Gartner SaaS Report: Sensitive Data Requires Policy Coordination

When it comes to using software as a service (SaaS) platforms to store sensitive data, there is need for businesses to coordinate their policiies, a Gartner report finds.

Organizations that use a software as a service (SaaS) platform for data are more likely to use it for sensitive data than for mission-critical data, according to a new report from IT research firm Gartner.

The study, based on a survey of 425 respondents from IT risk management disciplines in the United States, United Kingdom, Germany and Canada, shows that organizations take different approaches to risk management when they face a need or opportunity to share data with different types of external parties. Compared with platform as a service (PaaS) or infrastructure as a service (IaaS), organizations were about 30 percent more likely to have a policy against putting sensitive data into SaaS (26 percent), and about 45 percent more likely to have a policy against putting it into outsourced data centers (29 percent).

However, the report found only 57 percent of IaaS/PaaS buyers are using a questionnaire to support their risk assessment. Unlike for SaaS, the form is more likely to be proprietary -- unique to the buyer's organization -- and less likely to be based on industry standards. Just 36 percent of respondents said they had a policy against putting mission-critical data into an outsourced data center, with 29 percent saying this policy applied to SaaS, with only 22 percent saying it applied to IaaS/PaaS.

This article was originally published on 08-27-2012
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

Click for a full list of Newsletterssubmit