This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cloud-10 Risks with SaaS"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
  
  
5 Security Risks:
+
5 Risks:
  
 
1. Data Security
 
1. Data Security
 +
 
2. Lack of federated identity management
 
2. Lack of federated identity management
3.  
+
    Due to multiple identities of employees at multiple SaaS providers, an employee's access cannot be shut off automatically, following termination of an employee.
 +
 
 +
3. Lack of strong service level agreements (SLAs) and contracts that hold people accountable should something happen.
 +
 
 +
4. Lack of interoperability among vendors (Vendor Lock-in)
 +
 
 +
 
  
 
References:
 
References:

Revision as of 12:17, 9 August 2009

Potential security risks and loss of IT control topped the list of perceived barriers to SaaS adoption (Anthes, 2009). "On a list of 24 possible IT project priorities for 2009, a survey respondents ranks SaaS at No.23".


5 Risks:

1. Data Security

2. Lack of federated identity management

    Due to multiple identities of employees at multiple SaaS providers, an employee's access cannot be shut off automatically, following termination of an employee.

3. Lack of strong service level agreements (SLAs) and contracts that hold people accountable should something happen.

4. Lack of interoperability among vendors (Vendor Lock-in)


References:

Anthes, G.. (2009, January). SaaS Realities. Computerworld, 43(1), 21-22. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1626575741).

Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).