Software as a Service (SaaS) is still relatively new for many organizations. One of the concerns that frequently comes up for potential buyers of SaaS or "cloud" products is the issue of security. Earlier this week, I hear a guy from Deloitte speak about SaaS. One of the points he addressed was security. He said virtually every data breach over the past 10 years has been on information systems is installed (on-premises) systems—and not on SaaS systems. I looked into this further, and there are plenty of data breach websites that support this conclusion (e.g., http://www.infosecurityanalysis.com/). The most recent example was when Home Depot's consumer site was breached.
This is not to say that Cloud companies are perfect. The king of the cloud, Salesforce.com, has been hacked; this exposed many thousands of customer emails and other information. Nevertheless, data still supports the idea that Cloud (including SaaS) is at least as secure—and in many cases more secure—as on-premises, installed systems.
The harsh reality is that malicious attackers are on the rise, and about 85 percent of all U.S. companies have experienced one or more attacks ( source). (Sony got hacked last year.) Organizations should consider switching to cloud solutions for cost savings, scalability, efficiency, and yes, security.