Today, almost everyone uses photo or e-mail services, or online social networks. Commonly known as cloud computing, software as a service (SaaS) or on-demand software, this new trend is taking the enterprise IT environment by storm. Regardless of whether users are on business trips or in the office, they can access data and programs from almost any location – all they need is a Web browser. A particularly practical feature is that several users can work on one document at the same time.
The biggest advantage of on-demand software is that it is relatively inexpensive. Customers subscribe to only the applications that they really need and can cancel their subscriptions if their requirements change. But cloud computing saves time as well as money: Updates don’t have to be installed manually, but instead run automatically in the background.
And because processing power and memory are optimally distributed over the existing server structures, the capacities are better utilized, making cloud computing energy-efficient, too.
Data protection and security
From SAP Business ByDesign through Salesforce.com, an increasing number of software providers are offering SaaS products to their customers.
But despite the benefits of practicality and price, there are risks involved. All data – including customer data, sales transactions, and balance sheets – is stored externally in a cloud and, at least in theory, could be viewed by absolutely anybody. That’s why security standards have to be high. According to the World Wide Web Consortium (W3C) and OASIS, the international organization for Web standards, there are many standards for ensuring that Web services are secure. However, problems do arise in practice. For example, XML signatures are often misunderstood as being sufficient for secure communication, while cryptographic operations such as signatures and encryption suffer from performance problems. Furthermore, browser security mechanisms such as SSL/TLS protocol and same origin policy do not interact sufficiently.
The importance of certificates
With Business ByDesign, SAP adheres to strict security criteria. The software was awarded the SAS 70 Type II certificate, which entailed an independent commission of IT and business experts assessing logins, data transfer, and other operations over a period of three months. To retain the certificate, the test must be repeated every six months.
Microsoft also promises its customers high security levels. The on-demand platform Azure is adapted to the individual needs of customers. Microsoft lets its users decide for themselves whether they wish to run the platform in their own IT environment or to operate it through a hosting provider or at Microsoft.
DATEV – the IT service provider for tax advisors, auditors, and attorneys in Germany – makes its applications DATEV Unternehmen online, DATEVasp, and DATEVnet available through the Internet for accounting, human resources, and business consulting.
Not for all industries
Customers and service providers need to agree in advance about which data centers and server pools should be used to process and store the data. You should discuss the availability of connections, computer capacities, access rights, and authorizations.
When exchanging mission-critical data, absolute security must be guaranteed. It must also be possible to delete data permanently. Open interfaces leave you exposed to hackers, Trojan horses, and the like. By shifting data into a cloud, it becomes increasingly difficult to track down the time and place that IT services are used – and to establish the correct jurisdiction.
For organizations and persons that deal with sensitive and highly confidential data on a daily basis – such as doctors, attorneys, or insurance companies – cloud computing is not a realistic option.
Trust is good – but it’s not enough
If the servers are no longer in your own company basement but at your external service provider, a relationship of dependence develops between customer and provider. That’s why trust is a decisive factor for both parties. If you have an uneasy feeling about outsourcing your data, it’s best to think again. If you decide to opt for subscription-based software, you need to address the following questions before pressing ahead: How long are contracts valid for? What happens to your data if there is a change of provider? You should also clarify your broadband capacities in advance – because the best on-demand solution is precious little use if 50 employees have to share a 100 Mbit line.