Security is critical to the success of any business, but it’s especially important in SaaS. Why?

Here are three compelling reasons why you should invest time and money into securing your software:

1. Security can provide peace of mind for your users

People use software every day to handle sensitive information like their banking details, their medical records and sometimes even private photos. Encrypting all of this data is extremely important because it keeps it safe from prying eyes and keeps people’s trust in the products they use.

2. Security can help with compliance requirements

Government agencies like HIPAA may require you to encrypt certain kinds of personal data, and then only store that data on secure servers that aren’t connected to the internet unless specifically required by law or regulation (see my previous post about understanding these regulations).

3. Security helps keep hackers at bay

The world is full of bad guys – they might be skilled professionals trying to hack into your databases, or they might be clueless script-kiddies who are running automated attacks against the highest ranked sites on Google. If you’re not hurting them by having valuable data like credit cards in your database (which should also be encrypted), then they likely aren’t trying to get into your systems that much.

Security helps protect businesses from other malicious actors, like competitors. One of my clients got hacked after someone stole their API keys and used the company’s identity to run up large expenses on their infrastructure. This type of attack can destroy a business’ reputation overnight! It’s extremely difficult to recover once word gets out that there is no longer trust in what you say about yourself online.

4. Keeping the servers secure is also another measure that businesses need to take.

It’s not just the data on your servers, you should be keeping those machines secure as well. A few years ago I ran across a business who had an SSH key for one of their users accidentally uploaded to GitHub where it  was left open for anyone to access. The hacker(s) gain access to the server using this account and proceeded to trash everything they could find from there. If your password security measures are lax or non-existent, then you will probably have a very difficult time recovering from such an attack if hackers know what they’re doing (which most do). It would be extremely difficult trying to recover from losing all of your data, let alone having it locked behind a cipher encrypted password. Your website and any other servers you may host would be unreachable to everyone and the people who love and care about you (friends and family) will hopefully understand that your server wasn’t necessarily hacked into or that there was no way you could have prevented such an attack because, after all, it’s virtually impossible to ensure a hacker doesn’t simply use what they can find lying around in plaintext.

It’s possible for hackers to take advantage of accidental leaks like these through phishing attacks – something we’ll talk more about later – but another common method is simply using brute force. This might sound like a terribly difficult and generally ineffective way of attacking, but it really isn’t with the low-hanging fruit like accidental leaks that people simply don’t know how to protect themselves from.