In all likelihood, over the Internet you are using a third-party to host your company web site that generates leads for your business and email servers that your executives use to communicate with each other, and to the outside world. Some of your colleagues may also be using Gmail, Dropbox, SalesForce CRM and a host of other web based applications. Any software used by your organization, which is not deployed locally within your own IT infrastructure, has already put your organization on the cloud. These cloud based software are either available free or at a minimal cost, and offer substantial advantages and possibly come with some disadvantages. The FAQs below allow you to weigh these gains against the losses of moving to the cloud, specifically in the context of your institutions regulatory compliance automation requirements.

What is the difference between on-premise and cloud-based software?

On-premise software is typically deployed on your institution's IT infrastructure. This software requires ongoing maintenance to keep it running at acceptable levels of performance; requiring periodic data backups; and occasionally needing upgrades and modifications from their vendors. On the other hand, cloud-based software is deployed on data centers such as Microsoft® Azure Cloud data centers. In this case cloud-based software provider takes care of all the maintenance, performance tuning, periodic backups, disaster recovery, security on cloud, protection of data, upgrading, modifications and all other associated tasks. Cloud-based applications therefore leave your IT team free to focus on taking care of on-premise revenue generating mission critical core applications and their cloud application integration.

What category of software applications is best suited on the Cloud?

You may not want to put an application on the cloud, that your company cannot do business without, unless you are sure that the vendor can support it better than you. Software applications that are core to running your institution, which handle revenue generating customer transactions, are best suited to be deployed on-premise. All other applications, including regulatory compliance applications, could be systematically moved on to the cloud through suitable Software-as-a-Service (SaaS) providers. Ideally suited SaaS providers are the ones who are capable of cloud application integration with your core applications. Additionally they should follow best practices for protection of data to ensure security on cloud.

What advantages does a Software-as-a-Service (SaaS) provider offer as compared to a traditional on-premise software vendor?

To use a SaaS application offering, your users would just need an internet browser & single broadband connection to get up and running in a matter of days or weeks. Whereas in the case of an on-premise software application this could take months or sometimes even a year. Besides this, SaaS users do not need to purchase, install or maintain hardware servers, operating systems and software application. Regulatory compliance applications such as KYCsphere, that require constant content updates (sanction/watch/embargo lists) and ongoing modifications as per changes in regulations are particularly best managed by the SaaS provider on the Cloud.

How can my organization benefit from using Cloud based SaaS applications?

Software-as-a-Service (SaaS) has started playing a central role, when it comes to applications for sharing and collaboration over the Internet. Earlier, content management and customer relationship management software could only be afforded by larger corporations with expensive network infrastructure. SaaS based CRM applications such as SalesForce.com has now made these technologies accessible to even the smallest of organizations. This has become a reality primarily due to a host of benefits that SaaS providers offer, including economical costing and convenience of usage.

  • Anywhere Availability: SaaS applications can be easily accessed from any computer or mobile device, therefore adding to the productivity of users.
  • Easy to Use: SaaS applications also are designed to be user intent driven and therefore have a lower learning curve for new users.
  • Automatic Upgrades: All updates and upgrades for a SaaS application, are managed by the SaaS provider. Customers do not need to worry about installing software patches or updates, or keeping up with changing regulatory compliance requirements.
  • Better Scalability: SaaS applications are usually deployed on the elastic cloud platform, wherein as per requirements upward and downward scaling is rather easy. SaaS provider manages this scalability, and the customer is left free from worries about added servers and other infrastructure costs.
  • Lower Costs: Server hardware, network infrastructure costs and software license fees are all taken care of by the SaaS provider. For the customer, this greatly reduces the impact of the significant startup and ongoing maintenance costs of commissioning such applications.

Microsoft® Azure Cloud based KYCsphere SaaS application, offers you all these benefits that are further elaborated on the Benefits page.

Which is the most cost efficient and beneficial SaaS application usage option?

Older generation applications could be difficult to rebuild and are therefore offered as hosted options to on-premise applications. These are sometimes termed as single tenant SaaS applications, requiring creation of a new instance by the vendor, for every additional customer. The cost of running such an infrastructure for the vendor tends to increase exponentially as the number of customers increase. Naturally this creates an upward pressure on the subscription fee that the vendor wants to charge from every customer. On the other hand, current generation SaaS applications that have been designed and developed to be multi-tenant turn out to be most cost efficient to the provider as well as to the end customer for the following reasons:

  • Greater Scalability: A single large instance of multi-tenant SaaS infrastructure can be multiplied by the provider rather easily. It instantly adds additional processing power benefitting the entire tenant customer base.
  • Improved Performance: Since the multi-tenant SaaS provider needs to monitor only a single technology stack, it makes it easier to detect and correct application and database performance problems.
  • Faster Upgrades: Since there is just one single, centralized place to apply patches, make enhancements or release new application versions, it could all be done much more rapidly.
  • Better Service: With only one platform to administer, SaaS vendor can provide more responsive services, such as troubleshooting and problem resolution.
  • Lower Subscription Fees: With multi-tenant, the SaaS provider benefits from the economy of scale. This automatically translates into lower subscription fees for the end customer/tenant.

