As mobility increases, so do cyber threats. Security is a top priority to protect systems, data and users. How do ISVs meet the challenge of balancing security and mobility?
To start with, there is a big difference in applications and their security. Software for companies with highly sensitive data must be protected unconditionally and never exposed to unauthorized persons. You might even opt for a closed network. But if your software is to attract global users with the best user experience, it must be just the opposite: open and easy to use.
The biggest cybersecurity challenge is not so much the technology that cloud providers and ISVs provide. It is people: up to 95% of cloud breaches are due to human error, according to Gartner. Humans are lazy. If it is too much trouble to access or use an application, we'll give up and look for other (usually less secure) ways. ISVs are increasingly taking this into account when designing apps, for example by extending their focus to include device and credential security.
Moreover, since the introduction of the GDPR, ISVs bear responsibility for the security of their customers' IP and data. If you do not manage this effectively, you could end up with serious fines of up to EUR 20 million or 4% of your annual turnover, depending on the severity. Not to mention the impact on reputation or business continuity.
Anyway, back to device security. No matter how secure your application is, if the employee's (BYOD) device is not secure, you and your customer are still easy prey for hackers. That's where endpoint protection comes in, ensuring devices can only access the network if they meet automatic, pre-defined checks.
Or the application of endpoint security policies, such as the encryption of corporate data downloaded onto private devices while leaving all other data untouched. Smart security procedures implemented under the bonnet, without inconvenience for the user.
Credentials is another headache issue. That is why ISVs, when building software, often consider allowing users to log in with external authentication providers (Google, Facebook, Amazon) with OAuth: the Open standard protocol for Authentication.
OAuth has two advantages: it is convenient for users and it shifts the complexities of managing the sign-in process and accompanying security onto a third party. Still, you must remain critical of what the big ones do with your (company-sensitive) data.
It is not easy for ISVs to properly balance security and usability. How mobile is the software? Does it need to be widely accessible anytime, anywhere on every device with greater challenges or is there a limited set of users in limited locations where security is more like the on-premises environment?
One thing is certain: software will become more mobile every day. ISVs know that security must be in line with this, but if there are too many obstacles, users will drop out. Then security is even further away.
SaaS offers ISVs plenty of opportunities to modernize their business, but also brings dilemmas when it comes to balancing security with other cloud characteristics. We at Insight have been working with partners like you across Europe for many years, providing valuable time, knowledge and support in many (hybrid) cloud scenarios.
Contact one of our cloud specialists to find out how we can support you in optimizing your cloud costs in line with your business goals, whether you are designing your first workloads in the cloud or work entirely cloud-based.
This article is part of a series of articles based on Microsoft’s WAF (Well-Architected Framework), where you find much more helpful guidance. WAF improves the quality of workloads operating in the cloud by focusing on a set of common architecture principles, including cost optimization, operational excellence, performance efficiency, reliability and security.
As a multi-vendor software licensing, workload and platform specialist, we can guide you through all stages of your strategic cloud journey with a series of workshops, assessments, services and best practices. From the first exploration of cloud or hybrid opportunities and benefits to support and optimization after migration. No matter where you are in your journey, we help you to find new ways forward and accelerate your business.