Cover your eyes !?!

by

A recent article in InformationWeek discussed ‘How 9 Hot Technologies Can Blow Up In Your Face’ – naturally, SaaS was one of the nine discussed.

The SaaS shortfalls?

The first is a familiar issue to us – the post-access security and privacy of sensitive data hosted in SaaS applications. The perceived security issues around the external risks of hosting data offsite with a third party SaaS vendor receives a great deal of attention (in our minds a little bit too much). The under appreciated risk often is the internal risks associated with employee access to SaaS applications and related data, which in many cases is not monitored and loosely managed. The example they give is that “you don’t necessarily want your New York sales reps to see sales data from reps in New Jersey” (yes, there’s probably a Soprano’s joke in here somewhere…) . The risks become even clearer when you start to think about the functional areas that SaaS is beginning to rapidly penetrate in addition to sales/CRM, and the sensitivity of the data that resides there (ERP, HR etc.)

The second issue was one that was a bit new to us. The article discusses the need for organizations that are subject to compliance mandates or standards such as HIPAA or SOX to have copies of critical hosted data on site. Rarely do compliance acts or standards explicitly mandate actions like this (SOX, as it’s merely a paragraph certainly does not). Instead organizations (at least better ones) implement standard IT process and control frameworks like ITIL, COBIT, ISO to help them demonstrate due care and that they’ve implemented an appropriate set of internal controls.

We haven’t run across any organizations that are being instructed by their internal or external audit teams to ensure onsite data replication of SaaS hosted data for compliance purposes, but would love to hear from someone if they have..

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: