Technology News

latest updates from easySERVICE™

How different users may perceive cloud risk management policy

Your best bet for mitigating or resolving cloud-related security issues is to consider the various people who will be using this policy and how each side might react to how you’re managing risks. The way a user perceives the benefits of cloud risk management is influenced by:

  • the cloud role they undertake;
  • the organization they work for; and,
  • the controls they are granted by the cloud service provider.

A SaaS user’s perception

At any organization, the only control a SaaS user has is access to a SaaS application from whatever the device they choose — it doesn’t matter if the application is accounting, human resources, or supply chain tracking. This user doesn’t have control over application development or virtual machines.

A SaaS user is likely to perceive the service provider’s cloud risk management policy as limited, because the provider will not let the user use his or her security tools to scan for SaaS application vulnerabilities.

A PaaS developer’s perception

A PaaS developer can use any security tools they like; therefore, they perceive the provider’s risk management policy as flexible. A PaaS developer controls the entire application life cycle, from concept to deployment, and they can build a security tool to test their safeguards. SaaS users will be happy with any safeguards that would be difficult obstacles for hackers to overcome.

A PaaS developer doesn’t have control over the operating system updates and virtual machines supporting the PaaS platform. The developer will likely be disappointed the provider will not let them implement safeguards for the operating system and virtual machines.

An IaaS network specialist’s perception

An IaaS network specialist can use his or her own security tools in the virtual infrastructure. This specialist likely perceives the provider’s cloud risk management policy as very flexible.

IaaS network specialists have control over the tools they need to safeguard the virtual machines from unplanned downtime. They understand the provider will not let them control its infrastructure of physical servers and networks.


A few decades ago, mainframe computers were locked up in a showcase center, and senior management took great pride during office tours to show off the elaborate physical security measures, the sheer size of the data centers, and the amount of equipment being used. The executives from that era felt confident that all of their organizations’ information assets were stored in well-guarded facilities that could be easily verified.

Today, with most of the available cloud solutions, the successors of this past generation of executives have a much cheaper technology option available in which they can neither tour the facilities (in many cases) nor have knowledge of the exact location of their organization’s information assets.

cropped-125x125-logo-1.pngAt easySERVICE™ our rick managers are dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management (ERM), internal control, and fraud deterrence. Whether you are looking for easySERVICE™ risk management policy or solutions for your unique IT requirements, we have a solution specially designed for you. No matter the size of your business, you will always get the kind of support that goes far beyond the ordinary.

If you’d like to discuss any of the above best practices or lessons learned with us or to learn more about how we are partnering with companies just like yours to ensure the security of mission-critical applications, please contact us at (855) US STELLAR.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: