For widespread SaaS adoption, security solutions to control and protect critical data cannot come at the expense of functionality
WATERLOO, ON, May 19 /PRNewswire/ - PerspecSys Inc. (www.perspecsys.com), maker of a cloud data security platform that ensures full control and protection of sensitive data used in the public cloud, said today that the knowledge and governance gap that hinders the adoption of cloud-based software-as-a-service, or SaaS, may be narrowing but that significant work remains to be done.
The prospect of cloud computing has been broadly embraced by the marketplace due to the dramatic benefits it offers over traditional enterprise applications installed behind the user's firewall. Gartner has forecast the worldwide SaaS market to double from $8 billion in 2009 to $16 billion by the end of 2013, as "tighter capital budgets in the current economic environment demand leaner alternatives, popularity increases, and interest for platform as a service and cloud computing grows."
However, since SaaS offers almost immediate time to value, vendors such as Salesforce.com have enjoyed great success selling to line-of-business managers in enterprises, often bypassing the security and governance rigor associated with traditional software implementations.
This has created a governance gap that potentially makes these enterprises non-compliant with legal, regulatory or internal governance policies. For example, in the recent "Security of Cloud Computing" study by the Ponemon Institute and CA Inc., more than 50 percent of respondents in the U.S. said their organization was unaware of all the cloud services deployed in their enterprise. These rogue users threaten the security of the organization's sensitive data.
"Enterprises that are adopting cloud applications such as Salesforce.com are increasingly doing so along with the implementation of SaaS security solutions," said Jeff Campbell, president and CEO of PerspecSys. "This is indicative of IT adapting their infrastructure to address the unique security requirements for cloud computing in support of the evolving needs of the business. However, the key challenge that remains is ensuring security without sacrificing functionality."
THE THREE LAYERS OF THE PUBLIC CLOUD
The public cloud is divided into three layers. The first is platform as a service (PaaS), which is governed by standards set forth by Open Web Application Security Project (OWASP). The second is infrastructure as a service (IaaS), which is governed by the SAS 70 II auditing standard developed by the American Institute of Certified Public Accountants.
The third layer, software as a service (SaaS), where user's data resides, has attracted the most interest and positive response from the market place, yet it is the one layer of the cloud not governed by any standards to ensure data security.
THE SECURITY CONUNDRUM OF SAAS
This lack of security regulation and standard in the data layer presents huge adoption barriers for many enterprises.
In its March 2010 Security Spending Survey, Goldman Sachs observed a significant shift in user sentiment to cloud and SaaS solutions. In its survey, only 24 percent of respondents said they would not use any SaaS or cloud applications until they have more clarity on how to secure their data, compared to 46 percent in an October 2009 survey. Goldman Sachs attributed this shift in attitude to companies' abilities to design customized solutions to solve some of the data security problems, as 20 percent, (versus 10 percent previously) now say that they use the cloud after an additional security solution has been purchased.
However, these customized or third-party security solutions - mash-ups developed in-house, application integration, and encryption tools - can significantly impair the functionality of the cloud application.
Consequently, the public cloud still presents serious issues for many organizations, including data privacy demanded by regulatory compliance requirements, accepted industry standards and the organization's own internal directives; data residency that dictates control and governance of data, including its backup and recovery; and ensuring data security from both external and internal threats.
In its March 2010 report, "Top Threats to Cloud Computing," the Cloud Security Alliance highlighted common cloud-computing threats, including shared-technology issues, data loss or leakage, and account or service hijacking. It's these threats to sensitive data that cause C-level decision makers to block adoption of SaaS applications.
The challenge for most organizations is to take the robust governance that typically already exists for enterprise-sensitive data behind the firewall and transfer this to the cloud.
"While IT departments can set and manage policies regarding platforms and infrastructure, regulatory compliance means the top-level executives must take responsibility for their data protection," said Terry Woloszyn, founder and CTO of PerspecSys. "PerspecSys allows the enterprise to apply their current data compliance standards and procedures to sensitive cloud data as well."
AN APPROACH THAT DOESN'T SACRIFICE FUNCTIONALITY FOR SECURITY
PerspecSys has eliminated the security-functionality paradox of the cloud with its Privacy, Residency and Security data governance platform, the PRS Server.
The PRS Server addresses the current concerns surrounding cloud adoption, namely the ceding to the cloud provider of control over private and sensitive data such as company secrets, personally identifiable data such as customer records, and other commercially sensitive information. PerspecSys allows the company to retain the control over sensitive data, thereby mitigating the emerging threats to cloud applications, and remaining compliant with regulatory and standards requirements.
"We sincerely believe SaaS in the public cloud is the future," said Campbell. "But without a platform that can maintain the integrity of the value proposition and the functionality of applications in the public cloud while mitigating their inherent privacy, data residency and cloud security concerns, widespread adoption simply will not happen."
The PRS Server has an available plug-in for Salesforce.com, the most widely adopted SaaS platform. PerspecSys plans to apply the same principles to other cloud applications in additional plug-ins to be released.
PerspecSys Inc. is a privately held Canadian corporation, based outside of Toronto, Ontario, Canada. Our mission is to provide Cloud Data Governance solutions that address the critical issues of Privacy, Residency and Security in the cloud. The PerspecSys PRS solutions allow organizations to adopt cloud-based applications, while maintaining total control of their private and sensitive data, thereby helping to ensure that they are compliant with the legislative, regulatory and policy requirements imposed by their geography, industry, or company.
"PRS Server" is a trademark of PerspecSys Inc. The names of other companies or products mentioned herein may be the trademarks of their respective owners.
SOURCE PerspecSys Inc.