| In one of the other articles on SaaS, Business | | | | simple terms, it is about data separation and |
| Applications, SaaS and SMB Market, we proposed | | | | application separation. In this article, we shall focus |
| that SaaS will be a mass enabler for SMB (small | | | | on data security and privacy. There are multiple |
| and medium business) market. In order to provide | | | | mechanisms, which can be used to ensure data |
| effective SaaS solutions for enabling multi-tenant | | | | separation so that a client does not get access to |
| systems, it is imperative that the key issues of | | | | another client's data on the same SaaS solution. |
| data security and privacy are addressed. | | | | 1. Database Separation: This solution provides a |
| It is important to acknowledge and identify that | | | | very high level of data privacy as a separate |
| the requirements, sensitivity to data security and | | | | database is allocated to each customer. This |
| privacy; and pricing levels demand different levels | | | | comes at a higher cost due to licensing and |
| of SaaS enabling. There may be an application | | | | operational cost on the SaaS vendor side. |
| that can share the same database among | | | | 2. Schema/Table Separation: This solution provides |
| different clients as the application itself is not core | | | | a medium level of data privacy as separate tables |
| to the company and data does not demand the | | | | are assigned to each customer. |
| highest level of data security. On the other hand, | | | | 3. Data Separation: This solution provides the |
| there may be an application that requires data | | | | lowest level of data privacy as same tables are |
| encryption along with separate and dedicated | | | | used to store customer data. |
| database as the application data demands highest | | | | 4. Data Encryption: Data encryption can be used |
| level of data security. | | | | to provide a very high level of data privacy to |
| Let's look at different levels of SaaS ennoblement | | | | customer data. Data encryption can be used with |
| for business applications. The SaaS solution | | | | any of the above solutions. Typically data |
| enables a multi-tenant system that can be used | | | | encryption is done using symmetric encryption |
| by multiple clients. The solution enables a secure | | | | with algorithms like AES (Advanced Encryption |
| and trusted environment where clients can | | | | Standard). |
| execute business processes with complete | | | | One should carefully evaluate application |
| confidence. | | | | requirements and risk profile to identify the |
| The critical aspect of multi-tenancy solution is data | | | | appropriate level of data separation. |
| security & privacy and application security. In | | | | |