BIPO專訪 | 探究SaaS技術的未來As hybrid work models and digitalisation continue to shape the future of work, more businesses are adopting software-as-a-service (SaaS) tools to facilitate collaboration, engagement, and the scaling up of self-service options for the workforce.
在混合工作模式和數字化轉型的全新商業環境下,越來越多的企業開始采用軟件即服務(SaaS)技術,以促進員工的協作、參與和自主選擇。
This in turn, creates a security risk that organisations need to address, said Albert Liew, Managing Director, Singapore and Indochina, BIPO.
Speaking with HRM Asia, he explained, “As large amounts of sensitive data can be accessed from any smart device by many users, this poses a risk to privacy and sensitive information, including vulnerability to new malware and phishing attacks. The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.”
With SaaS programmes being hosted on the cloud, one of the most prevalent causes of security lapses is the recycling of passwords and having them saved to systems. To mitigate the risk of account takeovers, a robust cloud applications security strategy needs to be supplemented with the education of end-users.
BIPO Singapore and Indochina Managing Director——Albert Liew對此評論道:“這反過來使得企業不得不花更多的精力來保障流程的安全和穩定,以避免信息風險。”
在接受《HRM Asia》的采訪時,他解釋說:“由于用戶可以從任何智能設備訪問大量敏感數據,這對隱私和個人信息構成了風險,極其容易受到新的惡意軟件和網絡釣魚攻擊。因為SaaS程序被托管在云端,安全漏洞普遍發生在密碼存儲的過程中。為了減少賬戶泄露的風險,就需要建立一套完善的云應用安全保障制度,并對終端用戶進行安全培訓。”
“As a guide, ensure that passwords are regularly updated, and multi-factor authentication is enabled. In addition, businesses can minimise security breaches by implementing SaaS security tools and a selection of options to mitigate such risks,” Liew added.
對此,Albert Liew還補充道:“企業應盡可能地確保密碼定期更新,并啟用多重身份驗證。此外,還可以通過實施SaaS安全工具和相關方案來最大限度地減少安全漏洞。”
“The need for improved security and SaaS security tools that can secure cloud-based programmes will play a big role in today’s business landscape.”
“維護系統的安全性和SaaS安全工具的使用將在當今的商業環境中發揮重要作用,以保護基于云計算的各類項目。“——Albert Liew, Managing Director, Singapore and Indochina, BIPO
He recommended that organisations that host their SaaS applications on public cloud infrastructures consider reliable and reputable third-party vendors such as Amazon Web Services (AWS) and Alibaba Cloud, which are well-regarded for their computing, storage and content processing capabilities, as well as robust practices that safeguard the security of their platforms.
With cyber threats becoming increasingly sophisticated and targeted, servers hosting SaaS applications should also be regularly reviewed and patches applied against new vulnerabilities.
隨著網絡威脅變得越來越復雜和有針對性,他建議目前正在使用SaaS技術的企業考慮可靠且信譽良好的第三方供應商,如亞馬遜(AWS)和阿里巴巴云,這些供應商在計算、存儲和內容處理能力方面廣受好評,并且平臺的安全性可以得到充分保障。同時我們也要定期檢查服務器,如有發現新的漏洞,應及時打補丁來修復。
Liew highlighted, “This starts with fundamentals such as having a robust IT security policy in place. Such policies need to address the changing global business landscape where remote work is now the new norm. It is crucial to regularly update such policies, ensuring they are aligned with the evolving digital landscape.”
In a recent white paper published by BIPO, the HR service provider identified some of the key practices organisations should deploy when it comes to SaaS security. These include:
1) Creating a cloud applications security strategy.
2) Enabling multi-factor authentication to ensure a safeguard against compromised credentials.
3) Implementing endpoint security considerations where access from devices such as smartphones, tablets, desktops, laptops and other mediums must be controlled to prevent misuse of SaaS and data loss prevention (DLP).
4) Ensuring ongoing training and education at all levels within the organisation, including the understanding of SaaS usage and security. Prevention through education is often the most effective way to prevent breaches.
