Problems in corporate use of SAAS

    So, succumbing to newfangled trends, small and large companies begin, who are timid, who quickly and decisively subscribe to a variety of services.

    Initial euphoria and “Wow!” - the effect goes away.


    And on weekdays we get problems that we didn’t really think about before ...

    From our experience, a typical set of a certain abstract company consists of applications from the following groups:
    • postal service
    • CRM
    • accounting
    • workflow
    • communication (voice and video conferencing)
    • subscription antivirus
    • corporate knowledge base (repository of instructions, manuals)

    Uses such services usually from 12 or more full-time employees.

    1. Head - House of Soviets



    Each employee now needs to invent and remember from 3x to 7i (according to the number of services in the company) new, multi-character and unique passwords. And then change them regularly.

    Most obviously, no one will. Employees are more likely to write down all the passwords on the sticker and stick them on the monitor or come up with one simple password for all services.
    As a result, the lack of security of company corporate data.

    Can everyone remember different long meaningless character sets?

    2. Wait! Who goes?



    Since accounts for public services are outside the control of the company, anyone who has somehow obtained the password of your employee can access corporate information. If you return to the problem number 1 - then you understand that this is done simply by elementary methods of "social" engineering.

    A good solution is to apply the principles of two-factor authentication on services - when, in addition to the password, a person needs to confirm his persona with some other personal technical device.
    Most popular ways:
    • one-time codes sent to a person’s personal mobile phone via SMS
    • one-time codes on personal electronic key chains
    • one-time codes on mobile devices
    • one-time codes on scratch cards
    • use of certificates on electronic tokens

    However, there are too few services that use two-factor authentication !

    3. Don’t go there! You come here!



    Another problem due to the fact that you do not control services is that you cannot restrict access to corporate information to your employees in time and space.
    One side:
    • great flexibility in the work of employees!
    • office ceases to be a cage!
    • You can do your job while in an Internet cafe on the other side of the planet!

    And if your employee has been stolen a password or his laptop? And now on the other side of the planet is an attacker!
    The ability to use external services anywhere turns into a problem.

    Is this exactly your accountant made the payment?

    4. One of Shiva’s hands



    And someone will now have to add new employees to all of the many corporate services.
    And then, when dismissing employees, one must not forget to delete or suspend his account in an external service.
    Otherwise, data loss may occur.
    Those. numerous day-to-day routines.

    Such an awkward moment when you did not manage to delete the employee’s account in the document management service and the projects of your contracts went to the competitors.

    5. Shiva's other hand



    Many medium and large companies already manage their employees through Active Directory or LDAP.
    But rare public services are able to synchronize their information field with corporate directories on the fly.

    Now you have to duplicate everything manually in EVERY (!) New service.

    Do you use the services of the “end-to-end” Windows authentication technology that you purchased , in which the user only needs to log in to the Windows domain?

    No Windows Authentication!

    6. All sisters by earrings



    If the company has long grown, has an extensive structure of branches or large divisions, then sometimes the need arises:
    • purchase services centrally
    • distribute services across different divisions
    • transfer the distribution of accounts to services under the control of division administrators

    In this situation, the corporate IT service has additional difficulties.

    - Delegation ??!
    - No, not heard.


    7. My yours do not understand!



    Any working company over time acquires a certain layer of its own information, both structured and not.
    However, when using several services from different suppliers, we get a situation where the same information requires multiple manual duplication.
    If necessary, make changes to previously created information objects, it is also necessary to manually make changes in all applications.
    Actual examples:
    • Addresses and bank details of your partners or a list of commodity nomenclature. They need to be duplicated, both in the accounting system and in CRM.
    • Contracts agreed and recorded in the EDMS are also most likely to be duplicated in CRM.


    As a result, we have a situation where one information system cannot understand data from another system without additional tricks or manual labor.



    We saw and experienced all these problems during our 3 years of work in the Softcloud.ru project.
    And as a result of discussions, the requirements for a new SAAS tool were born, which will provide an opportunity:
    • use the ideology of a single entry point ( SSO )
    • have but not remember many long and complex passwords
    • use multi-factor authentication in the form:
      • one-time personal codes transmitted as SMS
      • one-time personal codes transmitted via e-mail
      • application of electronic USB tokens
    • work with both desktop computers and personal mobile devices
    • control the place and time of use of corporate services
    • work in a single point of account administration
    • use Windows authentication in external services
    • manage subscriptions to external services from one point
    • provide delegated service management
    • provide reporting on the use of all services by your employees
    • Combine existing applications into a single directory so that users can read their descriptions in one place and compare declared features
    • in the future, to ensure the synchronization of given information between various services
    • use the tool in both public and private mode (Public / Private Cloud)


    PS I am taking it out of comments - we started implementing all these ideas in the ez-login.com

    PPS project . Subsequent publications - How we did SaaS: the practice of building a cloud product using the example of EZ-Login:
    Part 1. About analytics

    Also popular now: