December 10, 2012, 12:50 PM — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Any horror movie fan can tell you the scariest threats are the ones you don't see coming, and the same is true when it comes to threats to cloud data. IT has decades of experience protecting on-premise resources. Virtually no one has even one decade of experience running major SaaS applications, so we should be prepared for some surprises.
The risk vectors described here are perhaps the three most dangerous threats to your SaaS data, precisely because so many IT pros aren't prepared for them:
* Zombie accounts. Zombie accounts are those accounts that are no longer in use, but haven't been suspended, deprovisioned or deleted. When a sales rep leaves, the admin locks the user out of the account but never follows up to actually delete the account. The danger with zombie accounts is that, if they are compromised, no one is watching them. A subverted zombie user could steal, corrupt or delete data well before anyone is the wiser.
CLOUD DATA MANAGEMENT: Amazon wants to manage your data in the cloud
Many SaaS admins assume they aren't sitting on any zombie accounts because SaaS apps usually charge on a per-user basis, so anytime the admin receives a bill, the zombie users would stick out and demand to be deleted -- if only to recover the license fee.
Not so. Some SaaS apps only bill on an annual basis, rather than monthly or quarterly. SaaS providers offer this billing option to support large organizations because big companies usually budget on an annual basis. As such, you have the deadly combination of a company with a large number of users within which a zombie account can hide, and a billing cycle that could keep a zombie account unnoticed for as long as 11 months at a time. That's scary.
Zombie account defense: Eliminate them before they turn. Delete inactive accounts as soon as they have outlived their usefulness.