If an Attack is Successful, Then What?

Taher Elgamal, CSO, Axway

A commentary on the IT Business Edge article “SaaS Security Is Still Sticking Point but Doesn’t Have to Be”

“In spite of the fact that the exact same attack might have been successful if the infrastructure was inside the walls, when something goes wrong, people basically get more paranoid. Everyone wants to know who’s responsible, because some of these attacks, when they get successful, they have very large effects. I think that is actually the real issue… It is true that people should be concerned when you outsource something out on the cloud or on a SaaS service provider. And it is true that you have to make sure that your vendor understands security issues–they have the right people, they have the right policies, they know how to separate things, they know how to apply decent patches and get rid of malware and so on and so forth. But the real thing is that in the contract where you actually write in terms of if an attack is successful, then what? And I don’t think anybody has solved that thing yet.”