Gartner Says Organizations More Likely to Use SaaS for Sensitive Data Than Mission-Critical Data
August 23, 2012
Share this

Avoiding the use of software as a service (SaaS) for critical or sensitive data remains a significant form of risk control for many organizations, according to Gartner, Inc. But those that do use SaaS for such data are more likely to use it for sensitive data than for mission-critical data.

These findings are based on Gartner's latest annual survey of the state of risk management programs globally, which questioned 425 respondents from IT risk management disciplines in the U.S., U.K., Germany and Canada from December 2011 to January 2012.

The survey results show that organizations take different approaches to risk management when confronted with a need or opportunity to share data with different types of external party.

Assessment Practices for External Parties

Survey respondents were asked if they had processes in place to assess external party security, risk management, compliance, privacy and BCP/DR for four different situations. Respondents answered: “Do not allow use for sensitive data or processes" almost twice as often in the case of business partners (38 percent) as for platform as a service (PaaS) and infrastructure as a service (IaaS) (20 percent).

Compared with PaaS/IaaS, organizations are about 30 percent more likely to have a policy against putting sensitive data into SaaS (26 percent), and about 45 percent more likely to have a policy against putting it into outsourced data centers (29 percent).

"These results make sense, given that sharing data with a partner almost certainly means that one or more of its employees will be accessing the data, while in a SaaS scenario, the data is typically only accessible to the primary customer," said Jay Heiser, Research VP at Gartner. "This year we asked about both data availability and data confidentiality policies. Survey respondents indicated 10 percent less willingness to place mission-critical data into a SaaS offering than to place sensitive data into it. They were even less willing to place mission-critical data into outsourced data centers, with over one-third of respondents saying that they do not allow it."

Platform-as-a-Service/Infrastructure-as-a-Service Risk Assessment Practices

Only 57 percent of IaaS/PaaS buyers are using a questionnaire to support their risk assessment, and unlike for SaaS, the questionnaire is more likely to be a proprietary one, unique to the buyer's organization, and less likely to be based on standards. As in the case of SaaS, 26 percent are also evaluating information from the provider. The most dramatic change over the past three years is the increased willingness to use IaaS and PaaS for sensitive processes.

Outsourced Data Center Risk Assessment Practices

Thirty-six percent of respondents said they had a policy against putting mission-critical data into an outsourced data center, making avoidance the most chosen mechanism for dealing with data center risk. The level of response for this choice is significantly higher than for either of the other two service models. Twenty-nine percent said this policy applied to SaaS, and only 22 percent said it applied to IaaS/PaaS.

"One of the biggest drivers is probably an expectation that the packaged service offerings, which typically claim to be based on cloud computing, are more reliable," said Mr Heiser. "While fault tolerance is a feature of many such offerings, we consider it premature to assume that mission-critical data is safer in a cloud than in a traditional data center in which buyers usually make very specific choices about how data will be backed up."

The most significant reduction in the use of risk assessment practices has been in the practice of sending company staff to evaluate a partner's controls on-site, which has dropped by over 40 percent over three years. Use of standards-based questionnaires has increased, while the use of proprietary surveys has dropped by the same degree, leaving the prevalence of questionnaires virtually the same.

Share this

The Latest

December 12, 2019

Industry experts offer thoughtful, insightful, and often controversial predictions on how APM and related technologies will evolve and impact business in 2020. Part 2 covers AIOps, AI and Machine Learning (ML) ...

December 11, 2019

As the New Year approaches, it is time for APMdigest's 10th annual list of Application Performance Management (APM) predictions. Industry experts offer thoughtful, insightful, and often controversial predictions on how APM and related technologies will evolve and impact business in 2020 ...

December 10, 2019

Enterprises with services operating in the cloud are overspending by millions due to inefficiencies with their apps and runtime environments, according to a poll conducted by Lead to Market, and commissioned by Opsani. 69 Percent of respondents report regularly overspending on their cloud budget by 25 percent or more, leading to a loss of millions on unnecessary cloud spend ...

December 09, 2019

For IT professionals responsible for upgrading users to Windows 10, it's crunch time. End of regular support for Windows 7 is nearly here (January 14, 2020) but as many as 59% say that only a portion of their users have been migrated to Windows 10 ...

December 05, 2019

Application performance monitoring (APM) has become one of the key strategies adopted by IT teams and application owners in today’s era of digital business services. Application downtime has always been considered adverse to business productivity. But in today’s digital economy, what is becoming equally dreadful is application slowdown. When an application is slow, the end user’s experience accessing the application is negatively affected leaving a dent on the business in terms of commercial loss and brand damage ...

December 04, 2019

Useful digital transformation means altering or designing new business processes, and implementing them via the people and technology changes needed to support these new business processes ...

December 03, 2019
The word "digital" is today thrown around in word and phrase like rice at a wedding and never do two utterances thereof have the same meaning. Common phrases like "digital skills" and "digital transformation" are explained in 101 different ways. The outcome of this is a predictable cycle of confusion, especially at business management level where often the answer to business issues is "more technology" ...
December 02, 2019

xMatters recently released the results of its Incident Management in the Age of Customer-Centricity research study to better understand the range of various incident management practices and how the increased focus on customer experience has caused roles across an organization to evolve. Findings highlight the ongoing challenges organizations face as they continue to introduce and rapidly evolve digital services ...

November 26, 2019

The new App Attention Index Report from AppDynamics finds that consumers are using an average 32 digital services every day — more than four times as many as they realize. What's more, their use of digital services has evolved from a conscious decision to carry around a device and use it for a specific task, to an unconscious and automated behavior — a digital reflex. So what does all this mean for the IT teams driving application performance on the backend? Bottom line: delivering seamless and world-class digital experiences is critical if businesses want to stay relevant and ensure long-term customer loyalty. Here are some key considerations for IT leaders and developers to consider ...

November 25, 2019

Through the adoption of agile technologies, financial firms can begin to use software to both operate more effectively and be faster to market with improvements for customer experiences. Making sure there is the necessary software in place to give customers frictionless everyday activities, like remote deposits, business overdraft services and wealth management, is key for a positive customer experience ...