Gartner questions SaaS security assurances

The cloud can be an elusive thing. So, apparently are the security details in software-as-a-service offerings.

That’s what research firm Gartner discovered after looking closely at more than 100 contracts of SaaS providers. According to NetworkWorld U.S., which saw the report, Gartner found that often the contracts have very little specific security language.

That may give a lot of organizations pause when a SasS provider comes knocking at their door. It may also give them the shivers to know that some staff have quietly signed up for a SaaS offering without permission.

Small wonder that in a recent IDC Canada survey 31 per cent of respondents whose companies don’t use public cloud solutions said their greatest concern about the technology is security.

What can you do about it? For one thing, get tough. Tell the provider you want a service level agreement with security-related metrics. Ask for customer references and call them – have they experienced security-related problems? How the did the provider respond? At the very least, find out if the provider has certifications like SSAE16.

Finally, consider making a rule in your organization that while most IT can be bought at the department level, SaaS products have to be approved before clicking on the OK button.