Arcot Advisor
THE AUTHENTICATION AUTHORITY™ OCTOBER 2008
   

SaaS: Safe in the Cloud?

Cloud computingThe name "cloud computing" comes from the cloud-shaped network design that IT architecture drawings use to show data passing through the Internet. In recent years, computer architectural design has learned how to take advantage of the vast computing and storage capacity of the Internet. Companies are working with third-party vendors to store and access enormous amounts of data online, thus avoiding the need to add costly hardware and software while still enabling tremendous scalability and flexibility.

From the users' perspective, cloud computing is simply a "file cabinet in the sky" hosted by a third party that lets users access files, data, calendars, applications and services by using a Web browser.

The instant appeal of this idea is understandable, but as companies rush to take advantage of software-as-a-service (SaaS) applications and other cloud-computing services, they need to be aware of the security risks involved — and how to mitigate those risks.

Clarifying the concepts

A Gartner tutorial on cloud computing helps companies avoid getting lost in the cumulus hype. Gartner's analysts explain that SaaS is just one of many uses for cloud computing and that hosted applications aren't the whole story.

Gartner explains that cloud computing is the delivery mechanism for SaaS and clarifies the differences between the two concepts. The analyst firm describes cloud computing as "a style of computing where massively scalable IT-enabled capabilities are delivered as a service to external customers using Internet technologies" and SaaS as "software owned, delivered and managed remotely by one or more providers."

Reducing cost or increasing danger?

Is computing safe within the cloud? We have a certain amount of control over the security of our in-house data. We are attentive to viruses, malware, hard-disk crashes and personal identity theft. With hackers cracking corporate sites every day, can a third party protect our data better than we can in-house? Or do consolidated collections of user data make for bigger payoffs for identity thieves?

Many companies have turned to SaaS as a way to improve collaboration, get products to market faster, lower costs, simplify management of software licensing and save resources. However, the safety of their information remains questionable.

Risks and solutions

If you're currently outsourcing data storage or IT services to an SaaS vendor, you'll need to consider the following issues and tips for protecting your data.

  • Control. Do you need your IT department to maintain physical, logical and personnel control over your company's data? Protect your data by getting as much information as you can about who's guarding your data and how.
  • Accountability. Does the provider ultimately hold you accountable for the security and integrity of your data on its servers? If so, then you're paying for trivial services, not the "full meal deal" and may want to reconsider your vendor.
  • Location. Do you know where your data is stored in the cloud? It could be in any country. Find out as much as you can about privacy issues and the location of your data storage to get an understanding about the privacy regulations your SaaS vendor has to comply with.
  • Encryption. Don't believe that encryption is a cure-all. In the cloud, you are in a shared environment. Make the SaaS vendor show you that its encryption is strong and can keep your data separate from everyone else's.
  • Preparation. In the cloud, do you know what will happen to your data in the event of a disaster? Find out whether your vendor replicates the data and application infrastructure across multiple sites.
  • Traceability. What kind of investigative support does the cloud vendor provide? It's notoriously difficult to track illegal activity through the Internet. Get a contract commitment for specific types of investigation, including electronic discovery in case of litigation, and request evidence from the vendor that it has successfully supported such investigations.
  • Longevity. How long will your cloud vendor be around? Cloud providers may get swallowed by a larger company or simply fail. Ask how you can get your data back in the event of such a change. Find out what format the returned data will be in so that you can import it or export it to a similar application.

Arcot offerings

If you want to discover other options to protect your data, take a look at Arcot TransFort or A-OK On-Demand, both of which are available as licensed software or as a hosted service. TransFort was among the first SaaS offerings, and because it's designed for the cloud, you can implement authentication for your SaaS applications without installing or maintaining the software on your internal systems.

In the next issue of Arcot Advisor, we will focus on the growing corporate trend toward relying on SaaS for desktop applications such as spreadsheets and documents.

Learn more

To view a demo of Arcot TransFort or A-OK On-Demand, visit the Arcot Web site at http://www.arcot.com/ or call us at 1-866-99-ARCOT for more information.


Click here for a printable version of this page.