Gartner recently released recommendations for gaining transparency into cloud software as a service (SaaS) contracts – including emphasis on annual security audits and certification by a third party to verify a cloud vendor’s operating/product security.
Gartner also recommends that contracts allow for an option to terminate the agreement in the event of a security breach if the provider fails on any material measure. Gartner’s report, Cloud Contracts Need Security Service Levels to Better Manage Risk reveals that 80 percent of IT procurement professionals will remain dissatisfied with SaaS contract language and protections that relate to security over the next two years.
“We continue to see frustration among cloud services users over the form and degree of transparency they are able to obtain from prospective and current service providers,” said Alexa Bona, vice president and analyst at Gartner.
So how can you maintain complete transparency into your cloud service provider’s ability to provide ongoing secure services? The following is relevant to cloud infrastructure as a service (IaaS) providers that may offer services to other software as a service (SaaS) providers:
Gaining transparency into your cloud provider’s environment may take more upfront work on your organization’s part, but it could be worth it in the end – the Ponemon Institute revealed that the cost of a data breach is rising across the globe in 2013 Cost of Data Breach Study: Global Analysis (PDF).
Enterprise Cloud Infrastructure as a Service (IaaS): Security, Reliability & Availability Desired
According to a recent survey by IT research firm Neovise as reported by CIOInsight.com of over 800 IT decision-makers in the U.S., enterprise cloud infrastructure as a service (IaaS) is the most widely adopted form of cloud computing. Thirty-seven percent … Continue reading →
Securing Regulated Data with a Private Cloud Infrastructure
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute described how the shift of the attack surface from the mobile device is moving to unsecure places in the cloud environment with unsecure data, as reported by HealthITSecurity.com. More specifically, … Continue reading →
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.