While security should be on everyone’s mind when selecting software, it can be one of the tougher items to test when you’re going through the process. Unfortunately, it is also one of the items that most people take for granted. Today’s topic is designed as a high-level cursory discussion of the topic and is designed to get you thinking of security when you’re evaluating software.
Here are a few things you can review that will give you some idea of security:
- Do a Google Search for the software product name followed by the words “security” or “security breach” and see if any results come back. Read up on anything that may have occurred in the recent past and what was done to remedy it.
- Look for “https://” at the beginning of your browser url if you are using Software-as-a-service (Saas) to make sure the connection is encrypted.
- Check the security of logins:
- You might not like to hear it, but make sure that the system has some requirement for long and complex passwords.
- Try logging in unsuccessfully four or more times in a row and see if they implement any protections that slow down the login process after a few failed attempts — impeding brute-force attacks. If the service lets you continue attempting logins again and again without any “cool-off periods”, brute-force can be attempted more easily.
- As an additional note, you can always help your odds by internally requiring that your team has passwords 16 characters or more in length. They don’t have to be complex, just long and not a single dictionary word.
For advanced users, there are plenty of online tools to help you assess Saas SSL certificates and in some cases to some high-level vulnerability testing on a server (you may need to prove you own the server in order to test some things – which will disallow you checking some server stats). The largest concern with any Saas provider is that your data is secure. Saas provides extended convenience by often allowing a web-accessible application, but it also means that anyone can potentially access it as well.
Security will continue to be a hot topic in any type of software and ultimately, even some of the best security can be vulnerable. The best advice we can give is to make sure the things that are in your control are secure: create strong passwords and do not share accounts between users.