Gartner analyst questions cloud security
Gartner analyst Guy Creese has said that software-as-a-service (SaaS), or cloud applications, still need to mature to offer better security to customers, many of whom still worry about storing sensitive information in the cloud.
Speaking at Gartner’s Catalyst Conference, Creese explained that many companies tell Gartner that they expect SaaS applications to support the Security Assertion Markup Language (SAML), a standard for exchanging authentication and authorisation data, but many do not and in some cases vendors have never even heard of it.
He also said off-boarding employees who leave a company from SaaS applications is a real challenge when companies want to revoke cloud and network access at the same time, though moves are being made by some vendors to address user concerns over cloud identity management.
Research by Gartner, based on a survey of 425 respondents from IT risk management disciplines in the United States, United Kingdom, Germany and Canada, shows that cost and agility are still driving SaaS adoption, but concerns still exist around licensing, integration between cloud and on-premises systems, and an immature ecosystem, including insurance, legal issues and IT skill sets.
With these concerns in mind, the study also found that companies have more policy in place to deal with SaaS issues. The research found that Compared with Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), organisations were about 30% more likely to have a policy against putting sensitive data into SaaS, and about 45% more likely to have a policy against putting it into outsourced data centres.
Creese commented, “SaaS is different things to different regions and it has different maturity levels. It remains a work in progress, but it will get better over time. Make sure your business understands the limitations and the risks. And walk away if necessary.”