Wednesday, October 26, 2011

SAS 70 and Cloud Computing

Increasingly, vendors point to SAS 70 and ISO 27001 certifications as evidence of their security credentials.

Vendor Security Credentials
» Google
“Asked to flash its cloud security credentials at an industry forum, Google pointed to its SAS 70 certification, giving more support to that set of standards as a measure of how well cloud providers lock down customer data. ‘We need to prove we are secure,’ says Rajen Sheth, the product manager at Google who came up with Google Apps, speaking at a panel on cloud services at the Enterprise 2.0 conference in Boston.*”

» Microsoft
Microsoft announced that it recently gained SAS 70 Type I and Type II attestations and ISO/IEC 27001:2005 certification.

» Amazon
Amazon Web Services (AWS) has successfully completed SAS 70 Type II Audit from independent auditors, and has stated that it will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. An overview of Security Processes applicable to Amazon Web Services is available at

» Rackspace
Rackspace has achieved ISO/IEC 27001, ISO 17799, SAS 70 Type II audit process, Microsoft Gold Partner, Gartner Leader, Dell Partner, and Cisco Powered Network Certification.

» and and are SAS 70 Type 2, SysTrust, and ISO 27001 compliant.

» ServePath
In addition to SAS 70 and ISO 27001 certifications, Serve-Path has a particularly rigorous service level agreement (SLA), which they call 10,000% Guaranteed®. It states:

For every minute ServePath fails to deliver, we will provide you with 100 minutes of service credit.

• The SLA covers the following elements of service:
• Network performance
• Hardware replacement (within 60 minutes)
• Support response time (30 minutes for server down, packet loss, or routing issues)
• Domain name services
• Power availability and performance
• Cooling and environment
• Server power cycling
• Physical security
• 24 x 365 onsite engineering

However, no credit will exceed one hundred percent (100%) of Customer’s fees for the service feature in question for the then-current billing month. Details of the SLA are available at

» Unisys
The Unisys Secure Cloud Solution allows balancing workloads across a global network of Unisys data centers, which are certified to key international standards such as ISO/IEC 27001:2005 for security, ISO/IEC 20000 for service management and the SAS 70 Type II auditing standard.

» Verizon
Verizon announced that it had successfully completed the first annual SAS 70 Type II examination of controls for its cloud computing data centers.

IBM offers customers Security Assessment services. Of course, its own cloud offerings are fully compliant.

Source of Information : Implementing and Developing Cloud Computing Applications 2011
SAS 70 and Cloud ComputingSocialTwist Tell-a-Friend
Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

2 comments: on "SAS 70 and Cloud Computing"

Anonymous said...
This comment has been removed by a blog administrator.
AMIT KUMAR said...
This comment has been removed by a blog administrator.
Post a Comment