Dr. Sonal Sagar Boda

Exploring Software as a Service Security Architecture Challenges and Considerations

Abstract:

This exploratory qualitative study delved into challenges encountered in SaaS security architecture and investigated the factors for improving SaaS security. Two main research inquiries steered the study's direction: firstly, identifying what challenges SaaS professionals experience with SaaS security architecture, and secondly, exploring which factors SaaS professionals perceive to be most impactful for improving SaaS security. This study utilized an approach consisting of five steps rooted in exploratory qualitative research methodology for structuring the investigation process. Information security management (ISM) was employed as a theoretical framework, and its key variables, such as security policy, risk management, internal control, and information auditing, served as a design to guide the data collection process. Data was collected by interviewing twelve professionals within the SaaS industry. Participant data collected was transcribed into Atlas.ti software for analysis. Interview data was analyzed using a six-step reflexive thematic analysis approach using inductive and deductive methods. Studies have noted that SaaS customization, scalability, multitenancy, security, and integration are critical factors for enhancing SaaS security. This study's data analysis resulted in generating ten themes. The findings indicated that user permissions, access management, data storage, privacy, and transmission are challenges for SaaS security. The study's findings also noted that SaaS security architecture challenges occur when integrating with third-party services, APIs, and libraries. Additionally, challenges include organizations failing to meet compliance standards. Data categorization, masking, minimization, monitoring, preferences, segregation, processing, reliability, integrity, retention and protection, vulnerability management, real-time auditing, technology education, and user training are key factors for improving SaaS security.