BIPO专访 | 探究SaaS技术的未来

2022年02月18日 7671次浏览
As hybrid work models and digitalisation continue to shape the future of work, more businesses are adopting software-as-a-service (SaaS) tools to facilitate collaboration, engagement, and the scaling up of self-service options for the workforce.

在混合工作模式和数字化转型的全新商业环境下,越来越多的企业开始采用软件即服务(SaaS)技术,以促进员工的协作、参与和自主选择。

This in turn, creates a security risk that organisations need to address, said Albert Liew, Managing Director, Singapore and Indochina, BIPO.

Speaking with HRM Asia, he explained, “As large amounts of sensitive data can be accessed from any smart device by many users, this poses a risk to privacy and sensitive information, including vulnerability to new malware and phishing attacks. The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.”

With SaaS programmes being hosted on the cloud, one of the most prevalent causes of security lapses is the recycling of passwords and having them saved to systems. To mitigate the risk of account takeovers, a robust cloud applications security strategy needs to be supplemented with the education of end-users.

BIPO Singapore and Indochina Managing Director——Albert Liew对此评论道:“这反过来使得企业不得不花更多的精力来保障流程的安全和稳定,以避免信息风险。”

在接受《HRM Asia》的采访时,他解释说:“由于用户可以从任何智能设备访问大量敏感数据,这对隐私和个人信息构成了风险,极其容易受到新的恶意软件和网络钓鱼攻击。因为SaaS程序被托管在云端,安全漏洞普遍发生在密码存储的过程中。为了减少账户泄露的风险,就需要建立一套完善的云应用安全保障制度,并对终端用户进行安全培训。”

 

“As a guide, ensure that passwords are regularly updated, and multi-factor authentication is enabled. In addition, businesses can minimise security breaches by implementing SaaS security tools and a selection of options to mitigate such risks,” Liew added.

对此,Albert Liew还补充道:“企业应尽可能地确保密码定期更新,并启用多重身份验证。此外,还可以通过实施SaaS安全工具和相关方案来最大限度地减少安全漏洞。”

“The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.”

“维护系统的安全性和SaaS安全工具的使用将在当今的商业环境中发挥重要作用,以保护基于云计算的各类项目。“——Albert Liew, Managing Director, Singapore and Indochina, BIPO

 

He recommended that organisations that host their SaaS applications on public cloud infrastructures consider reliable and reputable third-party vendors such as Amazon Web Services (AWS) and Alibaba Cloud, which are well-regarded for their computing, storage and content processing capabilities, as well as robust practices that safeguard the security of their platforms.

With cyber threats becoming increasingly sophisticated and targeted, servers hosting SaaS applications should also be regularly reviewed and patches applied against new vulnerabilities.

随着网络威胁变得越来越复杂和有针对性,他建议目前正在使用SaaS技术的企业考虑可靠且信誉良好的第三方供应商,如亚马逊(AWS)和阿里巴巴云,这些供应商在计算、存储和内容处理能力方面广受好评,并且平台的安全性可以得到充分保障。同时我们也要定期检查服务器,如有发现新的漏洞,应及时打补丁来修复。

 

Liew highlighted, “This starts with fundamentals such as having a robust IT security policy in place. Such policies need to address the changing global business landscape where remote work is now the new norm. It is crucial to regularly update such policies, ensuring they are aligned with the evolving digital landscape.”

In a recent white paper published by BIPO, the HR service provider identified some of the key practices organisations should deploy when it comes to SaaS security. These include:

1) Creating a cloud applications security strategy.

2) Enabling multi-factor authentication to ensure a safeguard against compromised credentials.

3) Implementing endpoint security considerations where access from devices such as smartphones, tablets, desktops, laptops and other mediums must be controlled to prevent misuse of SaaS and data loss prevention (DLP).

4) Ensuring ongoing training and education at all levels within the organisation, including the understanding of SaaS usage and security. Prevention through education is often the most effective way to prevent breaches.

