May 19 2015
Cloud

The Most Important Questions to Ask Potential SaaS Providers

A university IT expert explains how to find the best Software as a Service provider for higher ed’s unique data security needs.
Meg Conlan-Donnelly
by

Meg was an editor for the CDW family of technology magazine websites.

Much like a marriage, a successful partnership between a university and a Software as a Service (SaaS) provider starts with courtship.

In CDW’s free, recorded webinar “Keeping Up with the Cloud,” expert Jeff Giacobbe stresses the importance of finding the right match. As Montclair State University’s associate vice president of enterprise technology services, Giacobbe helped migrate 20,000 student email accounts and the institution’s learning management system to the cloud.

He says the university used a vendor-vetting checklist to facilitate the process.

“It’s really just a questionnaire that asks what their internal policies are, how they’re going to be handling our data, what they do for security, what they’ve done in terms of regulatory compliance,” Giacobbe says.

But the six-part document is much more than that. It takes a comprehensive look at everything from day-to-day procedures to third-party providers, physical facilities and, most important, protection.

Click here to download the SaaS checklist:

It begins by asking whether the vendor follows a well-documented, regularly updated security policy. It also covers physical and information security controls, authorization procedures for data center facility access, active and passive data storage protection, and even environmental controls such as fire suppression systems.

To address business continuity concerns, vendors must provide details on primary and secondary sites, data backup and disaster recovery procedures, and the length of time needed to restore service in the event of an interruption.

The document also helps users scrutinize the vendor’s compliance with regulations related to health and student education records, plus financial info and credit card transactions.

Giacobbe calls the questionnaire a “litmus test” that gives IT staff a way to narrow down potential suitors.

“We can get it back from the vendor and say, alright, we’re pretty confident that they know what they’re doing, or they have no idea what we’re asking or why we’re asking these questions,” Giacobbe says.

If the vendor’s answers leave IT heads with cold feet, it might be best to look elsewhere, he warns.

Peshkova/Thinkstock

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now