Our organization has invested in SaaS solutions in recent years and there is a strong indication the trend will continue. There continues to be growing interest in maturing how we approach security with regard to cloud usage. EAs need to have an awareness of how security affects technology selection. I acquired an article from Gartner through my graduate program that is a bit dated, 2013, but still provides some good insights to structure our thinking. EAs and security professionals need to have such insights to assess the risk aspects of different forms of vendor provisioned IT services.
What I realized from this whitepaper is that our risk increases by the mere fact that it becomes increasingly harder to assess and control risk with our data further and further distributed and shared with partners in the cloud. In order to help define where to begin to assess our risk we need a model to understand where the boundaries of control exist and where risk is greatest. Figure 1 is an excerpt from the Gartner research which can I find a simple yet easy model to help assess where to focus our magnifying lens.
Figure 1. Excerpt from Gartner article concerning the distribution of security responsibility.
References
Gartner resource #G00247629: Analyze the Risk Dimensions of Cloud and SaaS Computing