804-931-1158 info@dunlaplawplc.com

Subscribe to our YouTube channel

Tricia Dunlap, Esq.

~3-4 minute read

5 Tips To Secure Your Data: Security For SaaS Applications

Let’s talk about security for SaaS applications and its role in choosing a SaaS vendor. This is part two of a three part series on choosing a SaaS vendor because it’s fairly complicated. If you haven’t read part one, I highly recommend that because I talk about the four principles that every business should adopt as they prepare to have good cyber security practices and those principles will help you have your data privacy protocols in place before you start looking for SaaS vendors.

In this post I’m giving you five tips on how to take a long list of potential vendors and narrow that down to a short list.

1. Publicly Available Data Privacy Policies

First of all, any vendor that does not have a publicly available and easily found document that explains their data privacy and cyber security practices should be off your list right from the get go. This is one of the most prominent things in security for SaaS applications. They should have a white paper or at least a dedicated page on their website where they talk about their cyber security practices and explain what their data privacy rules are as well.

2. Compliant with 3rd Party Certifications

Any vendor that is compliant with some third party standards and certifications should probably go to your short list. These are certifications such as SOC 2 or ISO/IEC compliance. These are standards that have been set by third parties that have rigorous protocols around cyber security. So if you have a vendor that has SOC 2 compliance or they’re ISO/IEC compliant, they’re probably bragging about it because that’s not easy…  and they should be bragging about it.

3. Search for Past Breaches

Do a search online for every vendor and use some keywords around data privacy incidents or cyber security breaches. It’s just good to check the news reports and see if there has been
any reported incident in the last couple of years with that company.

4. Trust Your Intuition

Trust your intuition. If you’re using a platform as a trial, before you fully commit to it, step back and think about how intrusive the platform has been in the way it is collecting your own data. If that platform feels a little too intrusive, then they’re probably collecting more data than they actually need for their legitimate purpose and you might want to rethink using that vendor.

5. Check If They Have Data Privacy Professionals

Does the vendor have data privacy and security professionals on staff? Do they have engineers on their software engineering team, with specialties in data privacy and cyber security? This is an indication that they are including privacy by design principles into the core make up of their software and their engineering. Privacy by design is a way to bake privacy principles into a product or service from its very inception, and that’s important.

These are five tips to inspect security for SaaS applications, narrow the field, and shorten that list of potential vendors. In part 3 of this series I’ll give you three tips on how to do a deeper due diligence on each of them. If you want legal counsel from Dunlap Law, please schedule a call with us and we would love to help you with your data privacy and other business law needs.

Make sure to subscribe to our YouTube channel so you can see new videos on data privacy, security for SaaS applications, and other business law topics! Also, like us on Facebook and LinkedIn. Share this post if it helped you and check out our other posts.