It's INSANE to me that this is a software service and not just a software product, like Microsoft Windows. It would be malpractice to use this at any company where security really matters.
If it were a a product you would only merely be at the mercy of the product's source code being securely written. But as a service, you are constantly at the mercy of the entire SaaS organization's security culture. Now you have to worry about every single employee with any access at the SaaS organization getting phished. About every sysadmin at the SaaS organization accidentally screwing up a config that opens up a door into their network. About how hardcore every support person at the SaaS organization is about resisting social engineering. Yeesh, it's exhausting to think about.
You've exploded exponentially the number of things that could go wrong resulting in a security hole. All for what? Nothing, because there's nothing about this product that inherently benefits from a service model technically. There's no large data in the cloud to crunch, nothing from other customers that could benefit a different customer somehow. It ain't napster, it's just authorization. It's a damn simple solved problem and you're making it harder just so you get subscription instead of one time revenue.
If promising your customers your service is secure and/or reliable is in no way a part of your value proposition, this is an ok option, but if it is, you're crazy to put yourself in such a vulnerable position like this
If it were a a product you would only merely be at the mercy of the product's source code being securely written. But as a service, you are constantly at the mercy of the entire SaaS organization's security culture. Now you have to worry about every single employee with any access at the SaaS organization getting phished. About every sysadmin at the SaaS organization accidentally screwing up a config that opens up a door into their network. About how hardcore every support person at the SaaS organization is about resisting social engineering. Yeesh, it's exhausting to think about.
You've exploded exponentially the number of things that could go wrong resulting in a security hole. All for what? Nothing, because there's nothing about this product that inherently benefits from a service model technically. There's no large data in the cloud to crunch, nothing from other customers that could benefit a different customer somehow. It ain't napster, it's just authorization. It's a damn simple solved problem and you're making it harder just so you get subscription instead of one time revenue.
If promising your customers your service is secure and/or reliable is in no way a part of your value proposition, this is an ok option, but if it is, you're crazy to put yourself in such a vulnerable position like this