While security should be on everyone’s mind when selecting software, it can be one of the tougher items to test when you’re going through the process. Unfortunately, it is also one of the items that most people take for granted. Today’s topic is a high-level cursory discussion of the topic in order to get you thinking of security when you’re evaluating software.
Here are a few things you can review that will give you some idea of security:
- Do a Google Search for the software product name followed by the words “security” or “security breach”, then see what, if any, results come back. Read up on anything that may have occurred in the recent past and what was done to remedy it.
- Look for “https://” at the beginning of your browser url if you are using Software-as-a-service (Saas) to make sure the connection is encrypted.
- Check the security of logins:
- Make sure that the system has some requirement for long and complex passwords.
- Try logging in unsuccessfully four or more times in a row. See if the software implements any protections to slow down the login process after a few failed attempts; this would be to impede brute-force attacks. If the service lets you continue attempting logins again and again without any “cool-off periods”, brute-force can be happen more easily.
- As an additional note, you can always help your odds by internally requiring that your team has passwords 16 characters or more in length. They don’t have to be complex, just long and not a single dictionary word.
For advanced users, there are plenty of online tools to help you assess Saas SSL certificates and in some cases to some high-level vulnerability testing on a server. You may need to prove you own the server in order to test some things (which will disallow you checking some server stats). The largest concern with any Saas provider is that your data is secure. Saas provides extended convenience by often allowing a web-accessible application. It also means that anyone can potentially access it as well.
Security will continue to be a hot topic in any type of software. Ultimately, even some of the best security can be vulnerable. The best advice we can give is to make sure the things that are in your control are secure. Create strong passwords and do not share accounts between users.