Cloud Services Need More Data Security Transparency for Better Risk Management

Customers of commercial cloud computing services, notably SaaS (software as a service), are realizing serious data security holes in the contractual provisions of what is acclaimed by many as a practical cost-cutting IT solution. The IT market analyst Gartner has released a comprehensive report pointing out some discomforting oversights in cloud computing contracts which it characterized as containing “ambiguous terms” involving the maintenance of data integrity, confidentiality, and data recovery after a system failure leading to loss or compromised data housed in remote cloud computing servers.

The Problem Uncovered by the Garner Report

The situation has highlighted risks to data security that has led to jitters among cloud service customers while making it more difficult for service providers to rationalize the risk they expose their clients to without any clear contractual provision that can allay their data security fears. According to the Gartner report, 80% of IT professionals overseeing the contractual purchase of cloud services will remain dismayed over the inadequacy of data security protection in SaaS agreements with providers up to the year 2015.

The analysis section comprising the main body of the Gartner Report has sub-section titles that clearly indict the current state of SaaS contracts in the area of data risk management. It cautions cloud users not to use SaaS contracts as a “Hedge against Risks,” and not to be complacent in assuming that these contracts provide the company with “Risk Transparency” or the “Adequate Service Levels for Security and Recovery.”

At the moment, there is no standard or consensus among cloud service vendors on how best to provide the proper data security commitments. SaaS vendors would naturally want to expose themselves to as little commitment as possible. Among them, a single failure that compromise data security could affect several hosted customers so that even modest compensation costs could easily rack up. As a result, most cloud providers deliberately avoid such contractual obligations, some preferring to provide less expensive penalties in the form of services in kind in the event they fail to live up to any part of the SLA.

Putting in the right SLA provisions

According to Alexa Bona, VP of the prestigious firm, cloud service users are getting frustrated over the lack of transparency provided by current and prospective cloud service providers in risk management. She added that at the very least, cloud users should ensure that the SaaS agreement they enter with providers contain a provision that allow for an annual 3rd party security audit and certification, as well as the option for a unilateral termination of the contract should the provider fail to perform such measures.

Cloud customers should demand that SaaS providers respond to audit assessment as required in mitigating the risks. Bona refers to the Cloud Security Alliance (CSA) whose “Cloud Controls Matrix” in spreadsheet form effectively provides a comprehensive model listing the necessary control objectives considered by CSA participants as having high priority in cloud computing security. The more users demand this level of commitment, there is a higher chance that service level standards will improve, and covering data protection risks can become common practice among vendors through regular assessments as simple as service questionnaires, responses to 3rd party audit assessments, and client’s own on-site audit checks.

The report’s analysis section ends with the admonition that users should not assume that SaaS contracts have enough data security and recovery provisions in their service levels. This has obviously been the case so far and users reviewing their contracts with cloud service providers are recognizing the loopholes that expose them to the risk of data losses and recovery problems they didn’t have before going into cloud computing.

IT professionals responsible for procuring cloud services must ensure that their SLAs contain specific provisions that contractually obligates service provides to meet company expectations in protecting data from external attacks, theft and implementing data recovery. The Gartner report recommends that SLA provisions should include data recovery objectives, recovery time thresholds, and data integrity measures with sufficient penalties if missed. IT service procurement executives should ensure that there is enough security commitments in writing which, at the bare minimum, provide for regular penetration assessments by 3rd party security auditors, and an obligation to correct any potential problem uncovered by such audits. Needless to say, failure to act on the audit assessments should give customers the option to cancel the contract as well as demand a meaningful monetary compensation for any failure to address shortfalls in the security audit.

The risk implications to the business have driven IT professionals in the areas of data recovery, security, business continuity, and standards compliance to voice their concerns in the purchasing process when getting into commercial cloud services. Bona sees their active participation from here on in reviewing contracted SLAs to ensure that such agreements hold up to the company’s data security standards by having sustainable deals for adequate risk management on the part of cloud service providers. Lastly, Bona advises that cloud customers should seriously consider 2-3 year fee liability limits, instead of the usual 1-year period, along with procuring added risk and liability insurance policies whenever possible.

More Than 84 Percent Of Organizations Use Or Plan To Use Cloud Storage – Find Out Why!

The notion of “Cloud Storage” has been intensely debated over the past months, as research suggests that five out of six businesses either use or plan to use cloud storage in the near future. At the same time, a study conducted by TwinStrata, Inc. has revealed that one out of three businesses has already been using cloud storage for more than three years.

In addition to this, the same study suggests that the number of companies that have implemented SaaS, PaaS or IaaS has also increased over the past several years. More than 84% of the total number of businesses either use or consider using cloud storage in the future, due to its numerous benefits. This study was conducted at the beginning of 2013 and it was aimed at cloud-friendly respondents.

The statistics are impressive, but what is the fuss all about? In a nutshell, cloud storage refers to a model of enterprise storage where all the data is kept not just on the computer, but also in virtualized pools where it can be easily accessed by other users. This new and innovative form of data storage has numerous benefits, this is why it has become very sought-after in the business industry.

Given these impressive statistics, it’s perfectly fine to ask yourself why are businesses so interested in this innovative type of storage? The answer is very simple: the most notable benefit of cloud computing is the expansion of the storage space. Otherwise stated, organizations have more space to store important data, the information is safe and secure and it can be accessed on a 24/7 basis. Besides this, another important advantage is that users can access the platform regardless of their location, given the fact that the data is stored in a virtual pool on the Internet, rather than on a physical computer. This improves scalability and it facilitates access to information.

A Closer Look At The Statistics

Another reason that has determined the migration of businesses from traditional storage to cloud storage is the fact that storage capacity demands are outpacing the storage density growth. Statistics show that the storage density grows by no more than 20% a year, while the demand grows by up to 60% a year, which is three times faster. In other words, enterprises face the risk of running out of space where they can safely store their data.

This is where cloud storage steps in and offers business owners the peace of mind they need. The same statistics reveal that in the past year, the use of cloud services has increased steadily: the use of software as a service and platform as a service has increased by 10% as compared to the previous year.

The Bottom Line

In conclusion, these encouraging statistics reveal a promising future for cloud services. Businesses all around the world are the ones that benefit the most from the expansion of cloud storage, as this is a safer, more reliable, more efficient and more convenient alternative to traditional means of storing the information.