Cloud Apps Critical Requirement No 6: A High-Performance, Sustainable IT Infrastructure

The cloud application provider should maintain a high-performance IT infrastructure, which includes the data centers and databases, operating systems, networks, security, and storage systems used to run cloud applications and manage customer data. It should have stellar IT operations, security, maintenance, and performance tuning processes.

Livelihood of SaaS companies depends on their ability to securely and effectively manage their operations, and that means keeping pace with the most current technologies. They should also publish live their uptime monitored by the third party.

Cloud applications are also environmentally sustainable due to the multi-tenant infrastructure in which they are delivered. Multi-tenant SaaS reduces electricity consumption, paper waste, and lowers CO2 emissions. A hundred customers, using 100 different systems, is less efficient and more impactful on the environment than those customers all sharing the same data center.

The Governor of California Signs Fracking Regulation Bill

Governor Jerry Brown signed legislation this past Friday that marks California’s first regulation for hydraulic fracturing.

The bill, which is most likely the toughest regulation yet for fracking, requires oil drillers to disclose the chemicals used and acquire permits before engaging in fracking. Other provisions of the legislation, which will take effect in January, call for oil companies to test groundwater, notify neighboring landowners before drilling, and to conduct a study about fracking’s impact on the environment by January 2015.

Although the bill was originally met with support from environmental groups, some of these groups have revoked their endorsements and now argue the regulation is not enough; whereas oil companies oppose it, claiming the bill will make it much harder to take full advantage of the oil from California’s southern San Joaquin Valley.

Gov. Brown has said the bill “establishes strong environmental protections and transparency requirements.” However, he also plans to explore further changes next year to clarify the new requirements.

Before this legislation, SB4, California did not have regulations for fracking. The new bill will undoubtedly require a great deal more reporting and permitting for the oil and gas industry. For companies engaging in hydraulic fracturing in California, the time is now to prepare for this new bill by organizing their information and automating reporting to ensure that regulations are met while their operational costs are lowered.

Cloud Apps Critical Requirement No. 5: World-Class Data Center and Security

A cloud application provider should be able to offer excellent security and data privacy better than its customers can do on their own, and at no additional cost. Processes and policies should encompass physical, network, application, and data-level security, as well as full backup and disaster recovery. The provider should be compliant with security-oriented laws and auditing programs, including SOC 1 Report on Controls over Financial Reporting (SSAE 16), (formerly known as SAS70 Type II), and SOC 2 Report on Controls over Security, Availability, Processing Integrity, Confidentiality, and Privacy; both developed and administered by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for use by practitioners in the performance of trust services engagements.

Reputable SaaS providers are proving that SaaS can be done at least as securely as most enterprise implementations, and in some cases more securely. For example, at Locus, direct access to the database is limited to a select set of people on Locus’ operations staff. A typical on-premises ERP implementation would grant this access to a much wider group, creating a security challenge. SaaS providers must take a holistic approach to security, ranging from technical safety guards such as encryption to understanding data privacy laws and compliance, and building those safety guards into every product and process.
Locus has adopted the following SOC 2 principles and related criteria:

  • Security. The system is protected against unauthorized access (both physical and logical).
  • Availability. The system is available for operation and use as committed to or agreed upon.
  • Processing integrity. System processing is complete, accurate, timely, and authorized.
  • Confidentiality. Information designated as confidential is protected as committed to or agreed upon.
  • Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.

It should be the responsibility of CIOs to conduct due diligence on SaaS providers. Go in and see what they’re doing around data security and privacy.
No one should enter a relationship without thoroughly vetting the provider’s capabilities. Providers that won’t allow you a thorough examination, claiming all kinds of reasons, are the ones to avoid.

California’s Cap-and-Trade Program Gains Confidence

At last month’s carbon allowance auction, the fourth ever held, the California cap-and-trade program reached an important milestone. The auction of “current year allowances”, or permits that companies can use for this year’s carbon pollution, have sold out at every auction thus far- but this was the first time the auction completely sold out of its permits for future carbon pollution, for the year 2016 to be exact.

California sold almost 10 million future year permits at a clearing price of $11.10 per allowance, and almost 14 million current year permits at a clearing price of $12.22 per allowance. Never before has there been this great of a demand for future permits. Most believe this surge in interest reflects a growing confidence in California’s cap-and-trade program, and increasing recognition by state businesses that this program is here to stay.

The cap-and-trade program, that took effect in 2012, was enacted to reduce greenhouse gas (GHG) emissions produced in California that cause climate change. The programs intention is to aid California in meeting its goal of reducing GHG emissions to 1990 levels by 2020, and overall accomplishing an 80 percent reduction from 1990 levels by 2050.

The recent carbon auction is a small achievement toward reaching this long-term goal. Locus fully supports these efforts; we were one of the first accredited verification bodies for greenhouse gas emissions, and our staff have also been certified as carbon offset verifiers under the California Air Resources Board. From our years of experience reporting greenhouse gases, Locus knows that participants in the cap-and-trade program have many options available to them in how they calculate and report their GHG data, and it is our personal goal to help them choose the best methods, through our technical experts or by using Locus’ cloud-based GHG software.