Heat but no light, SaaS security questions
Things have got excitable if not exciting in the world of SaaS finance applications recently.
It would be easy to join in with some cheap shots at Duane Jackson, who after all has previously used security issues with Sage’s entry level Sage Live product to generate free publicity. Wouldn’t be fair though.
First the issue reported by Dennis Howlett is actually very different, as it is really a feature choice (and yes I do know that security is a fundamental aspect of a software application’s architecture) not a flaw as such.
Secondly the guys at Accounting Web have apparently checked (haven’t they noticed the sun has been out this week) how much has been written about it and, at more then 12 000 words, too much has already been said about an issue which just isn’t core to the customers that Kashflow target.
SaaS does raise questions. Security is one of them. It is appropriate to ask who can access your data, but actually it’s far more pertinent to ask whether secure (as in continuing) access to your own data given all likely futures for your SaaS supplier. Sorry, aside over.
The real issue though, is that (some of) the SaaS boys (and yes it does seem to be gender specific!), are more interested in the whys and wherefores of SaaS in the abstract than what it actually does for the customer.
Kashflow is the result of a whole series of compromises. Duane Jackson’s fortunes will wax or wane according to how well those compromises match his target audience needs (and the success or otherwise of his trumpet blowing). That’s as it should be. Dennis Howlett’s invective is entertaining, but ultimately empty.
I could go further. Risk and security are not cost free. It’s easy to promote a stance that more security and less risk is better, but it’s far more complex than that. Who in business wants to be frightened and risk adverse?