Jay Heiser

A member of the Gartner Blog Network

Entries Categorized as 'Vendor Contracts'


SaaS is a Simon Says World

by Jay Heiser  |  April 26, 2012  |  Comments Off

When you buy SaaS, you get what is written on the box.  Well, you get what is written on the virtual box. That text may consist of page after page of dense legalese that puts a higher level of emphasis on what you do NOT get than what you DO get.   Consumer-oriented agreements often amount […]

Comments Off

Category: Cloud IT Governance Policy risk management security Vendor Contracts     Tags: , , , , , ,

Megaupload and SaaS Escrow

by Jay Heiser  |  February 15, 2012  |  Comments Off

Other than some analysis and speculation about how the takedown changed traffic patterns without actually reducing global piracy, and regular reports about the legal status of Kim Dotcom, the Megaupload drama hasn’t provided much in the way of news for a couple of weeks. On the theory that putting the string ‘Megaupload’ into the title of […]

Comments Off

Category: Cloud risk management Vendor Contracts     Tags: , ,

Bulletproof Contracts

by Jay Heiser  |  November 28, 2011  |  2 Comments

With the understanding that I am not a lawyer, and Gartner is not a law firm, here’s my brief summary of the contractual language dealing with SaaS security as provided by a prominent vendor: We believe that we obey the law.  If there are any questions pertaining to how your data is handled within our […]

2 Comments »

Category: Cloud risk management security Vendor Contracts     Tags:

SLA feather allows you to fly in the cloud

by Jay Heiser  |  November 17, 2011  |  2 Comments

An SLA from a public cloud service promising some sort of recoverability is a crow feather, clutched in the trunk of the enterprise elephant, providing them the false courage to be willing to fly in the public cloud.

2 Comments »

Category: Cloud risk management Vendor Contracts     Tags: , , , , ,

Are you the SaaS Scapegoat?

by Jay Heiser  |  July 5, 2011  |  1 Comment

I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything.  Assuming that the […]

1 Comment »

Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

SaaS Translation: What your Service Provider REALLY Means

by Jay Heiser  |  May 23, 2011  |  1 Comment

Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.

1 Comment »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Your Suppliers Don’t Have Your Goals

by Jay Heiser  |  May 11, 2011  |  Comments Off

Your company will usually do whatever it needs to do to survive—so will your supplier. They are not marching to your music, they are not heading towards the same goal line, they are not thinking your thoughts, and their ultimate loyalty is to themselves, not to you.

Comments Off

Category: Cloud risk management Vendor Contracts     Tags: , , , , , ,

The SAS 70 Charade

by Jay Heiser  |  July 5, 2010  |  4 Comments

SAS 70 is  a) not a certification, b) not a standard, and c) isn’t meant to be applied the way it is being applied now.  To be fair, all service providers are under huge customer pressure to provide SAS 70, but instead of explaining their security, continuity, and recovery capabilities in more appropriate terms, most […]

4 Comments »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , ,

Why I’m ambiguous about SaaS email

by Jay Heiser  |  June 30, 2010  |  4 Comments

Ideally, there would be no sensitive data in email, or it would be encrypted.  Email is an unsafe, and unreliable service, and it leaks like a sieve. It was never meant to be ‘secure’, and it is not.  While careful administration and reliable technology can protect stored email from unauthorized access, hacking into PST files […]

4 Comments »

Category: Applications Cloud risk management security Vendor Contracts     Tags: , , , , , ,