But what about the data security on cloud?

Security is the first thing that would concern you when you would consider moving your customer data on to the cloud, for the first time.

Cloud is secure enough for the Pentagon

In March 2011, US Army General Keith Alexander, Commander of U.S. Cyber Command and Director of the National Security Agency, speaking before the House, said cloud computing provides the best way to secure DOD networks. Interestingly, he did not stress cloud computing ability to cut costs; rather, he emphasized its security benefits: "This [cloud] architecture would seem at first glance to be vulnerable to insider threats—indeed, no system that human beings use can be made immune to abuse—but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data."

As seen in previous FAQs, with so many benefits associated with cloud technologies, we all really need to all ask ourselves: "If the Cloud is secure enough for the Pentagon. Why Not You?"

KYCsphere SaaS application deployed on Microsoft® Azure cloud has been architected keeping protection of data and security on cloud issues at the center of its design. The application ensures rigorous identity & access management; least privilege role assignments; SSL authentication; encryption of sensitive data in transit & at rest; overall integrity against unauthorized changes and monitoring through audit trails. For instance, the application has the provision to create an encrypted or complete fracture between tenant’s customer unique identifiers and their rest of the profile & transactions, making it impossible to connect the two for unauthorized persons.

KYCsphere does not need to capture other personal details of the tenant's customers, such as credit card numbers, personal health information and other personal data, which in any case are not relevant from the perspective of KYC, AML & CTF regulations. There are numerous other useful data security features that are inbuilt in KYCsphere, which are further detailed on Data Security & Protection page.

What are the "security on cloud" measures that are undertaken at the data center where KYCsphere application is deployed?

KYCsphere is deployed on Microsoft data center based Azure cloud Platform-as-a-Service (PaaS). PaaS is equipped with filtering routers, firewalls, intrusion detection systems, cryptographic protection of messages etc. Microsoft data center is ISO27001 compliant; Safe Harbor certified and follows Microsoft Trustworthy Computing Initiative's privacy guidelines. It is further physically secured from power failure, physical intrusion and network outages. These security measures are further covered on Data Security & Protection page.

What privacy & protection of data features does KYCsphere support?

Your data in KYCsphere database is neither shared with a third-party nor retrieved by anyone other than authorized representatives. It is replicated within Azure to three separate nodes to minimize the impact of hardware failures. Further as an option, customer could seek secure storage of their data either in the same location or in another geographically located Azure data center. This optional secure storage account ensures that the customer has full flexibility of porting their data at any point in time.

What are Azure PaaS & KYCsphere SaaS availability and disaster recovery practices?

Each layer of the Azure platform infrastructure and application & database layers of KYCsphere are designed to continue operations in the event of failure. It includes redundant network devices at each layer and dual Internet service providers at each data center. The Azure platform runs across multiple data centers around the world. In the event of a catastrophic failure involving an entire datacenter, KYCsphere team could bring another instance of the application and database live from the backup location, in a matter of a few hours. This backup location also serves as an excellent alternative for your customer data Disaster Recovery (DR) & Continuity site. This infrastructure is constantly monitored and corrective actions that are undertaken are further described on Data Security & Protection page.

How can a user of KYCsphere get support easily?

Our dedicated support team responds to support requests through web, email, chats and phone. These requests could plainly be either a user wanting to learn more about application feature/functionality or in a rare case an issue that requires urgent resolution. All these requests are responded to in a time bound manner under strict Service Level Agreements (SLAs).

How often are new features introduced?

Updates of sanction/watch/embargo lists in KYCsphere are an ongoing activity. We track evolving body of compliance knowledge around the world, based on publication of reports by Financial Action Task Force (FATF) and its sister regional bodies; Egmont Group and its member FIUs; Wolfsberg Group; World Bank; IMF; UN and other global and regional bodies. Regulatory guideline changes in jurisdictions that our customers operate in and user feedbacks & suggestions are monitored by us continuously. KYCsphere upgrade roadmaps are drawn from such findings, which eventually lead up to the release of new versions with necessary enhancements and additional features.

How would KYCsphere cloud application integration happen with our existing on-premise applications?

KYCsphere has been designed & developed on the basis of Service-Oriented Architecture (SOA) principles and methodologies. It supports Web Services based integration with your on-premise core transactional applications. A service-oriented architecture design and KYCsphere's web interfaces automatically ensures standards based interoperability. This in turn, can over a period of time give your organization, an IT infrastructure that takes advantage of the strengths unique to Software-as-a-Service application integrating back into enterprise applications.

Cloud application integration is best demonstrated for instance by achieving single sign on and centralized administration of users at your end, with KYCsphere integration with your active directory identity management system.

If you would like to ask a question, please feel free to enter your question below along with your name, email & press the button on the right.

Privacy Policy 

< Data Security & ProtectionContact Us >