Cloud computing has given rise to a new paradigm of software application development. It provides the users with on-demand access to reconfigurable computational resources that can be provisioned rapidly with minimal manual intervention, giving users the power to develop any type of software application. Cloud computing is an amalgamation of various technologies such as virtualization, web services, inexpensive hardware and multi-tenancy. Organizations often move data to the cloud from their own data centers and vice versa. The movement of critical and sensitive data is often a cause of concern for organizations. The various models provided by the cloud service providers are interdependent and a security breach in one layer, like Platform as a Service (PaaS), will affect both Software as a Service (SaaS) and Infrastructure as a Service (IaaS) models.
Software as a Service (SaaS) is a licensing and delivery model in which software is licensed on a subscription basis. In the Software as a Service (SaaS) service model, it is the responsibility of the service provider to assess the security risk and protect the data in the cloud. This responsibility is shouldered by the service provider due to the nature of abstraction of the service layers and minimal freedom provided to the customer within this service model. Some commonly used applications under the Software as a Service (SaaS) model are emails, customer relationship management (CRM) software and environment relationship management (ERM) software. Loopholes in the web application implementation can create a security threat where the hackers can compromise the end user computer and gain access to critical data. Leveraging multi-tenancy for efficient use of resources by running the same application code between different clients not only limits scalability, but also poses a security threat from the data shared among multiple tenants. This mandates certain security protocols to keep the data secure from various tenants logging on to the same platform. In some Software as a Service (SaaS) models, the service provider can make available to each customer a customized instance of the software or give unique users different instances of the application. The data in this type of software deployment is more secure compared to the traditional Software as a Service (SaaS) models.
In conclusion, the service provider is responsible for security of data stored (often in plain text) in the cloud in the software as a service (SaaS) model. They are also held responsible when the data backup is outsourced to third party vendors, which can cause potential data breaches. While the ease of data access is clear advantage in this model, data integrity and security can be compromised due to proximity hackers and public computer networks. Hence, it is imperative for the cloud service providers to identify various possible vulnerabilities and mitigate them to ensure the security of the data in the cloud.