Cloud contracts poor on security, says Gartner

August 1, 2013 Off By David
Object Storage

Grazed from ComputerWeekly. Author: Warwick Ashford.

Buyers of commercial cloud services – especially software as a service (SaaS) – are finding security provisions inadequate, according to a report by research firm Gartner. Contracts need more transparency to improve risk management, analysts said, with SaaS contracts often have ambiguous terms regarding data confidentiality, data integrity and recovery after a data breach.

This leads to dissatisfaction among cloud services users and makes it difficult for service providers to manage risk and defend their risk position to auditors and regulators. Up to 80% of IT procurement professionals will remain dissatisfied with SaaS contract language and protections that relate to security for at least the next two years, Gartner predicts. “We continue to see frustration among cloud services users over the form and degree of transparency they obtain from prospective and current service providers,” said Alexa Bona, vice-president at Gartner…

At a minimum, Gartner believes cloud services users need to ensure that SaaS contracts allow for an annual security audit and certification by a third party, with an option to terminate the agreement in the event of a security breach if the provider fails on any material measure…

Read more from the source @ http://www.computerweekly.com/news/2240202904/Cloud-contracts-poor-on-security-says-Gartner