Security and Compliance

Another issue that some raise is security. There are security challenges in private, public, and hybrid environments, and there are unique challenges entailed in the cloud. For example, Josh Corman, research director for enterprise security at The 451 Group, observed that “it’s incredibly difficult to do court-admissible forensics without having logs at many levels that cross the. . .boundary between the cloud provider and the enterprise. . .making forensics a very ominous and difficult problem in any public cloud.”6 As well-known cloud blogger and researcher Krishnan Subramanian observed hybrid clouds create a larger IT perimeter to be defended and additional challenges in identity and access management, data transport, security policies, and security of the hybrid cloud management tools.7

However, chances are that leading SaaS providers can pay better attention to all dimensions of security—physical and logical—and compliance than an SMB, and even a well-run enterprise, just as a bank pays more attention to security than your mattress does. Are there potential security vulnerabilities by using a SaaS provider? Yes. But the question is: Are these vulnerabilities greater or lesser than do-it-yourself?

Today’s world of compliance is an alphabet soup of standards, processes, certifications, laws, regulations, and bodies. Examples include the Statement on Auditing Standards (SAS) 70, the IT Governance Institute (ITGI) Control Objectives for Information and ...