house, presumably less secure than a data center, might walk away with the business data of multiple companies on transportable magnetic media. (Now of course the same often applies non-hosted situations with off-site backups.)

My opinion on this is that, if your data is in a secure and credible data center, and the offsite backup plan involves multiple-encryption and / or equally secure offsite backup locations, then there is no way that your data is less secure in the hosted (SaaS) arena than it would be on your own premises - in fact the opposite is much more likely.