Personal data on tenants, addresses and invoices, as well as company documents on third-party servers: is SaaS secure enough for companies?
The data is even more secure than it would be on in-house servers – provided that the latter are run as they are in the Aareon Data Centres. The cybersecurity threat has increased massively in recent years, with cybercriminals becoming more professional, faster and more effective. Protection against this threat requires a great deal of investment in terms of time, skills, money and human resources. Current events have only exacerbated the problem: working from home, the requirement for seamless operation of all software tools and the shift to the cloud are aspects that are difficult enough to manage as things stand. But the growing threat landscape has been rendered even more complex by the trend of working from anywhere at any time. Companies that only deal marginally with the issue of cybersecurity can hardly afford to provide effective data protection. It’s much more efficient and secure to rely on a cloud solution such as Aareon’s.
How exactly does Aareon ensure the security of its SaaS solutions?
We have a Data Centre at two locations. This satisfies the most stringent availability requirements: the systems are always available, even in the event of a switching system failure, flood or explosion at one of the sites. We also protect our network with next-generation firewalls which are capable of detecting suspicious network activities. Our backups are saved offline at various locations. Even if a hacking attack on our Data Centre were to succeed, no data would be lost. Our employees are also given regular security awareness training. Finally, our products are programmed securely from the outset – with adherence to the most stringent security standards in software development. We check system security regularly in internal and external audits and by mounting test attacks on our systems and applications with a view to identifying potential vulnerabilities.
With which certification standards does Aareon’s IT infrastructure comply?
We have TÜV (technical inspection agency) certification pursuant to High-Availability Level 4, which also satisfies banking requirements, plus IDW PS 951nv type B attestation as defined by the Institute of Public Auditors in Germany (IDW), which is of particular relevance for our customers’ auditors. We are of course also certified in compliance with the globally recognised ISO 27001 standard for information security management, and the technical inspection agency TÜV Rheinland has awarded us certification for our data protection management.