Gartner: SaaS contract language regarding security is lacking

Grazed from NetworkAsia. Author: Chris Kanaracus.

The large majority of people working in IT procurement are "significantly dissatisfied" with the way SaaS (software as a service) vendors define contract language related to security, a feeling likely to persist through 2015, according to a Gartner report.

"Contractually, very little security language appears in the body of SaaS contracts," Gartner analysts Jay Heiser and Alexa Bona wrote in the report. "Typically the security section contains little more than platitudes, stating that the provider will use ‘commercially reasonable efforts to establish and maintain security safeguards.’ These are often declared to be ‘in line with industry standards,’ which are mostly never defined."…

SaaS vendors also tend to give themselves the right to change security language at will, rather than adhere to a specific version, according to Gartner. Gartner reviewed more than 100 SaaS vendors’ "master service agreements or service contracts and [service level agreements]" for the report, and found that providers "are extremely vague about the forms of service, and especially the levels of it."…

Read more from the source @ http://networksasia.net/article/gartner-saas-contract-language-regarding-security-lacking-1375655444