Trust and security in the cloud
The myths and realities of hosted applications
First published: March 2011
By Andrew Buss & Dale Vile
Many companies could do much better when it comes to in-house security
Many companies implement security reasonably well, but there is a widespread gap in the tools and policies they have in place with the result being that their security capability is some way off where they would like it to be. Additionally, there is a significant risk of data loss through end user devices and services, which is amplified by a general lack of attention to security by the workforce.
SaaS adoption is limited currently, but there is increasing interest from the business
SaaS is not yet part of the mainstream, but interest is increasing. While it might be expected that demand is driven by individuals or departments, the biggest driver in fact is felt to come from business leaders as well as senior IT management. This demand means that IT departments will increasingly be under pressure to consider and deploy SaaS as part of the service delivery portfolio.
The biggest impediment to SaaS adoption is a perception of security issues
There is a widespread belief that SaaS represents a considerable step backwards in security and privacy in comparison to on-premise capabilities, and that this is a sufficient reason not to adopt SaaS. Additionally, SaaS providers are seen by the respondents as broadly similar when it comes to security and privacy regardless of their actual capabilities.
Companies with experience of SaaS are positive about provider security
There is an understandable attitude amongst those companies that have limited or no experience of SaaS that what is new or unknown represents a risk. However, when it comes to companies that use SaaS extensively, most view provider security as either equal to, or better than, their onpremise capabilities. This changes the outlook completely, with security moving from being a blocker of SaaS to being a potential driver of adoption.
SaaS is likely to help with shortcomings of on-premise security capabilities
Given the security gap that exists for many companies, which is especially marked for departmental and collaboration applications, SaaS can help to raise the overall level of security. But it needs to be evaluated impartially using the same criteria as on-premise solutions since providers differ with regard to capability, culture, service and cost.