Gartner SaaS Report: Sensitive Data Requires Policy Coordination
Organizations that use a software as a service (SaaS) platform for data are more likely to use it for sensitive data than for mission-critical data, according to a new report from IT research firm Gartner.
The study, based on a survey of 425 respondents from IT risk management disciplines in the United States, United Kingdom, Germany and Canada, shows that organizations take different approaches to risk management when they face a need or opportunity to share data with different types of external parties. Compared with platform as a service (PaaS) or infrastructure as a service (IaaS), organizations were about 30 percent more likely to have a policy against putting sensitive data into SaaS (26 percent), and about 45 percent more likely to have a policy against putting it into outsourced data centers (29 percent).
However, the report found only 57 percent of IaaS/PaaS buyers are using a questionnaire to support their risk assessment. Unlike for SaaS, the form is more likely to be proprietary -- unique to the buyer's organization -- and less likely to be based on industry standards. Just 36 percent of respondents said they had a policy against putting mission-critical data into an outsourced data center, with 29 percent saying this policy applied to SaaS, with only 22 percent saying it applied to IaaS/PaaS.