The security discussion around Software as a Service (SaaS) is pretty lively. It is common to hear IT professionals question whether service providers can be trusted to look after business data. We are trying to determine how real the risk actually is, and how it compares to risks currently associated with data storage in house …
I'll take *aas seriously when google, amazon, microsoft, facebook and yahoo are all trading server space in the name of saving money.
Until then ... Have a nice day.
Most internal and external (SaaS) security is made completely irrelevant by poor practices such allowing users to enter credentials and passwords like "Passw0rd2011". The best encryption and security systems, whether internal or external can only do so much to protect idiots (read users) data.
Convenience trumps Security
Convenience trumps Security every time!
Until people get out of the standard "user" habits, they are forced to use use better practices (practices like common sense), and the companies themselves don't sell you out (literally), then security and SaaS won't go together.
This is the same, metaphorically speaking, when discussing "Cloud Computing" (ACK!) in general.
We're gonna go into the cloud, spending left and right to do so, then back away from it again, and so on and so forth. Same happened with Terminals (thin clients anyone) then to personal computers, now back to terminals, etc.
Me, I'll just resist, since I'm all-knowing (not really, obviously).
What the SaaS?
SaaS and *Cloud* solely in the name of saving money is short-sighted at best and completely asinine and foolish at worst. Acceptance of these technologies introduces what I believe is an uncontrollable and unacceptable factor into the security equation; the vast unknown black box that is the SaaS or *Cloud* provider and their myriad partners, employees and contractors; of which you have 0 control over.
As far as security is concerned using any services like these is ridiculous. It is hard enough to maintain adequate security and control over your data within a closed corporate environment. Introducing SaaS and *Cloud* to the security posture basically guarantees you have no security posture to speak of...
To quote an old adage, "If you want something done right; do it yourself." This applies to technology and security. Why in your right mind would you trust any third party with sensitive data for any reason whatsoever? Makes 0 sense.
You miss your own point
"Why in your right mind would you trust any third party with sensitive data for any reason whatsoever?"
Not all data (or computing) is sensitive. Plenty is public, plenty more is obscure, irrelevant and/or otherwise not secret or valuable to anyone else. If it's not intended to be secure anyway, makes perfect sense to outsource.
Plus, how secure are most facilities anyway? Whenever HDDs and CD-ROMs go missing (disgruntled employee, theft, accident, etc), then keeping sensitive data in-house wasn't the best idea.
(Paris, cos she's public, irrelevant and of no value.)
I don't even use ...
Stuff like net-based photo-editing apps? Why would I? I'll deal with my data on my computer with programs installed on my computer.
If I was still working, I'd extend the boundaries to my network, and programs and data on my servers --- but not outside, than you very much.
How long would it have taken me to say that via the survey?
survey on SaaS
Article claims to reference a survey on perceptions of security wrt SaaS, yet all the questions seem to be about how securely my organization manages its data today.
The answer is: securely enough to know better than to answer surveys like that!!
Thats the trouble with surveys: "Can we waste 10 minutes of your time with something that will be of no use to you, but will identify your company for our marketing purposes" - and starts on a list of inane questions most of which have no relevance to the initial stated purpose of the survey.
I would l like to set up an new survey here:
1. Would you like to see a ban on all future surveys.
A. Can't be bothered to answer
B. Do I get a free beer from this?
C. Some of the time
D. Only if its banging on about security
E. I have nothing better to do
F. Already terminally bored
Re: AC 10:43
B. (Pint over lunch, in a couple hours. Coffee for the moment.)
C. But very, very rarely.
D. No. Answering "security questionnaires" isn't secure, by definition.
E. AC is beginning to get a handle on things ...
This round's on me, and I almost never use icons :-)