Get ready for a big surprise: keeping your money in a bank—where it’s protected by endless technological and physical safeguards—is safer than keeping it under a mattress in your home.
Ok, so not that surprising.
So why is it that when people think about their ERP data, they believe that it will be safer “at home” (i.e., an on-premise solution/server) than in the Cloud, where it’s protected by endless technological and physical safeguards?
Wish we knew!
But the fact is that is more secure than it is on-premise. Why? Because there are controls for the Cloud that don’t exist elsewhere, such as audits and reports for data security and system availability (e.g., ISAE-3402 and SSAE-16).
When is the last time you heard of an on-premise solution or provider being held to such standards or conducting similar security audits? Likely, never.
WHAT ARE SSAE-16 AND ISAE-3402 ANYWAY?
is Statements on Standards for Attestation Engagements for reporting on controls at a service organization established by the American Institute of Certified Public Accountants.
is the International Standard on Assurance Engagements for assurance reports on controls at a service organization issued by the International Auditing and Assurance Standards Board. (SSAE is essentially a US auditing standard, whereas ISAE is an international one.)
Typically, these audits test varied and specific control objectives for the physical and logical security of servers, system uptime, backup consistency, and even the knowledge of staff (and their backgrounds) may be audited.
PEOPLE ARE KEY!
Note than when you’re investigating a Cloud provider, ensure that it’s not merely its data centers that have SSAE-16 and ISAE-3402 reports available; you should ensure the organization itself has them, too. Because it’s the people—more than the platform—that have the greatest impact on data security in the Cloud.
Want to know more about SSAE-16 and ISAE-3402 audits? Take a look at the pages on SaaSplaza’s website.
By
|
Related Posts
- Cloud Confusion: How Can It Be Completely Available and Completely Secure?
- Evaluating Security Concerns with Cloud Computing
- Data Security in ERP – Are Products Like Microsoft Dynamics NAV Safer On-Premise or in the Cloud?
- If Security is an Issue for Your ERP System, Consider Using a Role-Based Security Model in Microsoft Dynamics GP
- Addressing ERP Cloud’s Top Security Issues
Good analogy Herb – and nicely written.
One of the hidden benefits of the Cloud is the democratization of higher end IT technology and processes. There is really no way for mid-market companies to invest in this level of technology on their own – but they can get the same level of technology the Fortune 2000 companies employ if they pick the right Cloud provider!