5 ways to take the opaqueness out of cloud contracts

Grazed from ZDNet. Author: Joe McKendrick.

Eight out of 10 enterprise Software-as-a-Service buyers will not be happy with the contracts they sign. And there’s good reason for that. That’s the prediction from Gartner analyst Alexa Bona, who chides the current state of contracts, which all too often "have ambiguous terms regarding the maintenance of data confidentiality, data integrity and recovery after a data loss incident."

Bona outlines three options enterprise cloud buyers need to exercise every time they cut a cloud agreement:

Bring in third-party verification. SaaS contracts should "allow for an annual security audit and certification by a third party, with an option to terminate the agreement in the event of a security breach if the provider fails on any material measure," Bona advises…

Insist on standardized assessments. "Ask a provider to respond to the findings of assessment tools," says Bona. "The Cloud Security Alliance (CSA), for example, has a Cloud Controls Matrix in the form of a spreadsheet containing control objectives deemed by participants in the CSA to be important for cloud computing."…

Read more from the source @ http://www.zdnet.com/5-ways-to-take-the-opaqueness-out-of-cloud-contracts-7000018938/