cloud security cloudtimes Closing Security Loopholes in Cloud Service AgreementsCloud business solutions have been growing at a skyrocketing speed especially Software-as-a-Service (SaaS). Companies, however, need to realize that cloud contracts have a lot of security loopholes that need to be addressed ASAP. Cloud contracts have a lot of growing up to do according to the results of the new research conducted by Gartner.

Business users of SaaS are discovering security issues in terms of data confidentiality, risk management, data recovery and data integrity. Gartner suggests that cloud contracts need more transparency in these areas to assure business companies.

“We continue to see frustration among cloud services users over the form and degree of transparency they are able to obtain from prospective and current service providers,” Alexa Bona, Gartner VP and distinguished analyst stated.

Bona emphasized to business cloud users that it needs to push these issues in the cloud service agreement including data integrity and recovery time before finalizing a conract. It should also be made clear that the SaaS vendor agrees to do a regular vulnerability testing of at least once a year, and to ensure that there are no third party unauthorized data breaches. In cases of the latter, the agreement should state that customers can terminate the service agreement  immediately.

Another clause that should be included is the fee liability limits that are currently set at 12 months; it must be re-negotiated at a minimum of at least 24 to 36 months. CIOs can also add in the security clause that service vendors must respond to vulnerability issues as a result of the assessment tools. Useful resources that can be considered by businesses include Cloud Controls Matrix or Cloud Security Alliance (CSA). No matter how appealing a cloud service agreement sounds, the priority of every business is to ensure that SaaS providers are contractually obligated to ensure security measures are in place.

“It will become increasingly common practice to perform assessments in a variety of ways, including reviewing responses to a questionnaire, reviewing third-party audit statements, conducting on-site audits and/or monitoring the cloud services provider,” Bona said.

It is expected that SaaS vendors will begin to review its service agreements to appease its customers. This is especially following the news about the program PRISM from the National Security Agency.

“They should continue regularly to review their cloud contract protection to ensure that IT procurement professionals make sustainable deals that contain sufficient risk mitigation,” Bona said.

  • Susan Bilder

    Before effective security agreements can be established for the cloud, there needs to be an agreement on security standards and testing practices. If an organization with confidential data wants to move that data into the cloud, they will need to show that they took reasonable precautions to secure that data, which means that we need to have a definition of exactly what a reasonable precaution is.

Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE