When Saugatuck Technology surveyed more than 700 business management, finance and IT executives about the  business benefits they expected from adopting SaaS offerings, the top three were simplifying software management, reducing capital and/or operating costs, and improving internal and external collaboration, selected respectively by 30%, 29% and 23% of the respondents. From previous posts you can see how the first two can be realized. I’ll address the third in a later post.

Turning to another 2010 survey, this one by Forrester Research, the top three concerns about adopting SaaS offerings were security (40%), integration challenges with other applications (32%), and total cost of ownership (30%). Security is a big one. Doctors take the Hippocratic oath that starts, “First, do no harm.” If finance and IT professionals took an oath, it would probably start, “First, keep the data out of harm’s way.” After over 30 years in the accounting field and on the application implementation and support side, I understand your caution. But I want to ask you two questions: How much security can you afford to deploy? Where do your greatest security risks come from?

First, how much security can you afford to deploy? Unlike the Fortune 100, most midmarket and smaller enterprises cannot afford to staff up with three shifts of network security admins, monitoring the network perimeter 24/7/365 to detect and prevent attempted penetrations, for example.  And that is only one component of a complete security system. Other components include encryption and hardened systems, disaster recovery hot sites, automated upgrades, and audited security practices.

Cloud vendors are likely to have such Fortune 100 class data centers, and you should certainly ask them to prove it. One of the great services that the AICPA provides with its CPA2Biz program is that it rigorously evaluates the security operations of the cloud application vendors it accepts as Trusted Business Solutions providers.

Second, where do your greatest risks to data security come from? The Microsoft Security Intelligence Report revisits this question twice a year. If you want to test your tolerance for a DIY approach to security, this is a great place to start. I prefer to quote from Dan Druker’s summary:

“According to Microsoft, the largest single category of security incidents in 2010 – just like they are in every other year – involve stolen equipment, with 30.6 percent of the total. Negligence and improper disposal of business records make up the bulk of the rest. This matches my real world experience – think how many times every day that someone has a laptop, hard drive, USB stick or CD ROM stolen with valuable, proprietary or confidential information stored on it.

So what does this mean for cloud computing ?

It shows how cloud computing is inherently more secure than on-premises software.

In the cloud computing world, information is never stored on your servers or laptops or hard drives or CD ROMs where it can eventually be misplaced or stolen,” Druker concludes. Instead data is stored in a Fortune 100 class data center, and on the way to and from your web browser, your data is encrypted.

Tell us about your security issues and concerns using the comment tool. And please share this blogpost via Facebook (Like button), Twitter Retweet, bookmarking or emailing to a colleague.