September 16, 2019

Just Because Cloud Companies Pay For a SAS 70 Doesn’t Make It Any Less Legit, Does It?

Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.

Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.

But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.


Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?

Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.

Or you can just trust the shiny marketing materials and forget that it’s your data.

Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?

“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.

And that’s different from an audit client paying an auditor how?

In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.

Better start updating those marketing materials.

How Cloud Computing Security Resembles the Financial Meltdown [Datamation]

Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.

Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.

But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.


Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?

Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.

Or you can just trust the shiny marketing materials and forget that it’s your data.

Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?

“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.

And that’s different from an audit client paying an auditor how?

In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.

Better start updating those marketing materials.

How Cloud Computing Security Resembles the Financial Meltdown [Datamation]

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

Explosion

UPDATED: What In the Hell Is Happening to CCH?

Get excited, Tax Twitter, you’re about to get your moment in the sun. Granted it’s a moment of total panic, but still, a moment. So, if you haven’t heard, CCH has been borked since yesterday. When we say borked, we don’t mean “some users are having access problems,” rather the entire thing has been nuked […]