5 traps in your SaaS Contract

Most Business Executives today know all about security risks, and the importance of data privacy in the cloud. But it’s what you don’t know that can hurt you.

In “10 Things You Just Gotta Have in Your Cloud Contract,” I covered a range of things (10, as a matter of fact) that CFOs should think about when they sign a cloud contract.

But the subject is hardly exhausted, especially when it comes to software-as-a-service (SaaS), the most popular flavor of cloud computing and (not coincidentally) the one with the lowest barrier to entry.

The risks in cloud computing are more concentrated at the software layer than the platform and infrastructure layers (the other cloud-computing flavors). The software layer contains all your application and business logic, which supports and runs your business. In a multitenant SaaS environment, you’re sharing the database with everyone else who has signed onto the service. You are also absolutely dependent on your SaaS provider for writing its applications well, securing its databases, architecting and managing the platform and infrastructure layers effectively, taking care of security, and so on. These are all factors over which you have little or no operational control, so it’s important that you understand the implications of your SaaS contract as they apply to your business and try to negotiate a contract that mitigates some of the risks inherent in that lack of control.

Read the full article