Posts tagged ‘cloud/SaaS applications’

Risks of SaaS supplier failure & how to effectively mitigate them #CloudWF

Guest Blog with Kemp Little Consulting & NCC Group

The cloud is here to stay and according to a recent survey, organisations are going to be investing more in cloud services to support their core business operations.

But have companies properly considered the risks of SaaS supplier failure if the software is supporting their core processes?

The Kemp Little Consulting (KLC) team has been working with NCC Group to identify some of the risks of SaaS supplier failure and to identify the main problems that end user organisations would need to solve to effectively mitigate these risks.

In the on-premise world, the main way of mitigating against software supplier failure is Software Escrow. This was designed as a means of gaining access to source code for an application in the event of supplier failure.

If a supplier goes bust, there is no short term problem as the application and the business processes supported by the application continue to work and the corporate data remains within the control of the end user.

However, the end user company has a  problem as they will not be able to maintain the application long term and this issue is effectively solved by Software Escrow and related services such as verification.

In the cloud arena, however, the situation is different. If the supplier fails there is potentially an immediate problem of the SaaS service being switched off almost straightaway because the software supplier no longer has the cash to continue to pay for its hosting service or to pay its key staff.

For the end user, this means that they no longer have access to the application; the business process supported by the application can no longer operate and the end user organisation loses access to their data.

The business impact of this loss will vary depending upon the type of application affected:

  • Business Process Critical (e.g. finance, HR, sales and supply chain)
  • Data Critical (e.g. analytics or document collaboration)
  • Utility (e.g. web filtering, MDM, presentational or derived data)

In our research, we found that both suppliers of cloud solutions and end user organisations had not properly thought through the implications of these new risks, nor the services they would require to mitigate against the risk of supplier failure.

The primary concerns that end user customers had were around their business critical data. They were concerned by lack of access to data; loss of data; the risk of compliance breach by losing control of their data and how they might re-build their data into usable form if they could get it back. There was also concern about access to funding to keep the infrastructure running in the SaaS vendor in order to buy time to make alternative arrangements.

They were much less concerned about access to the application or getting access to the source code.

This is understandable as their primary concern would be getting their data back and porting it to another solution to get the business back up and running.

In a separate part of our study, the Kemp Little commercial team looked at the state of the market of the provisions generally found in SaaS contracts to deal with the event of supplier failure.  The team found that even if appropriate clauses were negotiated into the contract at the outset, there may be real difficulties in practically enforcing those terms in an insolvency situation.

End user organisations were more concerned than SaaS suppliers about their capability to deal with all of these problems and were amenable to procuring services from third parties to help them mitigate the risks and solve the problems they could not solve purely by contractual means.

End users were also concerned that many SaaS solutions are initially procured by “Shadow-IT” departments as part of rapid business improvement projects and deployed as pilots where the business risks of failure are low.

However, these solutions can often end up being rolled out globally quite quickly and key parts of the business become dependent upon them by stealth.

It is therefore considered important for companies to develop a deep understanding of their SaaS estate and regularly review the risks of supplier failure and put in place appropriate risk mitigation measures.

KLC recently worked with global information assurance specialist NCC Group to help it enhance the service model for its SaaS Assured service.

This article was originally posted on the Kemp Little Blog and can be found here.

…………………………………………………………………………………………………………………

John Parkinson, Global SaaS Business Leader at NCC Group will be speaking at the Cloud World Forum on 24th June 2015 at 12.45pm.

His talk will take place in Theatre D: Cloud, Data Governance & Cyber Security on ‘Outsourcing to Software as a Service? Don’t Overlook the Critical Commercial Security Risks.’

REGISTER YOUR FREE EXHIBITION PASS HERE.

CWF static banner

Advertisements

Top 5 Sources of Cloud Data Loss #CloudWF

Guest Blog with eFolder

“But it’s in the cloud, isn’t it backed up already?”

Author: Trace Ronning, Content Marketing Manager, eFolder

In 2015, businesses have continued their rapid adoption of cloud/SaaS applications with no signs of slowing down. A study completed by the Aberdeen Group concluded that 80% of businesses use at least one cloud application. Usage has also increased. In 2014, 51% of IT workloads took place in the cloud, marking it the first year that the cloud owned a majority of IT workloads according to Silicon Angle.

