SaaS Risk Management: Involve IT Early

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Cloud computing raises compliance and security questions for any company -- public, private, large, small, or anywhere in between. These questions include "Where does my data reside for purposes of determining which laws and regulations apply?" "Does my cloud provider have the necessary tools and processes in place to protect my data?" and "Who is responsible for preserving/retrieving data for purposes of litigation?"


For the most part, if the questions raised are explicitly addressed in tthe company's service-level agreement with the cloud provider so that both parties know which is responsible for what, there should not be many compliance problems. However, as Internet Evolution writer and Transworld Data CEO Mary Shacklett points out, if the IT departments within those companies step up and take ownership of the decision to move certain processes to the cloud, as well as which vendor to use, the risk decreases even more.


To that end, Shacklett sets out additional things IT should be willing to consider when it comes to cloud computing:

  • The service provider's technological capabilities.
  • Disaster recovery and business continuation plans with the service provider.
  • The service provider's ability to stay in business/financial circumstances.
  • The vendor's ability to adhere to the compliance standards of your industry.


But the most important thing, she says, is to get IT involved before contracts are signed with the service provider. That way you can make sure all the bases are covered before you get started rather than trying to backtrack and reactively "Band-Aid" the problem areas.