Selecting a trusted cloud service provider for your SaaS program

摘要

Software as a Service (SaaS) offers major business and IT benefits that organizations are looking to take advantage of. SaaS adoption presents serious and unique security risks. Moving a company's sensitive data into the hands of cloud providers expands and complicates the risk landscape in which the organization operates. This paper highlights the significance and ramifications of a structured selection of a Cloud Service Provider (CSP) in achieving the required assurance level based on an organization's specific security posture. This paper proposes a holistic model, known as the Function, Auditability, Governability and Interoperability or FAGI, as an approach to help a Cloud Service Consumer (CSC) to engage and select a trusted CSP through four major decisions: Selecting a safe cloud that has adequate security functions; Choosing an auditable cloud via third-party certifications/assessments or self tests; Picking out a governable cloud that provides the required transparency; Opting for a portable cloud that ensures the desired portability. A case study reveals the FAGI approach offers an objective and efficient way to choose a qualified and trusted cloud service and in turn saves CSCs' time, effort, and grief.