Data Breaches On the Rise: Bad News for SaaS

One of the toughest stories to sell mainstream consumers when attempting to convince them that software as a service (SaaS) is a better way to get their software is that their data will be secure. The cloud does go down, and it’s hard for people not used to trusting that their data will be safe when stored somewhere else to believe that everything they put into the system will stay secure.

In my experience, arguments that a lot of their vital data (health records, bank records, etc.) is already stored on a server somewhere, or that because most users don’t have a local backup strategy their data might be better off in the cloud, generally fall on deaf ears. Even though most mainstream users have probably run into a computing disaster at some point due to a failed hard drive or virus, right or wrong, it still feels more secure to store your data locally, where you can keep an eye on it.

That’s why studies like the one that security analyst Jon Oltsik of Enterprise Strategy Group reported today on CNET are so potentially damaging to the adoption of software as a service apps by the mainstream. Oltsik found in his November 2008 survey of 179 North American-based security professionals, that over half reported a security breach over the past 12 months. In firms of 1,000 to 5,000 employees, that number was 61%, and even in large firms over 5,000 employees, data was compromised at least once over the past 12 months at nearly 50% of them.

According to Oltsik, these numbers are actually higher than they were between 2005 and 2007. “Armed with data from several years of surveys, I think it is safe to assume that things are getting worse, not better,” he writes.

The types of data breaches that Oltsik is talking about are not necessarily the type that would put customer data stored via SaaS applications at risk. However, selling the mainstream on the benefits of software as a service is a perception game, and the perception will be that if data breaches are on the rise, your data might also be insecure. Therefore, it’s better off keeping it stored locally.

A few months ago we wrote that there was a need for desktop access for RIAs because that would help transition mainstream users from desktop to web apps, because multitasking in the browser is shoddy at best, and because desktop synchronization gives you access to your important data when the cloud goes down. That’s still true, but desktop access doesn’t protect your data from prying eyes.

Selling the mainstream on the benefits of SaaS will be an uphill battle if the public perception is that data security is lax.

Win an Annual Membership to Learnable,

SitePoint's Learning Platform

  • ZenPsycho

    “Selling the mainstream on the benefits of SaaS will be an uphill battle if the public perception is that data security is lax. ”

    and why are we so sure that this is a righteous battle? Is it really a battle worth fighting? My feeling is that a better battle would be to find ways to let SaaS users save their data on their own computer, just like a desktop application would. The primary advantage of SaaS is zero installation, instant boot. Cloud based storage only has limited practical applications, and it’s not great for everything. I’m not convinced that it’s worth trusting.

  • jonathansnook

    What certainly doesn’t help the cause are services like Magnolia that end up dying because of poor backup strategies. Or what about the slew of services that have decided to just close shop? This is becoming more common. Having the ability to store in the cloud and locally is an important factor in all of this.

  • http://reboltutorial.com reboltutorial

    Well, I wonder why we are always talking about perception instead of thruth. The truth is : with former NSA darpa project, governement wants to spy citizens (Obama won’t change a thing since it is the administtration who “advises” him like neofacist brzezinski who has same kind of idea than Dick Cheney).

    All these articles have an aim: concentrate the data into Big Brother Firms that Gov will have the rights to buy by law.

  • http://www.studio-gecko.com/ XLCowBoy

    Cloud storage was basically the IT equivalent of putting your money in a bank. When everybody thinks your stuff is insured/guaranteed, it’s fine. But as the recent events have shown, that’s not actually the case, and due to the current “trust nobody” atmosphere, it will be even harder for ordinary users to trust something without a legal guarantee: cloud storage.