Welcome to the SecAware blog

I spy with my beady eye ...

31 Mar 2011

SaaS is great - says Google-sponsored survey

Call me a cynic ("You're a cynic, Gary!") but are we really meant to swallow whole a research report on the use of SaaS, plus perceptions about the security aspects, that has been sponsored by Google?

As with so many of these vendor-sponsored "surveys", we're presented with a potted selection of data (basically a handful of bar charts), some analysis and discussion, next to no information about the research methods - in short, not much to go on.   There is none of the modelling, hypothetical predictions, experimental evidence and rigorous scientific analysis that a genuine research report would be expected to contain, so the end result is basically just a marketing exercise.

That said, I'm intrigued to see that the very first bar chart in the report clearly identifies the widespread belief that security and privacy are worse with SaaS than with traditional in-house IT approaches:

The survey report is free and short, so by all means take a look and make up your own mind about its value.

Personally, I'm happy to use SaaS (including Google apps) for some specific, limited situations where the utility of SaaS outweighs the security concerns, but I steer well clear of it for a whole load of other applications.  We have already seen a number of serious security incidents reported with cloud computing and I don't expect them to stop coming any time soon.   There's a very obvious difference of scale between security incidents affecting global SaaS apps and those affecting an organization's internal IT systems, so the major SaaS vendors have to clear a high bar for their customers to remain secure.  In reality, the SaaS vendors are just as reliant as the rest of us on their technologies and their people, so incidents are inevitable.

Gary (Gary@isect.com)

No comments:

Post a Comment