Difference between revisions of "Cloud-10 Risks with SaaS"

From OWASP
Jump to: navigation, search
(Added 4 references)
 
Line 25: Line 25:
 
Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86.  Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).  
 
Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86.  Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).  
  
 +
Gartner: Seven Cloud-Computing Security Risks. http://www.cio.com/article/423713/Gartner_Seven_Cloud_Computing_Security_Risks?page=1&taxonomyId=1419
  
 +
Google: Cloud computing more secure than traditional IT. http://www.computerweekly.com/Articles/2009/07/21/236982/cloud-computing-more-secure-than-traditional-it-says.htm
 +
 +
Top five cloud computing security issues. http://www.computerweekly.com/Articles/2009/04/24/235782/top-five-cloud-computing-security-issues.htm
 +
 +
Cloud Security Alliance. http://www.cloudsecurityalliance.org/guidance/csaguide.pdf
  
  

Latest revision as of 08:38, 17 August 2009

Potential security risks and loss of IT control topped the list of perceived barriers to SaaS adoption (Anthes, 2009). "On a list of 24 possible IT project priorities for 2009, a survey respondents ranks SaaS at No.23".


5 Risks:

1. Data Security

    One company data co-mingled with other businesses' data (e.g: Salesforce.com)

2. Lack of federated identity management

    Due to multiple identities of employees at multiple SaaS providers, an employee's access cannot be shut off automatically, following termination of an employee.

3. Lack of strong service level agreements (SLAs) and contracts that hold people accountable should something happen.

4. Lack of interoperability among vendors (Vendor Lock-in)

     Puts companies at risk if SaaS provider goes out of business or acquired by a competitor. Switching costs could be high. 

5. Web Application and Infrastructure Vulnerabilities


References:

Anthes, G.. (2009, January). SaaS Realities. Computerworld, 43(1), 21-22. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1626575741).

Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).

Gartner: Seven Cloud-Computing Security Risks. http://www.cio.com/article/423713/Gartner_Seven_Cloud_Computing_Security_Risks?page=1&taxonomyId=1419

Google: Cloud computing more secure than traditional IT. http://www.computerweekly.com/Articles/2009/07/21/236982/cloud-computing-more-secure-than-traditional-it-says.htm

Top five cloud computing security issues. http://www.computerweekly.com/Articles/2009/04/24/235782/top-five-cloud-computing-security-issues.htm

Cloud Security Alliance. http://www.cloudsecurityalliance.org/guidance/csaguide.pdf