View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

SaaS providers must be more transparent about security

Gartner calls for annual security audit for SaaS products.

By CBR Staff Writer

Around 80% of IT procurement professionals will remain dissatisfied with SaaS contracts’ ‘vague’ security clauses through to 2015, according to analysts Gartner.

The research firm said cloud services users need to ensure that SaaS contracts allow for an annual security audit and certification by a third party, with an option to terminate the agreement in the event of a security breach if the provider fails on any material measure.

Gartner VP and analyst Alexa Bona said: "We continue to see frustration among cloud service users over the form and degree of transparency they are able to obtain from prospective and current service providers."

According to Gartner, it is reasonable for cloud service buyers to ask a provider to respond to the findings of assessment tools.

The Cloud Security Alliance (CSA) has a cloud controls matrix in the form of a spreadsheet containing control objectives deemed by participants in the CSA to be important for cloud computing.

"As more buyers demand it, and as the standards mature, it will become increasingly common practice to perform assessments in a variety of ways, including reviewing responses to a questionnaire, reviewing third-party audit statements, conducting an on-site audits and/or monitoring the cloud services provider," Bona said.

Gartner analysts said that cloud users should not automatically assume that SaaS contracts come with adequate service levels for security and recovery.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Bona said regardless of the terminology used in service-level agreements, IT procurement professionals expecting their data to be protected from attack, or to be restorable in case of an incident, must ensure their providers are under contract to meet those expectations.

Gartner suggested SaaS users should negotiate for 24 to 36 months of fee liability limits, rather than 12 months.

"They should continue regularly to review their cloud contract protection to ensure that IT procurement professionals make sustainable deals that contain sufficient risk mitigation," Bona added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU