IP Tech Knowledgy

Although software is increasingly provided as software as a service (SaaS) over “The Cloud,” many SaaS companies do not adequately describe how they store customer data.

For example, many SaaS providers offer little detail about the third-party cloud hosting providers that maintain the servers and other infrastructure for their services. When negotiating with SaaS companies, customers should insist that the SaaS companies disclose the identity and location of all hosting providers that store customer data.

Customers should also require by contract that the hosting providers encrypt all customer data both during transmission and at rest, adhere to sufficient physical security and data security standards, are audited at least annually in accordance with SSAE 18 attestation standards, and provide their most recent SOC-2 audit reports.