11 Vital Security Questions for SaaS Vendors

online bot security

What’s one important security question I should ask a potential SaaS vendor?

The Young Entrepreneur Council (YEC) is an invite-only organization comprised of the world’s most promising young entrepreneurs. In partnership with Citi, YEC recently launched BusinessCollective, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses.

1. Do You Store Credit Card Information On Your Server?

Jonathan LongYou want to make sure that your credit card details aren’t being stored on the SaaS vendor’s server in addition to their credit card processor’s server. The card processing companies have proper security, and while not 100 percent safe (as evidenced by recent hacks), they are more secure than most vendor’s servers. There is no reason they should be storing card details in addition to the merchant.

– Jonathan Long, Market Domination Media

2. Do you have Two-Factor Authentication?

Tim MaliyilIn this day and age, a password cannot be the only protection a SaaS vendor gives you to protect access to your application. A security aware SaaS vendor will offer you the option to have two-factor authentication to access your application. That can be like the Google Authenticator integration you have with Amazon or an SMS code sent to your phone when you try to log in.

– Tim Maliyil, AlertBoot

3. Who Owns This Data if We Stop Using You as a Vendor?

Robby HillWhile it should be a given with all SaaS vendors that you as a client own the data, how valuable will that data be should you have to terminate this SaaS relationship? Inquire as to what it takes by cost, time and mechanism to access the data before you terminate your relationship with a SaaS provider. This ensures you have a firm understanding of what the end of the business relationship will be.

– Robby Hill, HillSouth

4. Is Your Platform Externally Audited?

Vik PatelThere are a number of external certifications that cloud vendors and other hosting providers can use: ISO 27001, SSAE 16 and PCI DSS certification are common examples. You can ask a vendor any security question you want, but the only real way to know you’re getting a honest response is if they have been audited by a trusted third party.

– Vik Patel, Future Hosting

5. Are you PCI-Level 1 compliant?

Noah GlassI’m amazed at how often major (sometimes public) companies let their guard down in working with SaaS commerce and payments companies that are processing personally identifiable information (PII) and financial information for their end-user customers. PCI-Level 1 compliance is a rigorous process to ensure that sensitive information is treated with the utmost care.

– Noah Glass, Olo

6. How Do You Prevent Breaches, and How Do You React to Them?

Jason LaAsk a potential vendor about the timing and details of its recovery procedure. If there is a breach in the system or some other issue that puts your data at risk, you need to know how the vendor will keep your data secure, recover any lost data and how much time it will take to restore service.

– Jason Thanh La, Merchant Service Group, LLC & K5 Ventures

7. Have You Ever Had a Security Breach?

Ashu DubeyAsking them to detail you on their history of security breaches will give you a good indication of their security. This also gives the vendor an opportunity to explain any corrective measure they have taken to ensure breaches do not occur in the future.

– Ashu Dubey, 12 Labs

8. Can You Tell Me About Your Company’s Physical Security?

dave-nevogtEncryption and data security are important, but you also want to know about the vendor’s physical security at their office and server location, and how often they’re audited. Follow up by asking what prevents an insider at the firm from downloading all your data onto a USB stick and walking away. Physical security often gets overlooked, which is why it’s a key weakness of many SaaS firms. ICORP security services have been providing organizations with a professional security guards and other protection services.

– Dave Nevogt, Hubstaff.com

9. Does Your Company Have a Dedicated Security Team?

Miles JenningsBefore working with a new SaaS vendor, it’s important to look into what kind of security personnel they have on hand. Although it is not required for the vendor to have a full security department or a large security staff, it is good to know what kind of staff are available for any questions and emergencies that may come up.

– Miles Jennings, Recruiter.com

10. Do You Provide Transport Layer Security (TLS)?

Blair ThomasWith data leaks at an all time high, SSL isn’t providing the same level of security it once was. SaaS providers need to ensure their users’ data is secure, and that they minimize the risk of their — or their customers’ — information becoming compromised.

– Blair Thomas, EMerchantBroker

11. What Is Your Technology Stack?

Mattan GriffelSome technology stacks are more vulnerable than others. Are they built in .NET, Java, Node.js, PHP or others? Do the research to find out how up-to-date they keep their code and how frequently they apply patches, as older code is much more susceptible to vulnerability and attack. BuiltWith.com is one possible tool for figuring out what kind of tech stack your SaaS vendor uses.

– Mattan Griffel, One Month

Share the Post:
Share on facebook
Share on twitter
Share on linkedin


The Latest

6 Tips for Setting Up a Decentralized Exchange

6 Tips for Setting Up a Decentralized Exchange

There’s no doubt that cryptocurrency is a complex and divisive topic in the modern financial landscape. There are those who are convinced that it’s nothing more than a bubble, but both who are well-informed are able to see the ways in which cryptocurrency can help them both build their fortune

user experience with someone on their phone

5 Ways to Improve Your Customers’ User Experience

They say you can’t judge a book by its cover, but just because they say that doesn’t mean it’s true. Consider how often you choose one sort of product over another just because it appeals to you. Then think about how often you’ve stopped using something because, simply put, it

How to Manage Your Finances after Buying a Home

How to Manage Your Finances after Buying a Home

Buying a home is a milestone in the journey of life – it’s one way to invest your money and create lasting memories. Now you know everything about a home purchase, home mortgage, and what is a conventional 97 loan but do you know what’s next after you sign the

Windows Logging is one of the vital aspects of any Windows system administration. However, it is mostly overlooked until the system develops a problem. This is because logs contain important information needed to troubleshoot and resolve system issues.

The Fundamentals of Windows Logging

Windows Logging is one of the vital aspects of any Windows system administration. However, it is mostly overlooked until the system develops a problem. This is because logs contain important information needed to troubleshoot and resolve system issues. Without it, tech experts might find it difficult to track a computer’s

Interstitial Ads: Best Practices for Successful Campaigns

Interstitial Ads: Best Practices for Successful Campaigns

Interstitial Ads: Best Practices for Successful Campaigns Interstitial ads are full-screen advertisements that appear to grasp the attention of on-site prospects, creating opportunities for brands seeking effective ways to communicate their proposition of value. With such an attention-grabbing format and high-impact visuals, it’s no wonder why interstitial advertising is proving