Tuesday, July 13, 2010

How to design secure SLAs for SaaS

Hosted security services are increasingly seen as a viable option for security management, thanks in part to their ability to reduce the strain on the security organization. With a Software-as-a-Service (SaaS) approach, enterprises can offload much of the responsibility for maintaining security technology to service providers, introduce new features and functions seamlessly and handle configuration and management from virtually anywhere.

If this sounds like management nirvana, security pros may want to step back a bit and consider the full ramifications of adopting a SaaS model for security technology. In this tip, we'll explore why more may be involved than meets the eye, and how to assess and manage the effects that a security SaaS transition will have on an IT infrastructure and management processes.

SaaS evaluation: Managing the transition
The advantages of security SaaS can be many, but, as with any new approach to management, they may come at a cost. Understanding the impact of moving to a service-based model, knowing how to recognize a successful service option and leveraging the advantages of new and emerging approaches are just a few of the ways prospective customers can make the most of the SaaS option:

• Understand the impact of service adoption, both initially and ongoing. In order to understand how the service will impact normal business processes, have the provider walk your team through the normal process of service adoption and use before making a commitment. If the service looks promising, probe the initial adoption process in detail, from start to finish. Verify the provider's description with reference customers if possible, and ask them if adoption turned out as expected. If not, or if the provider does not describe actions to take if the adoption fails to go as planned, take a hard look at where the adoption could go wrong and what the organization's response would be. Ask the provider -- and reference customers if possible -- how the provider handles changes to the service to keep it up to date. When maintenance requires service interruption, terms such as acceptable advance notice should be defined in the SaaS service-level agreement (SLA ).

To Continue Reading: Click Here
-------------------------------------------------
Source: searchsecurity.techtarget.com.au
By: Scott Crawford
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)