Download (Registration Required, 460K)
Provide feedback on this document
Visit the Cloud Computing Knowledge Center community
Enterprises need to protect their assets, but they also need to be profitable to stay in business. Protecting information assets has become a priority for enterprises that need to meet compliance requirements or need to protect sensitive data. The challenge for these enterprises is implementing robust security practices while keeping investment and operational costs contained. SecaaS offers a way for enterprises to access security services that are robust, scalable and cost effective. With reward comes risk, and enterprises should consider benefits and risk when evaluating SecaaS products and providers. Above all, enterprises need to understand that they can outsource responsibility but they cannot outsource accountability; therefore, enterprises should implement an assurance plan that includes assessing the services obtained from SecaaS providers. When an audit is not possible, enterprises must still obtain proof that controls used to protect enterprise information assets are working effectively.
Additional cloud governance resources