SaaS: Is security still under a cloud?
Posted By admin on August 21, 2009
Security of data, especially financial information seems to be the biggest concern of business owners and leaders when it comes to employing cloud applications. Here are a couple of comments from professional accountants when asked if they would consider moving from their current on-premise applications to on-demand applications delivered on the internet.
“As a user I would be concerned with security, especially payroll and customer financial information and the liability if the data gets out. I would also be concerned if you did not pay your bill this month would you lose access to all your data. For me there are too many potential problems at this time and so I will not be using cloud systems even if the data stays on my machines.”
“I suspect that the micro companies I deal with will stay with desktop accounting programs (as will I). I think unless you have a T-1 type internet connection, connection speed and reliability will be an issue. I also wonder about security, in spite of assurances of adequate safeguards.”
I recently heard someone say how security is sometimes a notional concept. When I am in the confines of my house or neighborhood, I tend to feel more secure than if I were inside Fort Knox. This has to do with familiarity more than fact. My sense of security is driven by the familiarity I have with my environment, the people I see and trust day in and day out, as opposed to my general unfamiliarity within Fort Knox. It perhaps is an interesting exercise to go look at the assurances that on-demand service providers give. Granted, accountants may not fully understand or trust these as yet, but business owners and leaders seeking strategic advantages can put their minds to it and evaluate their choices. Approaches to security spread across the following:
- Industry standard tools: SSL (Secure Socket Layer), two factor authentication and strong access controls. Option of encryption of data for additional fee.
- Security frameworks and programs: based on or modeled after ISO 27002, CoBIT (Control Objectives for Information and related technologies)
- Physical controls : Restricted and limited access to personnel. Only those working with production systems can gain access, that too on limited period engagements with tight controls.
- Audits: SAS 70
- Contractual Guarantees: eg:NDAs.
- Disaster recovery plans
- Housekeeping: Periodic data back-up for offline storage.
In my next post, I would like to examine the assurances given by some of the industry leaders like NetSuite, Intacct and Bill.com
scott hall american cancer society…
Buy_generic pills…
osmotic behaviour of rbc in glucose…
Buy_generic pills…
percy weston cancer cause cure book…
Buy_generic drugs…
azithromycin 250 mg tablets…
Buy_now it…
viagra prostate removal…
Buy_generic drugs…
birth control pill and lowered libido…
Buy_drugs without prescription…
treatment of melanoma and vaginal cancer…
Buy_generic drugs…
sphenoid sinusitis causes double vision…
Buy_it now…
most effective antibiotics strep throat…
Buy_no prescription…
colon cancer systems…
Buy_now it…
mycotic aortic abdominal aneurysm…
Buy_it now…
food and drug regulatory…
Buy_it now…
johns hopkins lung cancer…
Buy_drugs without prescription…
autoimmune hepatitis glyconutrients…
Buy_generic meds…
keynesian economics great depression…
Buy_generic drugs…
postnatal doctor visit costs…
Buy_generic drugs…
спасибо за инфу
…
thanks
…
спс
…
…
спасибо за инфу
…
tnx
…
tnx for info
…
good
…
tnx for info
…
bob haircuts…
Simply desire to say your article is as astonishing. The clarity in your post is simply great and i can assume you’re an expert on this subject. Fine with your permission allow me to grab your feed to keep updated with forthcoming post. Thanks a milli…