Gartner questions SaaS security assurances

The cloud can be an elusive thing. So, apparently are the security details in software-as-a-service offerings.

That’s what research firm Gartner discovered after looking closely at more than 100 contracts of SaaS providers. According to NetworkWorld U.S., which saw the report, Gartner found that often the contracts have very little specific security language.

That may give a lot of organizations pause when a SasS provider comes knocking at their door. It may also give them the shivers to know that some staff have quietly signed up for a SaaS offering without permission.

Small wonder that in a recent IDC Canada survey 31 per cent of respondents whose companies don’t use public cloud solutions said their greatest concern about the technology is security.

What can you do about it? For one thing, get tough. Tell the provider you want a service level agreement with security-related metrics. Ask for customer references and call them – have they experienced security-related problems? How the did the provider respond? At the very least, find out if the provider has certifications like SSAE16.

Finally, consider making a rule in your organization that while most IT can be bought at the department level, SaaS products have to be approved before clicking on the OK button.

 


Related Download
Addressing Advanced Email Threats: Protect Your Data and Brand Sponsor: Cisco
Addressing Advanced Email Threats: Protect Your Data and Brand
Email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate communications.
Register Now