As hybrid work models and digitalisation continue to shape the future of work, more businesses are adopting software-as-a-service (SaaS) tools to facilitate collaboration, engagement, and the scaling up of self-service options for the workforce.
This in turn, creates a security risk that organisations need to address, said Albert Liew, Managing Director, Singapore and Indochina, BIPO.
Speaking with HRM Asia, he explained, “As large amounts of sensitive data can be accessed from any smart device by many users, this poses a risk to privacy and sensitive information, including vulnerability to new malware and phishing attacks. The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.”
With SaaS programmes being hosted on the cloud, one of the most prevalent causes of security lapses is the recycling of passwords and having them saved to systems. To mitigate the risk of account takeovers, a robust cloud applications security strategy needs to be supplemented with the education of end-users.
“As a guide, ensure that passwords are regularly updated, and multi-factor authentication is enabled. In addition, businesses can minimise security breaches by implementing SaaS security tools and a selection of options to mitigate such risks,” Liew added.
“The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.” – Albert Liew, Managing Director, Singapore and Indochina, BIPO
He recommended that organisations that host their SaaS applications on public cloud infrastructures consider reliable and reputable third-party vendors such as Amazon Web Services (AWS) and Alibaba Cloud, which are well-regarded for their computing, storage and content processing capabilities, as well as robust practices that safeguard the security of their platforms.
With cyber threats becoming increasingly sophisticated and targeted, servers hosting SaaS applications should also be regularly reviewed and patches applied against new vulnerabilities.
SaaS security for Business 4.0
With organisations operating in a rapidly evolving VUCA environment, it is imperative that they think of SaaS security as an integral part of the business that enables teams to perform optimally.
Liew highlighted, “This starts with fundamentals such as having a robust IT security policy in place. Such policies need to address the changing global business landscape where remote work is now the new norm. It is crucial to regularly update such policies, ensuring they are aligned with the evolving digital landscape.”
In a recent white paper published by BIPO, the HR service provider identified some of the key practices organisations should deploy when it comes to SaaS security. These include:
1) Creating a cloud applications security strategy.
2) Enabling multi-factor authentication to ensure a safeguard against compromised credentials.
3) Implementing endpoint security considerations where access from devices such as smartphones, tablets, desktops, laptops and other mediums must be controlled to prevent misuse of SaaS and data loss prevention (DLP).
4) Ensuring ongoing training and education at all levels within the organisation, including the understanding of SaaS usage and security. Prevention through education is often the most effective way to prevent breaches.
When these safety practices have been established, organisations can then turn their attention to the selection of a SaaS solution. “Consider the scalability and integration of the solution with other systems such as CRM, finance, ERP and so on,” Liew advised. “Increasingly, we have seen applicant tracking systems and e-learning platforms integrate with existing HR management systems to complement the evolving needs of HR and the business.”
Due to the pandemic, solutions such as BIPO’s Safe Entry platform have also gained popularity, as organisations increasingly look to integrate contactless door access with facial recognition capabilities, as well as with payroll and attendance applications.
Liew continued, “Similarly, performance management and e-learning platforms are on the rise as remote work continues. Given the shift in work patterns, businesses are now more vested in utilising digital tools to enhance the employee experience, particularly during the appraisal and performance management process.”
As users look to access SaaS platforms from home and on smart devices, offering flexibility is also key, he added, noting how there has been a growing interest in mobile apps where employees can easily navigate and complete tasks with just a few clicks.
Finally, but perhaps most importantly, examine the security certifications, policies and compliance of the SaaS provider, as Liew explained, “At the most basic level, certifications should include ISO-27001 Information Security Management, SOC-1/2 as this would mean that the platform has undergone strict audit control measures.”
BIPO’s HR Management System (HRMS) is ISO-27001 certified and offers businesses the agility of a cloud-based SaaS solution from pre-boarding to off-boarding.
Compliant with labour laws and designed to meet the needs of Business 4.0, BIPO HRMS features cutting-edge technology and supports all aspects of HR functions, from personnel, payroll, leave management, attendance and expense management, to performance management.
Allowing organisations to integrate employee records and attendance with BIPO HRMS and payroll functions, the BIPO Safe Entry is a touch-free door access system that features AI facial recognition and contactless temperature scanning. “This reduces errors and optimises business efficiency, enabling HR teams to focus on strategic HR functions,” Liew concluded.
Click here to find out more about how your organisation can benefit from deploying SaaS technologies.
First published in HRM Asia on 13 July 2021
