If an Attack is Successful, Then What?

Taher Elgamal, CSO, Axway

A commentary on the IT Business Edge article “SaaS Security Is Still Sticking Point but Doesn’t Have to Be”

“In spite of the fact that the exact same attack might have been successful if the infrastructure was inside the walls, when something goes wrong, people basically get more paranoid. Everyone wants to know who’s responsible, because some of these attacks, when they get successful, they have very large effects. I think that is actually the real issue… It is true that people should be concerned when you outsource something out on the cloud or on a SaaS service provider. And it is true that you have to make sure that your vendor understands security issues–they have the right people, they have the right policies, they know how to separate things, they know how to apply decent patches and get rid of malware and so on and so forth. But the real thing is that in the contract where you actually write in terms of if an attack is successful, then what? And I don’t think anybody has solved that thing yet.”

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s