Software as a Service (SaaS) providers store not only sensitive data from their own customers, but also sensitive data of their customer’s customers. For a SaaS company, the security of their database might impact not only their business, but the business of hundreds of other companies.
In this case, the SaaS company was providing e-mail and newsletter blast services. In other words, small businesses were hosting their e-mail lists of potential and existing customers. Each one of their customers could have as many as 10,000 names and contact details for their newsletter. Furthermore, the system stored valuable data about what e-mail blasts were targeted to what customers, the effectiveness of these campaigns, etc.
Because all the customers were in the SaaS system, it was even feasible that two competing companies were using this same mailing service. It was crucial to make sure that no internal attacks were going on, because there were so many different authorized users, where each authorized users needed to have permissions only to access their specific areas of the database.
- Large quantities of personal data.
- Added responsibility of storing private information for others.
- Many users with access to different parts of the database.
The SaaS provider was facing increased pressure from their customers. These companies wanted to make sure that their e-mail signups were secure and that their precious customer lists were not susceptible to leak, loss, or attack. They wanted to promise the end-users, that is the people signing up for a newsletter, that their e-mail address and private information would not be shared with others. Therefore the SaaS vendor needed to have a reliable solution that would instill trust in their clients, and ultimately the end users.
- Ensure no “inside job” SQL attacks were possible (from one customer to the next).
- Assure their customers that the end-users data was secure.
- Prevent any leaking of data.
HexaTier was able to provide rules-based access privileges for each e-mail list and each area of the database according to customer requirements. The customers were satisfied and could confidently promise their own users that they would be protected from spamming from third parties.
- Creation of trust of customers and their end-users.
- Rapid installation and immediate implementation.
- Prevent leakage of any data.
With one solution, the organization was able to resolve multiple problems with database security. The rapid implementation allowed them to get immediate protection, stopping any further attempts right away. Both the installation and the ongoing maintenance were simple.
- Eliminated potential for customers with a login to try SQL injections to find other customers’ data
- Same-day installation and immediate end to security breaches
- Easy operation and maintenance
- Prevention of data leakage or of crossover between databases.