Data Breaches On the Rise: Bad News for SaaS

Josh Catone
Josh Catone

One of the toughest stories to sell mainstream consumers when attempting to convince them that software as a service (SaaS) is a better way to get their software is that their data will be secure. The cloud does go down, and it’s hard for people not used to trusting that their data will be safe when stored somewhere else to believe that everything they put into the system will stay secure.

In my experience, arguments that a lot of their vital data (health records, bank records, etc.) is already stored on a server somewhere, or that because most users don’t have a local backup strategy their data might be better off in the cloud, generally fall on deaf ears. Even though most mainstream users have probably run into a computing disaster at some point due to a failed hard drive or virus, right or wrong, it still feels more secure to store your data locally, where you can keep an eye on it.

That’s why studies like the one that security analyst Jon Oltsik of Enterprise Strategy Group reported today on CNET are so potentially damaging to the adoption of software as a service apps by the mainstream. Oltsik found in his November 2008 survey of 179 North American-based security professionals, that over half reported a security breach over the past 12 months. In firms of 1,000 to 5,000 employees, that number was 61%, and even in large firms over 5,000 employees, data was compromised at least once over the past 12 months at nearly 50% of them.

According to Oltsik, these numbers are actually higher than they were between 2005 and 2007. “Armed with data from several years of surveys, I think it is safe to assume that things are getting worse, not better,” he writes.

The types of data breaches that Oltsik is talking about are not necessarily the type that would put customer data stored via SaaS applications at risk. However, selling the mainstream on the benefits of software as a service is a perception game, and the perception will be that if data breaches are on the rise, your data might also be insecure. Therefore, it’s better off keeping it stored locally.

A few months ago we wrote that there was a need for desktop access for RIAs because that would help transition mainstream users from desktop to web apps, because multitasking in the browser is shoddy at best, and because desktop synchronization gives you access to your important data when the cloud goes down. That’s still true, but desktop access doesn’t protect your data from prying eyes.

Selling the mainstream on the benefits of SaaS will be an uphill battle if the public perception is that data security is lax.