A recurring question about on-demand applications is security. Is it really safe to upload my enterprise data online? Do I still have full control over my data? We never worked with online application before so we are not so confident… When it comes to security, the list of users’ concerns can get long. However, one should also consider security from different angles to make the best choice.

Security is a fair concern in the online world
With the fast growth of online application and on-demand services, it is only fair that one wonders what type of security an Application Service Provider (ASP) puts in place. Usually you will find different levels of security (software, hardware, network). Depending on the plan you subscribe to, on-demand applications provide session-based connections (authenticated user) and encrypted communications (https), among other things.

Do onto others as you would want done unto yourself
Security is very often high on the list when selecting an on-demand provider. When asked, IT staff can come up with the most extensive requirement list. In fact, I would argue that when consulted about an on-demand application, IT staff and engineers will raise security concerns nine times out of ten. Why? Because they are the experts, it keeps the discussion in their comfort zone, and it is a buzz word that gets CEOs, CFOs, and CTOs attention. Of course, consider what they have to say but realize they may not be seeing the big picture. IT is here to support the current business, not to discourage its development.

The on-demand myth is gone… welcome to business reality
Five years ago I would have had a hard time to make my point… But thanks to Salesforce, the on-demand flagship company, this is pretty easy. Salesforce is the leader of on-demand CRM solutions. Over ten years, they convinced over 100000 companies to move and manage their customer data online! They have over one million registered users with renowned clients such as Dell and Cisco using over ten thousand seats each! Securely.

So you outsource your software development… securely?
When outsourcing, what insurance do you have that the code remains inaccessible to the outside world? Not much. You could sign an NDA on oDesk, but how will you litigate if something goes wrong? You have probably never meet the outsourced team personally. Since the outsourcing partner relies on your business, they have an interest is making sure nothing goes wrong. Yet, that’s not very secure, how can you be sure? Are you their only client? These are troubling questions (at least for me). In this case, encrypted communications do not help.

Secure but… socially vulnerable
IMHO, companies spend too much time looking at their software providers security features and not enough defining and reinforcing their own security policy. If you think that your data is more secure on a LAN, consider these scenarios:

1. The software engineer copies some files on a memory stick that he leaves next to his home computer. At his next party, a guest uses his computer to check the road traffic. And he finds… the memory stick. Bingo!
2. You hire a freelance developer to help with your next strategic software release. The consultant leaves your company at the end of his six months contract… and goes to work for your competitor. Ouch!
3. A software startup hires a freelance technical writer to do their documentation. Once he collected all the design documents, the technical writer develops the documentation remotely. His home is broken into and his unlocked computer stolen. Can you be sure the thief wasn’t after the data?

The enemy of your enemy is your best friend!
What’s the worst thing that could happen to an on-demand service provider? Being hijacked by hackers and loosing client data. The ASP business relies on providing a secure and reliable online space. Information travels fast on the Internet, sometimes too fast… So be re-insured that on-demand application providers are as worried about their security as you are… even more!

In short, when it comes to selecting an on-demand service provider, security is a fair concern. Though valid and pertinent, the security question should not turn into a sword of Damocles to the detriment of your business. Too often, companies focus on a small aspect of security and neglect other security threats such as social attacks. On-demand software providers such as Salesforce showed that this model was secure and viable. So why wait any more, start taking advantage of the flexible, reliable, inexpensive on-demand model, before your competitors do.