Rationale and context
Basically, Software-as-a-Service (SaaS) encompasses a subscription-based licensing of software systems and subsequent delivery over the internet. It is based on a centrally-hosted or cloud-based software model, whereby users access SaaS using internet-connected thin clients and personal devices via supported web browsers (Thibiti ). SaaS solutions have become very popular among small and medium businesses (SMBs) and multinational corporations for application across business functions such as back office operations, human resources management, finance and accounting, communications and collaboration, Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), and sales and marketing. SaaS enables business functions while assuring on-demand or reliable, scalable, highly available, and cost-effective services. In addition, organizations that adopt the SaaS model do not have to apply regular software updates and implementation, integration, and maintenance hassles that would otherwise constitute another cost factor (Thibiti ). Therefore, there is a growing trend in adoption of SaaS-based applications across organizations to derive the benefits associated with this cloud-based service model. Nevertheless, SaaS is commonly delivered via the public cloud model, which attracts immense information security risks.The fact that customer data is stored on the SaaS provider infrastructure implies an obvious information security issue. While remote system access and administration enable improved levels of convenience and cost cuts, they are another SaaS security risk that ought to be prevented or mitigated (As’habi, Vafabakh&Borji 2016). Therefore, it is important to carry out this research in order to establish a deeper understanding into security weaknesses and vulnerabilities facing the promising SaaS-based applications in addition to potential countermeasures that may be adopted by vendors and organizational consumers to uphold the confidentiality, integrity, and availability of confidential/sensitive business information. Rationale and context
The study will involve SaaS users (as respondents) drawn from a number of organizations that have adopted some form of SaaS enterprise application such as accounting, supply chain management (SCM), CRM, human resource management, or sales management. In this context of organizations that are SaaS consumers, there are better chances of obtaining valuable real-world perspectives regarding the research topic (enterprise SaaS security risks and potential countermeasures) as the basis of primary data for this study. Rationale and context
Existing literature indicates that there are considerable information security challenges facing SaaS providers and consumers in the course of the delivery and usage of cloud-based software solutions. This comes at a time when consumers are becoming increasingly concerned with potential security and privacy breaches to their confidential and/or sensitive information in the hands of third-parties whose actual location cannot be explicitly ascertained (Thibiti ; Thibiti ). Consequently, the aim of this research is to develop a comprehensive understanding into SaaS security risks to consumers’ information confidentiality, integrity, and availability and into potential countermeasures. The findings will be critical to providing recommendations to SaaS providers and consumers for creation of a rock-solid and comprehensive SaaS security strategy for improved confidentiality, integrity, and availability of the consumers’ information resources in the current era of increasingly growing cloud-related security vulnerabilities and threats. Rationale and context
- What are the security risks and potential defence strategies in relation to the SaaS cloud service model in organizations?
- What are the security risks facing the confidentiality, integrity, and availability of consumers’ information resources hosted in SaaS cloud environments in addition to potential countermeasures over the last five years?
- To what extents can the identified countermeasures help eliminate, prevent, or mitigate the SaaS security risks in relation to information confidentiality, integrity, and availability in order to determine and cater for the potential residual risk?
- Which SaaS security strategy can SaaS service providers and consumers adopt to uphold the confidentiality, integrity, and availability of consumers’ information resources (both at-rest and in-transit)? Rationale and context
Proposed research methodology
Qualitative and quantitative research methods will be simultaneously used in this study, implying a mixed-method approach to primary data collection. The mixed- method research is an approach that stands to lead to collection of adequate amounts of qualitative and quantitative primary data; it assures realization of broader perspectives into the research topic. In addition, theapproach has been credited with the benefit of reduced potential bias because it allows for validation of subjective-prone qualitative data through statistics arrived at quantitatively. However, mixed-method comes with the following major disadvantages: considerable effort, cost, and time requirements; and potential confusion when working with huge volumes of primary data(Creswell & Clark 2011). As a countermeasure, questionnaires will be administered to 60 respondents, out of which only 15 will be requested to take part in the semi-structured interviews. This way, there are chances that it will be possible to save on research time and effort. Rationale and context
Through random sampling, 60 organization SaaS users will be recruited as respondents to this study with the expectation that the sample will attract at least 90% in guaranteed response rate. As such, it is expected that aadequately reliable sample will be arrived at for completeness of the target primary data. According to Creswell and Clark (2011), random sampling represents a obvious challenge to proper representation of huge populations, but it overcomes the problem of systematic bias. Systematic bias is eliminated by guaranteeing all persons that qualify to be respondents an equal opportunity of participation, leading to an unbiased representative study sample.
Data Collection and analysis
A systematic literature review drawn from publications greatlyfacilitates convenient research without the need to conduct intensive empirical studies studies that require huge resourcing (in terms of costs, time and personal effort) (Shields &Rangarajan 2013). Moreover, literature review supports detailed investigations into situations or fields that may be intrinsically illegal and/or unethical (for example, areas faced by privacy or confidentiality infringement risks, financial losses, and legal liabilities). However, the approach grooms biased or subjective deductions (Yin 2009). Rationale and context
Potential value of this research
According to Li, Zhang & Fang (2014) there exist a real security challenge to SaaS providers and consumers. Li, Zhang & Fang (2014) claims that SaaS consumers are at risk of losing privacy to third parties involved in the provision of the service. Consumers can also lose privacy and other essential data incase of a security compromise from attackers and hackers. Li, Zhang & Fang (2014) also states that the SaaS providers risk losing customers and hence business incase of such security compromises. Due to the magnitude of the damage of the possible damage emanating from the security issues associated with SaaS, Li, Zhang & Fang (2014) postulates a comprehensive analysis of the possible risks to the service providers and holistic formulation of the counter measures. Rationale and context
The research,‘enterprise SaaS security risks and potential countermeasures’ will be aimed at creating an understanding of security issues associated with enterprise SaaS. The study is expected to assist consumers and SaaS providers to identify potential security risks and be able to avoid them. SaaS providers and consumers will also be able to identify proper counter measures just incase of an attack using the study. One of the specific areas that the study will be able to assist consumers is the handling of crucial information such as passwords and usernames in order to avoid malicious threats such as phishing and other forms of Trojan horses program(Li, Zhang & Fang 2014). The study will also assist SaaS providers and consumers to develop a working relationship, which can help in easy identification of attacks and hence come with quick ways of responding(Li, Zhang & Fang 2014). From the research, SaaS consumers will be able to establish trustworthy providers to trust with confidential information. Various data security strategies will also be comprehensively covered in the study, which can help SaaS providers avoid attackers, crackers, and hackers and other sources of threats. Rationale and context
Li, B, Zhang, H & Fang, Y 2014, “Research on the Key Technologies of SaaS Information Security”, in , Applied Mechanics and Materials, vol. 687-691, pp. 1860-1863.