Data Security
Should the SaaS provider have authentication vulnerabilities or compromised administrator accounts, giving access to any of the virtual machines running on the same physical host, all customers would be exposed to a potential data breach or ransomware attack. Ensuring your SaaS solutions are independently audited and certified to meet security standards such as SOC 2 Type 2 and ISO 27001 is good practice, but it is no guarantee your data is protected. Last year, for example, despite having SOC 2 Type 2 and ISO 27001 certification, Kaseya, a SaaS-based, provider of remote-monitoring and management tools for handling networks and endpoints, was the victim of one of the largest supply-chain ransomware attacks with the average cost of remediating an attack reaching $1.85 million in 2021. The attackers exploited an authentication vulnerability that enabled them to compromise Kaseya’s auto-update function and maliciously push the ransomware onto Kaseya’s customers, not only affecting their customers, but also their customers’ clients’ systems.
Innovation Restraints
A SaaS provider may have the features and functionality to meet your short-term needs, but will the provider be able to meet your needs in the future? Do you even know what your information governance needs will be in the future? If you foresee the need for a single, information governance program to automatically manage all your unstructured and structured data enterprise-wide, then having an information management and archiving solution that can scale to meet those needs is important. Keep in mind, SaaS providers need to weigh the needs of all their customers collectively. If you have unique information governance requirements, requirements that may give your organization a strategic advantage, chances are your SaaS provider won’t be able to meet them.
A PaaS model can also reduce application development, deployment, and maintenance costs, as well as eliminate on-premises infrastructure costs, but it gives you complete control over your cloud environment in which you, or your partners, can develop, manage and deliver information management and archiving solutions to meet your specific needs.
Our PaaS platform is highly scalable and secure; built to quickly process large data volumes (PBs) for better e-discovery, onboarding and information management, no matter how many users or workloads. All data is stored in its native format so there is no vendor lock-in. Like SaaS, our solutions are subscription based, but you have much more control over cost and performance. You only pay for what you use and, since the platform is not shared, you will never need to worry about tenant workload interference or trusting the security practices of your vendor. Archive360 enables you to implement a true Zero-Trust security model: it’s your data, in your cloud, under your control. Our Security Gateway solution provides far greater control over data security than SaaS solutions by:
- Encrypting your data on-premises before moving it to the cloud.
- Storing your private/public keys separately – on-premises/in your cloud tenant.
- Using unique encryption keys and data classification to apply fine-grained access control to specific sensitive words or characters sets within a file as well as the file’s metadata through masking, anonymization, or redaction.
At Archive360 we believe in interoperability, innovation, and choice. That’s why all our solutions are based on open source and open standards. We adhere to standards guided by organizations that are open, fair, and transparent to ensure our solutions are interoperable with other leading solutions. We base our software development methodology on the open exchange of ideas, open participation, rapid prototyping, and open governance and transparency so you can keep up with the latest technology and trends. And by combining open source and open standards we give you the flexibility to make innovative choices that can grow your business.
