Cloud
Commentary
5/14/2009
09:26 AM
David Linthicum
David Linthicum
Commentary
Connect Directly
RSS
E-Mail
50%
50%

SaaS/Cloud Audit Demands Could be Costly

"Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. In reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive.

"Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. However, in reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive. The value proposition of cloud computing is about saving money, after all.

The recommendations are clear:

"With respect to data security, organizations must review the vendor's data protection techniques to ensure appropriate cryptography is used for both data in rest and in motion, and make sure the appropriate documentation is available for auditors. In addition, the provider's access control and authentication procedures should be reviewed, and companies should find out if third parties have access to the information."

And,

"Also, to ensure data security, companies should review the service provider's architecture to make sure proper data segregation is available and review their data leak prevention (DLP) deployment to prevent insider attacks, the report recommended."

And,

"Before utilizing a cloud computing provider's services, organizations also must conduct a feasibility study that engages legal, risk, and compliance officers to determine if cloud computing is appropriate with respect to laws and regulations the business is subject to. Next, organizations should determine which security, legal, and compliance needs are most important and find a vendor that meets those requirements, the report recommended."

The list goes on.

Auditors, lawyers, security specialists, etc.? The cost of placing some of IT outside of your firewall seems to be getting expensive quickly, not to mention complex.

There are two core drivers here: One is the cost reduction that cloud computing, including SaaS, promises. Two is the fact that cloud computing is now "way cool," and popular, and that's been driving much of the recent push. However, you need to consider both issues together. In other words, how much does it really costs to be cool?

Perhaps applications that require a great deal of security, and thus require many audits and legal protections as describe above, don't belong in the clouds in the first place. I suspect the cost of insuring and maintaining high-end security on the cloud computing platforms will be cost prohibitive, in many instances. Thus, without the cost benefit, cloud computing including SaaS loses its luster for business.

Having said that, I'm seeing a lot of enterprises move toward cloud computing anyway. They are thinking they can bring their security requirements along for the ride, attempting to treat cloud computing providers as owned and controlled assets. They are not. Therefore, they will have to introduce the rigor associated with ensuring security, and, thus, they will face the added costs.

It's politically incorrect to push back on cloud computing these days, but even the cloud computing providers will tell you that if you have excessive security requirements, perhaps you're not right for us. The larger corporations will expect cloud computing providers to work like their existing hardware and software vendors, bending over backwards to accommodate special needs. Unfortunately, for now, it does not work like that."Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. In reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive.

Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.