Comments on: Security Must Haves in a SaaS Provider http://snajsoft.com/2009/12/29/security-must-haves-in-a-saas-provider/ Software Engineer > Security Officer > Security Architect Mon, 31 Oct 2011 09:00:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Shaheen Abdul Jabbar http://snajsoft.com/2009/12/29/security-must-haves-in-a-saas-provider/comment-page-1/#comment-31 Shaheen Abdul Jabbar Fri, 22 Jan 2010 17:46:05 +0000 http://snajsoft.com/?p=238#comment-31 I have tried using this checklist to conduct couple of vendor assessments. As some of you said, this is an exhaustive one and a SaaS vendor may not be able to meet all of them. Some of the requirements are achieved through contracts. Those few items that cannot be complied may need to be accepted as risk. The vendors I have met so far are willing to meet all of them. They may need some time to achieve the target - they are learning as the industry grows. From the vendor’s point of view, wouldn’t they want to appear as a secure service for their customers? I have tried using this checklist to conduct couple of vendor assessments. As some of you said, this is an exhaustive one and a SaaS vendor may not be able to meet all of them. Some of the requirements are achieved through contracts. Those few items that cannot be complied may need to be accepted as risk.

The vendors I have met so far are willing to meet all of them. They may need some time to achieve the target – they are learning as the industry grows. From the vendor’s point of view, wouldn’t they want to appear as a secure service for their customers?

]]> By: Thomas Dager http://snajsoft.com/2009/12/29/security-must-haves-in-a-saas-provider/comment-page-1/#comment-30 Thomas Dager Thu, 21 Jan 2010 17:43:21 +0000 http://snajsoft.com/?p=238#comment-30 I agree...the list is interesting, but also very one-sided and not grounded in reality. There is no way any SaaS is going to agree to all of those points. I agree…the list is interesting, but also very one-sided and not grounded in reality.

There is no way any SaaS is going to agree to all of those points.

]]> By: Samir Pawaskar http://snajsoft.com/2009/12/29/security-must-haves-in-a-saas-provider/comment-page-1/#comment-29 Samir Pawaskar Thu, 21 Jan 2010 17:42:18 +0000 http://snajsoft.com/?p=238#comment-29 The list is interesting. The only problem or lets say concern I have is will any SaaS / cloud computing provider be able to comply with this? Or in other words have you successfully evaluated any any cloud computing provider against this checklist. I would be interested to know them... Thanks and Regards Samir The list is interesting. The only problem or lets say concern I have is will any SaaS / cloud computing provider be able to comply with this?

Or in other words have you successfully evaluated any any cloud computing provider against this checklist.

I would be interested to know them…

Thanks and Regards
Samir

]]>