Software-as-a-service delivers significant benefits and advantages over traditional installations, but data security cannot be overlooked. Here, we discuss high-level policy considerations such as how to classify data based on its sensitivity, assign risk levels, and set access privileges based on those tiers.
When classifying data for risk, you must first consider a list of threats that the data and applications may face. You then weigh those risks by their likelihood. This is not an exact science, but it can be intelligently handled by an experienced security consultant.