The security discussion around Software as a Service (SaaS) is pretty lively. It is common to hear IT professionals question whether service providers can be trusted to look after business data. We are trying to determine how real the risk actually is, and how it compares to risks currently associated with data storage in house …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 6th January 2011 12:16 GMT jake

::yawns::

I'll take *aas seriously when google, amazon, microsoft, facebook and yahoo are all trading server space in the name of saving money.

Until then ... Have a nice day.

0 0
Thursday 6th January 2011 13:46 GMT Anonymous Coward

Security nonsense

Most internal and external (SaaS) security is made completely irrelevant by poor practices such allowing users to enter credentials and passwords like "Passw0rd2011". The best encryption and security systems, whether internal or external can only do so much to protect idiots (read users) data.

0 0
1. Thursday 6th January 2011 19:21 GMT maclovinz
  
  Convenience trumps Security
  
  Convenience trumps Security every time!
  
  Until people get out of the standard "user" habits, they are forced to use use better practices (practices like common sense), and the companies themselves don't sell you out (literally), then security and SaaS won't go together.
  
  This is the same, metaphorically speaking, when discussing "Cloud Computing" (ACK!) in general.
  
  We're gonna go into the cloud, spending left and right to do so, then back away from it again, and so on and so forth. Same happened with Terminals (thin clients anyone) then to personal computers, now back to terminals, etc.
  
  Me, I'll just resist, since I'm all-knowing (not really, obviously).
  
  0 0
Thursday 6th January 2011 21:35 GMT gregoryg1

What the SaaS?

SaaS and *Cloud* solely in the name of saving money is short-sighted at best and completely asinine and foolish at worst. Acceptance of these technologies introduces what I believe is an uncontrollable and unacceptable factor into the security equation; the vast unknown black box that is the SaaS or *Cloud* provider and their myriad partners, employees and contractors; of which you have 0 control over.

As far as security is concerned using any services like these is ridiculous. It is hard enough to maintain adequate security and control over your data within a closed corporate environment. Introducing SaaS and *Cloud* to the security posture basically guarantees you have no security posture to speak of...

To quote an old adage, "If you want something done right; do it yourself." This applies to technology and security. Why in your right mind would you trust any third party with sensitive data for any reason whatsoever? Makes 0 sense.

2 0
1. Monday 10th January 2011 09:58 GMT MMcA
  
  You miss your own point
  
  "Why in your right mind would you trust any third party with sensitive data for any reason whatsoever?"
  
  Not all data (or computing) is sensitive. Plenty is public, plenty more is obscure, irrelevant and/or otherwise not secret or valuable to anyone else. If it's not intended to be secure anyway, makes perfect sense to outsource.
  
  Plus, how secure are most facilities anyway? Whenever HDDs and CD-ROMs go missing (disgruntled employee, theft, accident, etc), then keeping sensitive data in-house wasn't the best idea.
  
  (Paris, cos she's public, irrelevant and of no value.)
  
  0 0
Monday 10th January 2011 09:49 GMT Anonymous Coward

I don't even use ...

Stuff like net-based photo-editing apps? Why would I? I'll deal with my data on my computer with programs installed on my computer.

If I was still working, I'd extend the boundaries to my network, and programs and data on my servers --- but not outside, than you very much.

How long would it have taken me to say that via the survey?

0 0
Monday 10th January 2011 09:59 GMT Anonymous Coward

survey on SaaS

Article claims to reference a survey on perceptions of security wrt SaaS, yet all the questions seem to be about how securely my organization manages its data today.

The answer is: securely enough to know better than to answer surveys like that!!

0 0
1. Monday 10th January 2011 10:43 GMT Anonymous Coward
  
  Surveys
  
  Thats the trouble with surveys: "Can we waste 10 minutes of your time with something that will be of no use to you, but will identify your company for our marketing purposes" - and starts on a list of inane questions most of which have no relevance to the initial stated purpose of the survey.
  
  I would l like to set up an new survey here:
  
  1. Would you like to see a ban on all future surveys.
  
  Answer:
  
  A. Can't be bothered to answer
  
  B. Do I get a free beer from this?
  
  C. Some of the time
  
  D. Only if its banging on about security
  
  E. I have nothing better to do
  
  F. Already terminally bored
  
  0 0
  1. Monday 10th January 2011 13:47 GMT jake
    
    Re: AC 10:43
    
    A. Exactly.
    
    B. (Pint over lunch, in a couple hours. Coffee for the moment.)
    
    C. But very, very rarely.
    
    D. No. Answering "security questionnaires" isn't secure, by definition[1].
    
    E. AC is beginning to get a handle on things ...
    
    F. Exactly.
    
    This round's on me, and I almost never use icons :-)
    
    1 0
    1. Monday 10th January 2011 14:02 GMT jake
      
      Forgotten footnote.
      
      [1] http://forums.theregister.co.uk/post/894833
      
      0 0