Software as a service security may seem like something that’s just a self-affirmed given. The fact that SaaS abates piracy by its design is one of the very big contributors, along with cross platform nature, to its rise of popularity and increasing adoption in recent years.
Unfortunately, there are some software as a service security issues to be considered, just as with anything. No safe is impossible to crack, and that includes SaaS. With that in mind, let’s look at a few SaaS security issues that must be taken rather seriously.
Note that not all of these are traditional security risks, but all of them have negative ramifications upon your business and ergo upon your customers by proxy.
First is the concern of fraud. This is a problem with the freemium model especially. Often, free accounts will have a limited time, so that customers may experience the full benefits of the paid service, to reduce the need for incentivizing conversion. This is all well and good, but there’s a problem here.
Customers will often get new email addresses to keep using the free accounts once one expires. This is a common problem on the internet, and one that has no pretty solution. As of the current time, the only completely effective solution is to require CC numbers in order to sign up, which reduces the number of free accounts a user can spam.
This of course has ramifications, as many customers will be unwilling to give this information out. Greater is the problem that many people are becoming aware of the trap that is the credit card concept, so many people choose to simply not have them.
While this freemium model is great for its reduction of overhead and easier incentivizing of customer conversion, maybe it’s best to leave it alone until a better solution for this fraud is addressed.
Second is a more traditional security issue, that of user management. Multiple users who use the same computers but different accounts need discreet separation so that information and account security are not compromised.
The only real solution to ensure this in a fool proof manner is to have logins expire, which unfortunately means that users will be annoyed by the occasional need to log back in if they sit idle for any length of time. This is another one with no pretty solution, as mac address filtering is the only other choice, preventing multiple accounts from the same machine. Perhaps adopting a platform with some kind of less obtrusive repeat validation is a better option. Some programmers need to get on this right away.
Lastly, there is the matter of validation for login in and of itself. Software as a service security relies on some tropes used by many online interfaces to do this, and the truth is, they don’t always work. There are the traditional methods of two personal questions, captcha systems and the like, but they seldom work because web forms within browsers retain this information.
Captchas are pretty fool proof in this regard due to their turn over, but everyone, everyone hates these things and they honestly need to go away. A better solution for the captchas and validation may in fact be some unique pattern interface unique to the user. This is being tested for unlocking mobile phones to some success at this point already.
These are the biggest concerns in software as a service security, as things like phishing and hacking are pretty hard to accomplish these days, but just because these are less dramatic, don’t underestimate the severity of them.