他強調說:“制定一套有效的IT安全政策至關重要,同時政策需要定期更新以應對不斷變化的全球商業格局。”
在BIPO最近發表的一份白皮書中,確定了一些企業在涉及SaaS安全時應該遵循的關鍵操作,包括以下:
1)創建云應用安全保障制度。
2) 啟用多重認證,以確保和防止驗證系統被滲透。
3) 實施端點安全方案,控制來自智能手機、平板電腦、臺式機、筆記本電腦和其他媒介的訪問,以防止SaaS濫用和數據泄露(DLP)。
4) 確保組織內相關員工的持續培訓和教育,包括對SaaS的使用和安全意識的指導。通過培訓方式來進行預防往往是防止漏洞的最有效方法。
When these safety practices have been established, organisations can then turn their attention to the selection of a SaaS solution. “Consider the scalability and integration of the solution with other systems such as CRM, finance, ERP and so on,” Liew advised. “Increasingly, we have seen applicant tracking systems and e-learning platforms integrate with existing HR management systems to complement the evolving needs of HR and the business.”
當這些落實后,企業就可以將注意力轉向SaaS解決方案的選擇。Albert Liew建議:“如今已經有越來越多的獵聘系統和電子學習平臺與現有的人力資源管理系統相結合,以補充人力資源和業務流程中不斷變化的需求。所以在選擇過程中,我們要考慮解決方案的可擴展性和與其他系統(如CRM、財務、ERP等)的兼容性。”
Due to the pandemic, solutions such as BIPO’s Safe Entry platform have also gained popularity, as organisations increasingly look to integrate contactless door access with facial recognition capabilities, as well as with payroll and attendance applications.
Liew continued, “Similarly, performance management and e-learning platforms are on the rise as remote work continues. Given the shift in work patterns, businesses are now more vested in utilising digital tools to enhance the employee experience, particularly during the appraisal and performance management process.”
As users look to access SaaS platforms from home and on smart devices, offering flexibility is also key, he added, noting how there has been a growing interest in mobile apps where employees can easily navigate and complete tasks with just a few clicks.
由于疫情,越來越多的企業采用非接觸式門禁與面部識別功能,將其與工資單和考勤應用集合在一起, BIPO的安全入口平臺等解決方案也越來越受企業的歡迎。
“同樣,隨著遠程辦公的持續和工作模式的轉變,企業現在更傾向于利用數字工具來提升員工體驗,尤其是在評估和績效管理過程中。為了方便用戶訪問SaaS平臺,提供相應的靈活性也很關鍵。在移動應用中,員工只需點擊幾下即可輕松導航和完成打卡等操作。” Albert Liew補充道。
BIPO’s HR Management System (HRMS) is ISO-27001 certified and offers businesses the agility of a cloud-based SaaS solution from pre-boarding to off-boarding.
Compliant with labour laws and designed to meet the needs of Business 4.0, BIPO HRMS features cutting-edge technology and supports all aspects of HR functions, from personnel, payroll, leave management, attendance and expense management, to performance management.
Allowing organisations to integrate employee records and attendance with BIPO HRMS and payroll functions, the BIPO Safe Entry is a touch-free door access system that features AI facial recognition and contactless temperature scanning. This reduces errors and optimises business efficiency, enabling HR teams to focus on strategic HR functions.
BIPO的人力資源管理系統(HRMS)通過了ISO-27001認證,為滿足商業4.0的需求而專門設計,支持人力資源功能的所有模塊,從人事、工資、休假管理、考勤和費用管理,到績效管理,為企業提供了從入職前到離職后的基于云的一站式SaaS解決方案。同時支持將員工考勤記錄與BIPO HRMS和薪資功能相結合,并提供BIPO Safe Entry免接觸門禁系統,具有AI面部識別和非接觸式溫度掃描功能。這將規避風險,優化業務效率,使HR團隊能夠更專注于人力資源戰略的歸化和企業運營。