In response to one of our recent posts, Rick Georges listed some specific concerns about the use of web applications. He posted some very good concerns about web-based practice management which are important for Software as a Service (SaaS) vendors to address. If you are in the market for software and are exploring a web-based solution, these are questions you may want to find out from your provider.
“What guarantees are there for the financial viability and succession of web businesses?”
That depends on the individual solution provider in question. In our case, we are private company with the good fortune to have strong financial backing. In general, Software as a Service vendors benefit from a strong business model of monthly recurring revenue which builds over time. This model gives SaaS vendors a more dependable income stream than traditional license-based software companies.
Of course, there always is the risk that any company, SaaS or not, could go belly up. Prospective SaaS customers should ascertain that they will be able to get their data out of the solution. Fortunately, there are a number of standardized formats, such as vCard for contacts, and iCalendar for Calendar information, that allow you to move data from application to application. XML is also commonly used to export data, as is the case with 37 Signals’ Basecamp. Your data can be retrieved from us upon your request in these standardized formats.
“If I have my data locally, its security is my problem. If you have it, to whom do I complain if it is compromised? Are you saying that online banking is completely safe? What about the customers of online access services whose information has been compromised?“
Security is a very serious issue in the practice of law. Confidentiality is key. The security measures we included in Rocket Matter are comprehensive. Every request is encrypted with 128-bit secure SSL, the same encryption used by many major banks and financial institutions. Passwords are hashed (stored in an encrypted format) and known only by you. Threat Modeling, which is the practice of identifying and countering attacks, is a fundamental part of our development process. There are a host of other security measures we have taken to lock down and isolate a firm’s data, and will be conducting ongoing audits with independent security specialist firms.
You should be aware that there is risk to any system and should base your business decisions accordingly. The odds of your data being compromised from a well-designed web-based application are lower than less sophisticated security breaches, such as data being physically stolen from your premises. Consider that if you do not take appropriate security precautions, whether on a server in a remote location or in your office, a computer can be vulnerable to attack. Another thing to think about, especially when running Windows machines, is maintaining up-to-date security patches.
Not all web applications are created equal, unfortunately. Ultimately, it is up to the consumer to ask questions to find out how seriously the software firm considers security. A responsible SaaS firm will incorporate security design as a fundamental part of their design process. They should be able to answer your questions about security, and specifically, have answers about data isolation, encryption, and threat modeling.
4 Comments
And just how safe are an office full of file cabinets and a plate glass window. Seriously, security is only as good as the one who implements and uses it right. And you need to make sure the SaaS who is providing you with your web based application is serious about it too. It appears that Rocket Matters is just that.
Actually, Grant, any data stored in my own computer, and backed up redundantly, is going to be safer, because I control it. If my data is stored at a remote server, good luck getting it back. I agree that the user must be responsible for his own security. I just trust myself to care more about my data than somebody I have never met, or don’t know, who stores my data in a remote location. Trust, but verify.
Rick, control of the data is a separate issue from how safe the data is.
You might have more control, but it’s not safer.
Okay, Rick, but it’s a matter of theoretical versus actual. How many people, really, get around to doing correct, regular backups, and then store them offsite to be safe from physical damage, etc. Practically no one, I’ll bet.
It’s not just a matter of caring. I care a lot about some things on my home computer, for example, but given everything I’ve got going on, I struggle to do regular, proper backups.
Any decent Web-based provider is far more likely to do a good job of this than the average user (which you seem not to be) who lacks some combination of awareness, know how or time.
If it’s a trust issue, then you have to spend a little time on due diligence. But again, it’s a matter of versus what? Compared to no backups or inadequate ones, which I’ll bet is what at least 75% of the population has, SaaS is far superior, I believe.