Compliancy Is Key
Compliancy is key
First and foremost, no company should engage with a SAAS provider if they aren't certified as SAS 70-compliant, which is the professional standard that auditors use to assess internal controls.
Secondly, for those companies that will exchange monetary funds via SAAS applications, PCI Level One compliance should be considered the minimal accepted standard to ensure the validity and security of transactions.
To date, most SAAS providers do not have the infrastructure to guarantee 100 percent data protection. As such, businesses need to inquire about the data backup protocols and should only engage with providers that habitually back up data every 60 minutes.
By implementing this type of recurring data backup procedure, even the most devastating security breach will only net a loss of 60 minutes' or less worth of data. Of course, even losing 60 minutes' worth of data is frustrating-but it's much more manageable than having to re-create days, weeks or even months' worth of information.
Furthermore, SAAS providers should maintain a minimum of two geographically dispersed data centers. By doing so, they can better guarantee low latency for application performance, better protect data, and significantly enhance the speed of data recovery in the event of a disaster.