November 15, 2010

Dispelling the Data Security and Privacy Myths About Cloud-Based, SaaS Solutions

Why Fears About the U.S.A. Patriot Act & Other Government Regulations are Overblown and Should Not Limit Adoption

Despite the growing examples of organizations gaining tangible and measurable business benefits from Cloud-based, Software-as-a-Service (SaaS) solutions which THINKstrategies profiled in its recent report entitled, "Measuring the Business Benefits of Today's Software-as-a-Service (SaaS) Solutions", many corporate decision-makers remain apprehensive about adopting these Cloud-based services because of data privacy and security concerns.

Companies outside the U.S. are particularly concerned about using services delivered by U.S.-based providers because of the ominous language contained in the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, commonly referred to as the U.S.A. Patriot Act.

This regulation appears to permit U.S. law enforcement agencies to unilaterally access private customer records stored on corporate servers worldwide if they are suspected of holding data which could pertain to terrorist threats or other criminal activity. These fears have made organizations especially hesitant to consider SaaS-based Customer Relationship Management (CRM) software and services offered by U.S.-based SaaS vendors.

THINKstrategies believes these risks have been overly exaggerated and raise unfair questions about doing business with U.S.-based companies. Ironically, we believe companies who avoid contracting with leading U.S. SaaS providers may be at greater risk of data privacy breaches by continuing to rely on traditional, on-premise software applications and locally hosted servers.

This paper examines the myths and realities of SaaS/Cloud Computing, the U.S.A. Patriot Act, and data privacy, with a focus on the CRM arena.

Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)


Anyone who is considering cloud computing in any form today has to make sure that their data is secure and that it meets compliance regulations.

In this paper, our colleague Jeff Kaplan examines this issue with particular attention to the "Patriot Act." Excellent information!

I agree with the premise that having a Cloud/SaaS provider being responsible for security (and compliance) makes a lot of sense. And it is clearly more readily accomplished than relying on the internal team to make its way through the multiple levels of complexity.

Obviously, I am far from being a lawyer. However, it's my understanding that whether the data/software is physically residing in the data center or in the cloud, the Enterprise is ultimately responsible for making sure that the security is compliant.

What steps do you recommend to Enterprises to include in their agreements with providers to ensure that they are sufficiently protected?

Steve: Thanks for posting THINKstrategies' new whitepaper. You are absolutely correct that it is the Enterprise's ultimate responsibility to ensure the security of its corporate data. However, this doesn't mean that it is obligated to perform this function when it might not be its core competency or cost-effective. Therefore, every IT/business decision-maker should make an honest assessment of their internal skills and capabilities, and determine if they are best qualified to fulfill this responsibility in-house, or if they would be better served relying on a third-party who has to meet the security requirements of many organizations which might be even greater than your own.

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.