"How do you know if a cloud computing vendor is secure?
"After all, you're trusting them with highly sensitive data and
business critical processes. Your entire business may rest on your
ability to evaluate their level of security.
"When they make claims about their nearly absolute level of
safety, should you just...take their word for it?
"Goodness no, say the vendors, we've got a third party
certification to back up our claims. Specifically, they point to
their SAS 70 certification. SAS 70 is a set of auditing standards
used to measure the handling of sensitive information. It was
created by the impressively-named American Institute of Certified
Public Accountants (those folks know how to fill out forms). SAS 70
was around before cloud computing, and has been shoehorned into use
by vendors seeking an impartial third party credential to reassure
nervous cloud customers.
"But here's where it gets dubious. Guess who writes a check to
the SAS 70 certifiers? Believe it or not, it's the vendors
themselves. If you were a cynical, non-trusting type (which you
should be if your company's data is at stake) you might
wonder…isn't that a conflict of interest? Don't accounting
firms have a vested interest in granting SAS 70 certifications to
those cloud computing vendors who can pay for them?"
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.