SaaS To The Rescue - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service
News
5/15/2008
01:45 PM
50%
50%

SaaS To The Rescue

On-demand software changed the Humane Society's IT strategy for the better. Can it do the same for your organization?

When I joined the Humane Society of the United States in mid-2005, our new CEO, Wayne Pacelle, had just begun a vigorous acceleration of programs and fund raising for animal advocacy. Since then, revenue has jumped significantly, and so have requirements for IT to support new initiatives. This is a happy situation for any CIO, and one in which SaaS has helped us rapidly implement new applications.

Fund raising stimulated our first encounter with SaaS. Many contributions are made via credit card, and a major requirement for organizations processing credit cards is compliance with the Payment Card Industry Data Security Standard, or PCI. Compliance requires, among other mandates, that merchants maintain a secure network, encrypt stored cardholder information, have vulnerability management processes in place, and regularly monitor their security posture. Failure to comply can be costly: fines, restrictions, and even permanent expulsion from card-acceptance programs.

InformationWeek Reports

PCI went into effect just before I joined the Humane Society, so there was an urgent mandate to protect our revenue stream with compliance. We already had strong security measures in place, but we lacked a reliable, automated way to conduct independent network security audits and securely transmit compliance reports to acquiring banks. That's when we discovered SaaS.

Qualys introduced us to the notion of on-demand with its SaaS-based network vulnerability management and compliance service called QualysGuard. Our heritage with IT has been the do-it-yourself approach of running an in-house infrastructure of servers and software applications. Our main constituent database is housed on an IBM AS/400. We also run a VPN that connects eight regional offices and field representatives in more than 30 states. We control everything internally.


Magda says SaaS has the Humane Society purring

Magda says SaaS has the Humane Society purring
SaaS opened our eyes to a new way of doing things. With QualysGuard, we didn't need to install any software or infrastructure. QualysGuard runs on Qualys' own secure global infrastructure, so we run security audits on-demand over the Internet with a standard Web browser. The application automatically finds all vulnerabilities on our local and remote network, provides directions to our IT staff for remediation, and submits PCI audit reports to our acquiring banks.

Automation eliminated a major concern for PCI compliance. Trouble was, I had reservations about relinquishing control of such a vital application to a third-party service provider. In years past, I probably wouldn't have considered SaaS. On the other hand, our small IT department was finding it harder to do ongoing maintenance of existing applications. A concomitant initiative to implement disaster recovery for key applications made me rethink SaaS as an opportunity. As it turns out, we were able to use QualysGuard right away without incident.

This positive SaaS experience erased our reticence in considering the on-demand model for new applications. Suggestions for these typically arise during monthly meetings of our technology steering committee. I established this cross-functional team to bring together business users, who are far more informed about their apps and requirements than technical experts. Our IT staff uses this forum to demonstrate potential solutions to business problems defined by our user community and to gauge which solutions will be a good fit.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll