When building an on-demand service such as Samanage, one of the key decisions is where to host your servers and customer data, and how secure that service provider is. At Samanage, we were looking for a hosting partner that has a world class operation, could scale us quickly, and could demonstrate that he has superior security practices in place.
One of our requirements was that the hosting partner we’ll choose could provide a SAS70 report. SAS70 is an auditing standard designed to allow an independent auditor to audit the service organization’s controls, and can then be used to share the auditor’s finding with the service provider’s customers, their auditors, and their customers. Officially labeled “Independent Service Audit Report”, SAS70 is a great way to understand the control environment of service provider, and provides a verification that controls are in place.
If you are worried about security of your data, as many of our customers are, you should inquire if your hosting partner or on-demand provider has a recent SAS70 report. We ended up choosing EngineYard, a great hosting provider with a superior technical team, and yes, they were happy to share their SAS70 report with us.