他强调说:“制定一套有效的IT安全政策至关重要,同时政策需要定期更新以应对不断变化的全球商业格局。”

在BIPO最近发表的一份白皮书中,确定了一些企业在涉及SaaS安全时应该遵循的关键操作,包括以下:

1)创建云应用安全保障制度。

2) 启用多重认证,以确保和防止验证系统被渗透。

3) 实施端点安全方案,控制来自智能手机、平板电脑、台式机、笔记本电脑和其他媒介的访问,以防止SaaS滥用和数据泄露(DLP)。

4) 确保组织内相关员工的持续培训和教育,包括对SaaS的使用和安全意识的指导。通过培训方式来进行预防往往是防止漏洞的最有效方法。

When these safety practices have been established, organisations can then turn their attention to the selection of a SaaS solution. “Consider the scalability and integration of the solution with other systems such as CRM, finance, ERP and so on,” Liew advised. “Increasingly, we have seen applicant tracking systems and e-learning platforms integrate with existing HR management systems to complement the evolving needs of HR and the business.”

当这些落实后,企业就可以将注意力转向SaaS解决方案的选择。Albert Liew建议:“如今已经有越来越多的猎聘系统和电子学习平台与现有的人力资源管理系统相结合,以补充人力资源和业务流程中不断变化的需求。所以在选择过程中,我们要考虑解决方案的可扩展性和与其他系统(如CRM、财务、ERP等)的兼容性。”

 

Due to the pandemic, solutions such as BIPO’s Safe Entry platform have also gained popularity, as organisations increasingly look to integrate contactless door access with facial recognition capabilities, as well as with payroll and attendance applications.

Liew continued, “Similarly, performance management and e-learning platforms are on the rise as remote work continues. Given the shift in work patterns, businesses are now more vested in utilising digital tools to enhance the employee experience, particularly during the appraisal and performance management process.”

As users look to access SaaS platforms from home and on smart devices, offering flexibility is also key, he added, noting how there has been a growing interest in mobile apps where employees can easily navigate and complete tasks with just a few clicks.

由于疫情,越来越多的企业采用非接触式门禁与面部识别功能,将其与工资单和考勤应用集合在一起, BIPO的安全入口平台等解决方案也越来越受企业的欢迎。

“同样,随着远程办公的持续和工作模式的转变,企业现在更倾向于利用数字工具来提升员工体验,尤其是在评估和绩效管理过程中。为了方便用户访问SaaS平台,提供相应的灵活性也很关键。在移动应用中,员工只需点击几下即可轻松导航和完成打卡等操作。” Albert Liew补充道。

 

BIPO’s HR Management System (HRMS) is ISO-27001 certified and offers businesses the agility of a cloud-based SaaS solution from pre-boarding to off-boarding.

Compliant with labour laws and designed to meet the needs of Business 4.0, BIPO HRMS features cutting-edge technology and supports all aspects of HR functions, from personnel, payroll, leave management, attendance and expense management, to performance management.

Allowing organisations to integrate employee records and attendance with BIPO HRMS and payroll functions, the BIPO Safe Entry is a touch-free door access system that features AI facial recognition and contactless temperature scanning. This reduces errors and optimises business efficiency, enabling HR teams to focus on strategic HR functions.

BIPO的人力资源管理系统(HRMS)通过了ISO-27001认证,为满足商业4.0的需求而专门设计,支持人力资源功能的所有模块,从人事、工资、休假管理、考勤和费用管理,到绩效管理,为企业提供了从入职前到离职后的基于云的一站式SaaS解决方案。同时支持将员工考勤记录与BIPO HRMS和薪资功能相结合,并提供BIPO Safe Entry免接触门禁系统,具有AI面部识别和非接触式温度扫描功能。这将规避风险,优化业务效率,使HR团队能够更专注于人力资源战略的归化和企业运营。