ANALYSIS – An interesting Dark Reading article on Software as a Service (SaaS) where the CTO of Google challenges enterprises to trust their users to do the right thing when it comes to application usage. And at the same time, stresses that appropriate security policies should be in place:
Communication and trust are key to building a secure SaaS infrastructure, according to Glotzbach. “As you look at Web-based applications, you have to have the [security] policies in place that have been clearly communicated,” he said. “But to some extent you need to trust your employees.”
Clearly interest in SaaS is growing. But Mr. Glotzbach’s position raises several questions:
- Most companies DO trust their users, but should they be allowed to subscribe to applications at will?
- Should enterprises really assume that the average user has the technical knowledge to ensure the networking and PC requirements are addressed?
- Finally, the big question is can users be trusted to take all security considerations into account and “do the right thing”?
While they are not directly related to SaaS, recent examples of accidental release of employee data at ABN Amro and Pfizer through un-approved P2P applications support the position that IT should be supportive of user needs but in a controlled and secure manner.