Gartner Says Organizations More Likely to Use SaaS for Sensitive Data Than Mission-Critical Data
August 23, 2012
Share this

Avoiding the use of software as a service (SaaS) for critical or sensitive data remains a significant form of risk control for many organizations, according to Gartner, Inc. But those that do use SaaS for such data are more likely to use it for sensitive data than for mission-critical data.

These findings are based on Gartner's latest annual survey of the state of risk management programs globally, which questioned 425 respondents from IT risk management disciplines in the U.S., U.K., Germany and Canada from December 2011 to January 2012.

The survey results show that organizations take different approaches to risk management when confronted with a need or opportunity to share data with different types of external party.

Assessment Practices for External Parties

Survey respondents were asked if they had processes in place to assess external party security, risk management, compliance, privacy and BCP/DR for four different situations. Respondents answered: “Do not allow use for sensitive data or processes" almost twice as often in the case of business partners (38 percent) as for platform as a service (PaaS) and infrastructure as a service (IaaS) (20 percent).

Compared with PaaS/IaaS, organizations are about 30 percent more likely to have a policy against putting sensitive data into SaaS (26 percent), and about 45 percent more likely to have a policy against putting it into outsourced data centers (29 percent).

"These results make sense, given that sharing data with a partner almost certainly means that one or more of its employees will be accessing the data, while in a SaaS scenario, the data is typically only accessible to the primary customer," said Jay Heiser, Research VP at Gartner. "This year we asked about both data availability and data confidentiality policies. Survey respondents indicated 10 percent less willingness to place mission-critical data into a SaaS offering than to place sensitive data into it. They were even less willing to place mission-critical data into outsourced data centers, with over one-third of respondents saying that they do not allow it."

Platform-as-a-Service/Infrastructure-as-a-Service Risk Assessment Practices

Only 57 percent of IaaS/PaaS buyers are using a questionnaire to support their risk assessment, and unlike for SaaS, the questionnaire is more likely to be a proprietary one, unique to the buyer's organization, and less likely to be based on standards. As in the case of SaaS, 26 percent are also evaluating information from the provider. The most dramatic change over the past three years is the increased willingness to use IaaS and PaaS for sensitive processes.

Outsourced Data Center Risk Assessment Practices

Thirty-six percent of respondents said they had a policy against putting mission-critical data into an outsourced data center, making avoidance the most chosen mechanism for dealing with data center risk. The level of response for this choice is significantly higher than for either of the other two service models. Twenty-nine percent said this policy applied to SaaS, and only 22 percent said it applied to IaaS/PaaS.

"One of the biggest drivers is probably an expectation that the packaged service offerings, which typically claim to be based on cloud computing, are more reliable," said Mr Heiser. "While fault tolerance is a feature of many such offerings, we consider it premature to assume that mission-critical data is safer in a cloud than in a traditional data center in which buyers usually make very specific choices about how data will be backed up."

The most significant reduction in the use of risk assessment practices has been in the practice of sending company staff to evaluate a partner's controls on-site, which has dropped by over 40 percent over three years. Use of standards-based questionnaires has increased, while the use of proprietary surveys has dropped by the same degree, leaving the prevalence of questionnaires virtually the same.

Share this

The Latest

July 17, 2019

The 11th anniversary of the Apple App Store frames a momentous time period in how we interact with each other and the services upon which we have come to rely. Even so, we continue to have our in-app mobile experiences marred by poor performance and instability. Apple has done little to help, and other tools provide little to no visibility and benchmarks on which to prioritize our efforts outside of crashes ...

July 16, 2019

Confidence in artificial intelligence (AI) and its ability to enhance network operations is high, but only if the issue of bias is tackled. Service providers (68%) are most concerned about the bias impact of "bad or incomplete data sets," since effective AI requires clean, high quality, unbiased data, according to a new survey of communication service providers ...

July 15, 2019

Every internet connected network needs a visibility platform for traffic monitoring, information security and infrastructure security. To accomplish this, most enterprise networks utilize from four to seven specialized tools on network links in order to monitor, capture and analyze traffic. Connecting tools to live links with TAPs allow network managers to safely see, analyze and protect traffic without compromising network reliability. However, like most networking equipment it's critical that installation and configuration are done properly ...

July 11, 2019

The Democratic presidential debates are likely to have many people switching back-and-forth between live streams over the coming months. This is going to be especially true in the days before and after each debate, which will mean many office networks are likely to see a greater share of their total capacity going to streaming news services than ever before ...

July 10, 2019

Monitoring of heating, ventilation and air conditioning (HVAC) infrastructures has become a key concern over the last several years. Modern versions of these systems need continual monitoring to stay energy efficient and deliver satisfactory comfort to building occupants. This is because there are a large number of environmental sensors and motorized control systems within HVAC systems. Proper monitoring helps maintain a consistent temperature to reduce energy and maintenance costs for this type of infrastructure ...

July 09, 2019

Shoppers won’t wait for retailers, according to a new research report titled, 2019 Retailer Website Performance Evaluation: Are Retail Websites Meeting Shopper Expectations? from Yottaa ...

June 27, 2019

Customer satisfaction and retention were the top concerns for a majority (58%) of IT leaders when suffering downtime or outages, according to a survey of top IT leaders conducted by AIOps Exchange. The effect of service interruptions on customers outweighed other concerns such as loss of revenue, brand reputation, negative press coverage, or the impact on IT Ops teams.

June 26, 2019

It is inevitable that employee productivity and the quality of customer experiences suffer as a consequence of the poor performance of O365. The quick detection and rapid resolution of problems associated with O365 are top of mind for any organization to keep its business humming ...

June 25, 2019

Employees at British businesses rate computer downtime as the most significant irritant at their current workplace (41 percent) when asked to pick their top three ...

June 24, 2019

The modern enterprise network is an entirely different beast today than the network environments IT and ops teams were tasked with managing just a few years ago. With the rise of SaaS, widespread cloud migration across industries and the trend of enterprise decentralization all playing a part, the challenges IT faces in adapting their management and monitoring techniques continue to mount ...