The cloud can be an elusive thing. So, apparently are the security details in software-as-a-service offerings.

That’s what research firm Gartner discovered after looking closely at more than 100 contracts of SaaS providers. According to NetworkWorld U.S., which saw the report, Gartner found that often the contracts have very little specific security language.

That may give a lot of organizations pause when a SasS provider comes knocking at their door. It may also give them the shivers to know that some staff have quietly signed up for a SaaS offering without permission.

Small wonder that in a recent IDC Canada survey 31 per cent of respondents whose companies don’t use public cloud solutions said their greatest concern about the technology is security.

What can you do about it? For one thing, get tough. Tell the provider you want a service level agreement with security-related metrics. Ask for customer references and call them – have they experienced security-related problems? How the did the provider respond? At the very least, find out if the provider has certifications like SSAE16.

Finally, consider making a rule in your organization that while most IT can be bought at the department level, SaaS products have to be approved before clicking on the OK button.

 


Related Download
The Evolution of Vendor Risk Management in Financial Institutions Sponsor: BitSight
The Evolution of Vendor Risk Management in Financial Institutions
The financial services industry has long been a pioneer in developing risk management practices. As third party data breaches have increased in recent years, regulators and organizations have moved from relying solely on static questionnaires and assessments, to continuously monitoring the security of vendors.
Register Now