Last year, I wrote about the IntraLinks vision for using enhanced two-factor authentication (2FA) to protect data in a SaaS-based environment. What I covered in that blog was used as a basis for designing a customized 2FA (or strong authentication) framework for the IntraLinks platform. The most important feature of the framework is the adaptability it offers to users for their security policy requirements. The idea is that people who own the data are more likely to understand its sensitivity and level of protection required than the people who design systems. On the other hand, system designers have the necessary technical skills to implement robust protection mechanisms. Our framework allows for the optimal ‘separation of duties’ — we implement the best of breed 2FA mechanisms, and our users apply those where and when they think it makes sense.

Analyst conferences promise to be engaging, enlightening and actionable. I’m pleased to report that Forrester’s recent IT Forum 2010 in Las Vegas met those expectations. There was a wide range of sessions for various roles including CIOs, enterprise architects, application development professionals and technology marketers. The event’s core themes appeared to be cloud-based computing, community and social computing, and using technology to become more customer-centric.

There’s no doubt that cloud-based computing, including software-as-a-service, will continue to grow in popularity. Solutions in the public cloud have relatively low start-up costs, are available on-demand and are highly scalable. The conference offered insights for developing private clouds to operate proprietary applications. This trend is inevitable but will require years for organizations to develop clouds that match the level of accessibility, security, support and performance offered by public ones. This is due to the singular focus of cloud-based vendors on these operational parameters. Although large organizations will continue to use solutions in public clouds, they will bring their own applications to private clouds.

Like so many other people from my generation, I grew up watching movies and sci-fi programs that dramatized futuristic technologies. I was always intrigued by the magical user interfaces that were available on a wristwatch or part of a room’s wall that securely brought up any information one requires to facilitate decision making. Being that Star Wars was my favorite galaxy far, far away, I often thought about how cool it would be to have my own C-3PO, to provide me with information whenever I needed it, on demand.

What can be inferred from this headline that an IT trade publication recently ran about a study conducted by Microsoft and Indiana University: “SaaS Apps May Leak Data Even When Encrypted, Study Says”?

1. There was a study conducted on SaaS apps leaking data.
2. The study stated that SaaS apps leak data.
3. The study says SaaS apps do not sufficiently protect data.                      
4. A combination of options one, two and three.
5. The study primarily pinpointed security threats to misconfigured Web applications depending on data they process.

No enterprise today can afford to ignore the compelling benefits of cloud-based computing and the SaaS delivery model it enables. Yet CIOs continue to be reluctant (justifiably in some cases) to entrust critical data and business processes to cloud-based systems. In fact, these concerns over security and reliability are widely cited as the biggest inhibitors to widespread enterprise adoption of cloud computing, even as businesses are increasingly reliant on cloud collaboration services for e-mail and other office communication needs.

The question is: Are these security fears really warranted?

For business with some of the toughest security requirements in the world, there are a number of criteria to consider when evaluating potential vendors in the cloud.