HW13: Chapter 17

17.10 Your company wishes to move from using desktop applications to accessing the same functionality remotely as services. Identify three risks that might arise and suggest how these risks may be reduced.

The first and most important risk I would consider if my company moved from using desktop applications to accessing the same functionality remotely as services is security. Transitioning to a software as a service (SaaS) model introduces a host of new security vulnerabilities. By using the cloud, the company transfers control of who has access to what data and at what level, which can result in data theft and loss. They also run the risk of encountering phishing or malware through the use of the internet. To combat the myriad of security risks associate with SaaS, the company should diligently research the service provider and, if possible, implement mechanisms on their side to add extra security layers. For example, they could choose an SaaS provider that can integrate with their enterprise and position behind their firewall of networks (2). Additional mechanisms could include security patches to the system or narrowed accessibility to certain features.

During the use of the software, the company would also risk extra costs both directly and associated with the time needed to transfer a large amount of data, such as video or high-quality images over the remote service. This is mentioned in Chapter 17 of the textbook on page 499. With the use of SaaS Data transfer takes place at network speeds, which may take extra time which in turn tries the company financially (time=money in any world, especially the software world!). Not only would this prove inconvenient, but the service provider could even charge directly by the amount of data transferred. To reduce these risks, the company should estimate how much money and time they will save by switching to using the software as a service. They should then compare this to the approximate time and money they would save by switching to a particular SaaS model. Money is saved, for example, by transferring the cost of software management to the provider. By weighing financial benefits against the aforementioned costs of SaaS, the company could make an informed decision about going with SaaS that would reduce the risk of a sticky situation.

The final risk associated with using software applications as services relates to the ramifications of terminating the contract if unsatisfied. The company will have little control of UI, feature, and even security measure changes made to the software by the service provider. All of these could be deal-breakers. Many times, the service needs to be paid upfront for a long period of time (1), meaning that the company would either lose money or need to stick with an unsatisfactory product for that time. Further, once the company does terminate its contract, it may prove difficult to obtain the data the service was storing and even more difficult to obtain it in a useful format, risking data loss. It seems this risk is best mitigated by reading the contract in full and contesting any issues to the service provider. Perhaps, it’s best to consider a company that has a short initial trial-period. The company should consider the scenario of needing to cancel the software and whether it could sustain its financial and structural impacts.

Sources: 1 - https://financesonline.com/10-saas-security-risks-concerns-every-user/ 2 - https://www.testcraft.io/saas-ultimately-safe/

• 2021 11
• 2020 22