The advantages of the cloud are clear, with most companies experiencing greater employee productivity, mobility, and improved collaboration as a result of adopting cloud applications.

There is, however, one major issue that the cloud has not eliminated for organizations: data loss. While the inherent securities of SaaS services, such as Office 365, Google Apps, Salesforce, and Box are minimizing outages and random data loss, human error is still the primary source of lost data. In 2013, 32% of companies using cloud services reported losing cloud data, an overwhelming majority of which came as a direct result of human intervention.

How exactly are businesses losing this cloud data, and how can they prevent it from happening again? Let’s take a dive into the top five sources of cloud data loss and find out.

1. User Error

We know that humans are not perfect. Checking in as the top reason for cloud data loss is user error, which accounts for 64% of all cloud data loss. The two primary examples of user error include accidental deletion or accidentally overwriting a file. We all make mistakes now and again, so it is ill-advised to operate under the assumption that by adopting cloud applications, people will become immune to the human condition and never lose a file again.

2. Hackers

Hackers, defined as outsiders who get into the system with nefarious intent, are responsible for 13% of all cloud data loss. As cloud adoption and usage has grown, so has a hacker’s willingness to attack companies of all sizes, not just giant enterprise businesses, such as Sony or Home Depot. As of now, 50% of data breaches occur at companies with fewer than 1,000 employees, with the most common type of attacks consisting of a hacker breaking into an organization’s instance or acquiring administrator credentials. Malicious activity such as this often results in sensitive data being compromised, jeopardizing the customers of the company, as well as its ability to keep its doors open and continue doing business.

3. Closing an account

At 10%, the third most common kind of cloud data loss occurs when a business closes an account. We define this action as a user de-provisioning a user within a cloud application or discontinuing the service. Without deploying a backup service to save former users’ data or a solution that helps migrate data from one application to another, respectively, organizations run the risk of losing data in transition phases.

4. Malicious Delete

Think your business is immune to frustrated employees going rogue? Think again. 7% of all cloud data loss occurs when an employee intentionally deletes files or folders. This type of deletion is often initiated by an unhappy employee or a recently terminated employee who has retained access to organizational cloud applications and data. At all levels of a business there are examples of employees who don’t value company data as much as IT managers or executives do, especially in roles with high-turnover.

5. Third-Party Software

The fifth most common reason for cloud data loss is the unexpected result of using a third-party software on one of your SaaS applications. Occasionally, a data overwrite or deletion will occur when running third-party software. A classic example is a Salesforce administrator running Demand Tools and inaccurately identifying a prospect as a duplicate account and permanently deleting that prospect’s record. Third-party software is generally used to make daily use of the most common business applications easier, but sometimes the side-effects include the loss of important data.

How

You may be reading this blog post and thinking, “But if my data is in the cloud, can’t I just easily recover it if a file is deleted or overwritten? Why should I be concerned with cloud data backup?”

There is a common misconception that data is retained in the cloud forever, but that is simply not the case. Most cloud applications do keep some type of “recycling bin,” but this bin often has a storage limit, automatic purge function, or can be manually cleared.

Automated, off-site backup to a second cloud location is the most reliable way to ensure that the sensitive data you store in the cloud is recovered, regardless of which cloud data disaster hits your organization. By employing a solution that allows for full-text search across multiple cloud applications, direct, point-in-time data restores into the cloud application of choice, and a military-grade off-site backup location, your organization can both protect data, and empower IT admins to better use that data on a daily basis.

Don’t let cloud data loss become the problem you didn’t know you had. Make it the problem you know you that you’ll never have with cloud-to-cloud backup.

eFolder

Bryan Forrimageedit_2_7919550340ester, Senior VP of Sales at eFolder will be speaking on the 25th June at 12.35pm in Theatre D at the Cloud World Forum about the Top 5 Sources of Cloud Data Loss & How to Protect Your Organisation.

Don’t miss the chance to take advantage of all the knowledge and networking opportunities presented by EMEA’s only content-led Cloud exhibition.

 

REGISTER FOR YOUR FREE EXHIBITION PASS HERE!

CWF static banner

Tag Cloud

%d bloggers like this: