Who’s Afraid of the Big, Bad Cloud? Cloud Security Explained.

Visit Website View Our Posts

Get ready for a big surprise: keeping your money in a bank—where it’s protected by endless technological and physical safeguards—is safer than keeping it under a mattress in your home.

Ok, so not that surprising.

So why is it that when people think about their ERP data, they believe that it will be safer “at home” (i.e., an on-premise solution/server) than in the Cloud, where it’s protected by endless technological and physical safeguards?

Wish we knew!

But the fact is that ERP data in the Cloud is more secure than it is on-premise. Why? Because there are controls for the Cloud that don’t exist elsewhere, such as audits and reports for data security and system availability (e.g., ISAE-3402 and SSAE-16).

When is the last time you heard of an on-premise solution or provider being held to such standards or conducting similar security audits? Likely, never.

WHAT ARE SSAE-16 AND ISAE-3402 ANYWAY?
SSAE-16 is Statements on Standards for Attestation Engagements for reporting on controls at a service organization established by the American Institute of Certified Public Accountants.

ISAE-3402 is the International Standard on Assurance Engagements for assurance reports on controls at a service organization issued by the International Auditing and Assurance Standards Board. (SSAE is essentially a US auditing standard, whereas ISAE is an international one.)

Typically, these audits test varied and specific control objectives for the physical and logical security of servers, system uptime, backup consistency, and even the knowledge of staff (and their backgrounds) may be audited.

PEOPLE ARE KEY!
Note than when you’re investigating a Cloud provider, ensure that it’s not merely its data centers that have SSAE-16 and ISAE-3402 reports available; you should ensure the organization itself has them, too. Because it’s the people—more than the platform—that have the greatest impact on data security in the Cloud.

Want to know more about SSAE-16 and ISAE-3402 audits? Take a look at the cloud security pages on SaaSplaza’s website.

By Herb Prooy, CEO, SaaSplaza

1 thought on “Who’s Afraid of the Big, Bad Cloud? Cloud Security Explained.”

  1. Good analogy Herb - and nicely written.

    One of the hidden benefits of the Cloud is the democratization of higher end IT technology and processes. There is really no way for mid-market companies to invest in this level of technology on their own - but they can get the same level of technology the Fortune 2000 companies employ if they pick the right Cloud provider!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons