Vendor Portal Security

Procure to Pay Connect > Procure 2 Pay  > Vendor Portal Security
Vendor Portal Security

As the demand for secure, SaaS-based, Vendor Portals increases so too do the concerns about Vendor Portal SaaS Security. These concerns are not limited to Vendor Portal applications they are more ubiquitous across all on-demand solutions.


One of the major advantages of a SaaS-based Vendor Portal application is that it can be accessed virtually from anyplace at any time, as long as you have Internet connectivity. However, this convenience is a double-edged sword. On one hand, there is an increase in productivity where you can communicate and be productive at all times, on the other, a whole host of new data security risks are introduced.


Unlike the more traditional, in-house, server-based, application structures, the on-demand, SaaS, model requires that the user needs to be reliant on the vendor for the security protocols of the system. Additionally, to make this more complicated, in the SaaS world, the providers’ goal is to have as many customers as possible utilizing a single instance of their application. Maximizing the number of users on one deployment increases the return on the investment made by the provider on the infrastructure and security. Therefore, customers must rely on the provider to ensure that data is secure and not shared with non-authorised users. Multiple users can never get a view of each other‘s data.


Keep in mind that the entire SaaS sector is comparatively young and earnestly competitive, which means companies have had to squeeze every last drop of creative juice from their investments in order to get market traction. They pour their heart and soul into their solutions, sometimes, with only a fraction of the budget that the larger software competitors have.


If you want to be sure that your data on these systems is secure, then you need to be aware that there are some common security challenges that need to be addressed by the cloud computing providers. These challenges are not unique to SaaS providers but solving them sometimes is.


Here are three areas that you should look into when deploying a SaaS solution:



One of the best ways is to enhance the security of your Vendor Portal is through enhanced authorization and authentication. The authorization and authentication systems used in enterprise environments need some fortifications when they are integrated with the cloud environment. It is in your best interest that the provider can integrate with your data quickly and easily, the challenge is, how do we do this safely.

The most common forms of Authentication for Vendor Portals are*:


  • Transaction Authentication
  • Biometric
  • Token – Based
  • Multi -Factored
  • Out-of-Band


Single Sign-On (SSO) Solutions

The most recognized mechanism for data breaches in the SaaS world nowadays is through malicious or unintentional misuse of user access credentials. In such scenarios, the necessary control is to monitor more than one set of credentials. With the introduction of SSO, a system can now leverage both a Token system from the SaaS provider as well as the credentials of the user’s Active Directory (AD) or Lightweight Directory Access Protocol (LDAP).

Integrating into the Active Directory also gives the user the added benefit of having auditable controls over both who access is granted to as well as what access they have.


Hosting Environments

Though, the Vendor Portal software application may have multiple layers of security you should also be asking what security protocols are in place at the hosting provider. Things like physical security and power redundancy all add to the rating of these providers. When dealing with your most sensitive data, you should always ask to see a copy of the security certifications of the hosting company. Keep them on file as you never know when you might need them for an audit.

Finally, for maximum Vendor Portal Saas security look for a solution that is utilizing Single-tenancy at the hosting provider. Single Tenancy hosting provides the highest levels of security to help comply with PCI DSS, HIPAA, SOX and FISMA guidelines.




Joe Flynn is a Silicon Valley Entrepreneur who created Lavante, Inc. Lavante was started with the vision using Machine Learning, Natural Language Processing and advanced Data Extraction techniques to transform the traditionally manual-based Account Payable Recovery industry. Lavante Was acquired by PRGX Inc. in November 2017. Joe is currently working on a new venture using Artificial Intelligence and Machine learning to transform trade partner communications across the entire supply chain.