The myths and realities of hosted applications
By Andrew Buss & Dale Vile
Many companies could do much better when it comes to in-house security
Many companies implement security reasonably well, but there is a widespread gap in the tools and
policies they have in place with the result being that their security capability is some way off where
they would like it to be. Additionally, there is a significant risk of data loss through end user devices
and services, which is amplified by a general lack of attention to security by the workforce.
SaaS adoption is limited currently, but there is increasing interest from the business
SaaS is not yet part of the mainstream, but interest is increasing. While it might be expected that
demand is driven by individuals or departments, the biggest driver in fact is felt to come from
business leaders as well as senior IT management. This demand means that IT departments will
increasingly be under pressure to consider and deploy SaaS as part of the service delivery portfolio.
The biggest impediment to SaaS adoption is a perception of security issues
There is a widespread belief that SaaS represents a considerable step backwards in security and
privacy in comparison to on-premise capabilities, and that this is a sufficient reason not to adopt
SaaS. Additionally, SaaS providers are seen by the respondents as broadly similar when it comes
to security and privacy regardless of their actual capabilities.
Companies with experience of SaaS are positive about provider security
There is an understandable attitude amongst those companies that have limited or no experience of
SaaS that what is new or unknown represents a risk. However, when it comes to companies that
use SaaS extensively, most view provider security as either equal to, or better than, their onpremise
capabilities. This changes the outlook completely, with security moving from being a
blocker of SaaS to being a potential driver of adoption.
SaaS is likely to help with shortcomings of on-premise security capabilities
Given the security gap that exists for many companies, which is especially marked for departmental
and collaboration applications, SaaS can help to raise the overall level of security. But it needs to be
evaluated impartially using the same criteria as on-premise solutions since providers differ with
regard to capability, culture, service and cost.