13 Jan
2015
13 Jan
'15
3:25 a.m.
On Tue, 13 Jan 2015 00:02:50 -0600, Jimmy Hess said:
In other cases, there are concerns about the additional vendor lock-in, loss of strong control of the data. Cannot assure that it is encrypted and secure against access by social engineering attacks against SaaS provider.
The one that bit us on the tookas for a recent 'outsource to SaaS' project was trying to negotiate support for our ITAR users (which summarizes to "servers on US soil, and no 'non US persons' for support staff"). We ended up with several racks of gear iin a separate room onsite instead.... (To be fair - several vendors were able to provide ITAR-compliant SaaS, just not at a price point that worked for us...)