SaaS/Cloud Audit Demands Could be Costly - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
5/14/2009
09:26 AM
David Linthicum
David Linthicum
Commentary
50%
50%

SaaS/Cloud Audit Demands Could be Costly

"Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. In reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive.

"Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. However, in reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive. The value proposition of cloud computing is about saving money, after all.

The recommendations are clear:

"With respect to data security, organizations must review the vendor's data protection techniques to ensure appropriate cryptography is used for both data in rest and in motion, and make sure the appropriate documentation is available for auditors. In addition, the provider's access control and authentication procedures should be reviewed, and companies should find out if third parties have access to the information."

And,

"Also, to ensure data security, companies should review the service provider's architecture to make sure proper data segregation is available and review their data leak prevention (DLP) deployment to prevent insider attacks, the report recommended."

And,

"Before utilizing a cloud computing provider's services, organizations also must conduct a feasibility study that engages legal, risk, and compliance officers to determine if cloud computing is appropriate with respect to laws and regulations the business is subject to. Next, organizations should determine which security, legal, and compliance needs are most important and find a vendor that meets those requirements, the report recommended."

The list goes on.

Auditors, lawyers, security specialists, etc.? The cost of placing some of IT outside of your firewall seems to be getting expensive quickly, not to mention complex.

There are two core drivers here: One is the cost reduction that cloud computing, including SaaS, promises. Two is the fact that cloud computing is now "way cool," and popular, and that's been driving much of the recent push. However, you need to consider both issues together. In other words, how much does it really costs to be cool?

Perhaps applications that require a great deal of security, and thus require many audits and legal protections as describe above, don't belong in the clouds in the first place. I suspect the cost of insuring and maintaining high-end security on the cloud computing platforms will be cost prohibitive, in many instances. Thus, without the cost benefit, cloud computing including SaaS loses its luster for business.

Having said that, I'm seeing a lot of enterprises move toward cloud computing anyway. They are thinking they can bring their security requirements along for the ride, attempting to treat cloud computing providers as owned and controlled assets. They are not. Therefore, they will have to introduce the rigor associated with ensuring security, and, thus, they will face the added costs.

It's politically incorrect to push back on cloud computing these days, but even the cloud computing providers will tell you that if you have excessive security requirements, perhaps you're not right for us. The larger corporations will expect cloud computing providers to work like their existing hardware and software vendors, bending over backwards to accommodate special needs. Unfortunately, for now, it does not work like that."Cloud computing providers require strong audits," according to SC Magazine's Angela Moscaritolo, who focuses on security in the world of SaaS and cloud computing. In reading through this article I kept returning to the fact that the cost of security, together with audits, could make cloud computing, including SaaS, cost prohibitive.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll