The biggest commitment a company makes, and correspondingly, the biggest risk a company takes when opting for a SAAS intranet/extranet solution provider is to entrust them with important company data. All data and information flows reside on the solution provider’s servers.

Leaving nothing to chance, we would like to be triply assured that the sanctity of our data will be preserved and there are no risks of it being lost or falling into wrong hands. It therefore makes sense to put in some time to research this aspect of a solution provider. One needs to go through the following checklist of things:

What safety features does the provider have?

Data encryption was the practice followed by warring sides during WW2 to protect the secrecy of their messages. It is now used by most companies follow to protect the integrity of their clients’ information. Encryption is the process of coding information so that it is unreadable by anybody but those who have the key. There are different types of encryption, each of which is associated with a different level of security. DES is one level, which was previously used extensively but is now known to have vulnerabilities. 128 bit encryption is offered by companies offering top notch security.

Password protection is another important facet of security. What is the strength of the software to withstand manual and automated attempts to hack your password and access your information? The ability of the system to accurately detect a hacking attempt and lock up in time is important.

Data Backup

In extreme cases of system breakdown caused by a facility fire, natural disaster or technical glitch etc, it is important that your data is frequently and adequately backed up and not stored at a single facility.

Certain factors are to be considered in backup practices. The first is the frequency of backups. With long gaps, there is a possibility of data being lost in intermittent periods. Secondly, what are the security arrangements at the facilities where your data resides? Is it manned and guarded? What other systems are in place to protect the data? Is there a good firewall? Protection against virus attacks? What procedures are in place for disaster management? All this requires research, the extensiveness of which depends on the sensitivity of our data.

Track Record

As with company background, a little research on the security track record makes sense. Has the company ever been vulnerable to attacks before? What were the losses? How did the company react? How many years has the company had a good record. New companies will most likely have a clean record, but that isn’t necessarily indicative of good security practices.

The Server System

The server system where the sensitive data actually lies is very important. Is it state-of-the-art? Is it in step with the latest in the market?

The server infrastructure could be owned by the software provider themselves or outsourced to a dedicated company providing hosting solutions. Outsourced hosting is a good thing because dedicated hosting companies have extensive expertise and infrastructure for protecting data, often handling critical data of Fortune 500 companies. This frees up the software provider to concentrate on the software itself.

The company might not have an elaborate setup at all, running the software and processing data through computers set up in the garage somewhere acting as servers. This should get your alarm bells ringing!