Look for tension between customization and mass appeal as SaaS providers try and keep enterprise customers happy while staying true to the multitenant model.
Talk about taking off: The percentage of companies using software as a service climbed 13 points in just 11 months, from 47% in our 2010 survey to 60% this year--one of the biggest adoption increases we've seen for any technology category in such a short period. The roster of SaaS providers set to take on giants like Microsoft, Google, and Salesforce.com has grown as well. In our 2011 survey, when we asked about SaaS vendors being used, we received more than 60 write-ins across just about every functional IT area, in addition to our list of a dozen big-name vendors. Such a rich applications landscape was the stuff of dreams just a few years ago.
But that doesn't mean SaaS is a no-brainer for companies to adopt. Many of the 275 business technology professionals responding to our InformationWeek Analytics 2011 SaaS Survey, all of whom are involved in their companies' enterprise applications strategies, express concern about features and functionality. Integration is still a big problem. Perhaps most significant, in tandem with the jump in SaaS use over the past year, overall satisfaction levels took a dip. In our 2010 SaaS Survey, 85% of respondents said SaaS met or exceeded expectations. Now only 74% feel that way. Still not a bad percentage, but can SaaS vendors arrest this downward momentum?
It won't be easy. SaaS providers' profit margins are razor thin, and as the customer base expands and enterprises start demanding customization, providers will have their work cut out for them. For vendors offering both licensed and subscription as-a-service products, it's a balancing act to offer world-class enterprise software while catering to a clientele that's fixated on speed of delivery. The responsibility for delivering a highly available service, fast, is very different from shipping code and having customers take responsibility for maintenance and support.
Software vendors that pushed their SaaS offerings hard may end up wishing they'd devoted some of that marketing effort to the old-school model.
SaaS will not spell an end to internal IT operations, dire predictions aside. But it will be transformative. For midsize businesses, SaaS has become a competitive differentiator; if you're a CIO looking to help your company grow, the SaaS model lets you equip employees with the same multimillion-dollar BI applications used by enterprise rivals, without the capital costs. Enterprise IT teams are more focused on shedding the drag of managing commodity services like e-mail.
But it's still a lot easier to use SaaS for applications related to new business functions than to shift from in-house software, given the data migration headaches and sunk capital investments.
When we asked those not using SaaS what's holding them back, we found that the same top three barriers to adoption--no business requirements, and concerns over security and data ownership--remain year over year. However, worries about security dropped eight percentage points. A small minority, 10%, say they see SaaS as more secure than their internal systems. More telling is that the percentage who say they're not sure if SaaS is more or less secure jumped 10 points, to 17%. We see that as an indication that SaaS vendors' drumbeat around security is starting to work. Still, 31% of survey respondents say SaaS applications are less secure than on-premises systems, and they may be right.
So what's driving SaaS uptake? Speed to implementation pulled away from other drivers in our 2011 survey. As businesses struggle in a slowly recovering economy, they put a premium on providing new applications quickly while minimizing up-front investments.
We also continue to meet CIOs who find themselves competing with SaaS providers that are aggressively wooing their line-of-business colleagues. In fact, when we asked about the main force driving the decision to move to SaaS, only 36% of our survey respondents named IT.
While LOB leaders may feel empowered by SaaS, they're generally unaware of the hidden costs and dependencies. We've helped many companies caught in SaaS quagmires no one foresaw. For one health agency, the business development director decided to move away from a CRM system that was universally disliked by salespeople and sign a contract with Salesforce. While the adoption rate was high, some vital functions tied to the legacy application--like customer contacts, required for billing and quality control--forced IT to keep the old system going in tandem. The development director quickly became overwhelmed trying to administer the Salesforce system, not because it was difficult, but because she had other things to do. There were also data integration requirements and security reviews that didn't enter into her decision to implement Salesforce. By the time IT stepped in, hundreds of hours and many thousands of dollars were out the window.
One of the biggest complaints we hear about SaaS is the inability to share data with other on-premises and as-a-service applications. No one wants to go back to the bad old days of data silos, but the very nature of the SaaS architecture makes this a real risk. Take CRM. Once a prospect in your system becomes a customer, you may want the contact information stored in the SaaS application to pass to a number of other enterprise systems, or even to another SaaS provider. This list may include billing, order fulfillment, and help-desk applications.
More than half our survey respondents--55%, a five-point jump from last year--say they've integrated SaaS applications with internal applications. But it's far from easy. If you're considering using SaaS e-mail, such as Microsoft Exchange, you may not be able to integrate it into your Active Directory. If you're also using a second SaaS provider for SharePoint, you'll have yet another set of credentials with policies around passwords that may not comply with your enterprise guidelines.
"If it were solely up to me, only applications that had zero prospect of intracompany integration requirements would be eligible for SaaS packages," says a director with a logistics and transportation company who's charged with ensuring integration of data and systems. "Integrating with SaaS data is magnitudes more difficult--and often impossible," compared with on-premises deployments.
While several SaaS vendors offer APIs to aid integration, a development effort is still needed--usually but not always minor, and one the business organization selecting the app certainly isn't equipped for. The best answer for now is to insist on open, standards-based APIs, which provide the most flexibility.
In addition to the actual exchange of data, there's a need for a central intelligence broker to manage the business logic for transactions. While vendors, including Dell's Boomi, Cloud Fusion Software, DBSync, HubSpan, and Vordell, are emerging to meet these challenges, their offerings are still immature, and the number and types of adapters they provide may not meet your needs. This intelligence and workflow automation will be what really drives value.
When looking at cloud brokers, consider these key points: Can they integrate into your in-house applications, or just with other cloud systems? Are all your apps supported, and if not, can you connect oddballs using open APIs? How is the broker delivered: appliance, in the cloud, on-site software? How robust is the workflow orchestration engine? How about reports to monitor transactions, compliance, governance, and performance? How is licensing constructed--per user, transaction, server/CPU? Spend too much on integration and you negate any savings.
IT's Not Off The Hook
While SaaS off-loads many software management and support tasks, there are still items IT must deal with. Most time-consuming is the overhead of managing accounts, access rights, and group or alias security. From an audit and compliance perspective, you're still on the hook for reporting changes to controls and maintaining those reports. One respondent to our survey noted that SaaS is a potential liability for his shop, which must comply with HIPAA regulations, since it's difficult to verify compliance when data is off site.
We fully expect one or two high-profile security breaches will give SaaS providers a black eye. Yet "just trust us" is what many SaaS vendors will tell you when it comes to service-level agreements and performance. The vast majority of respondents to our survey do just that: 71% rely on vendors for SLA metrics and 14% don't even look at that data! While application performance management providers offer software to manage SaaS, we see very few companies making this investment. So it came as no surprise that, when we asked respondents to rate the overall performance and reliability of their SaaS applications, 42% said performance is either inferior (12%) or a mixed bag (30%).
SaaS SLAs are really tough to monitor. You likely won't have visibility into the cloud to gather data on your own and will, in fact, need to trust the provider.
Data portability is important as well, and many IT organizations discover too late how hard it is to get data out of the SaaS realm. Google has an engineering team whose singular charge is to make it easier for customers to move their data in and out of Google products like Gmail. Salesforce lets users export and back up all their data in an easy-to-read CSV format.
For other providers, extraction and portability options vary widely. And any specialized workflows or other customizations you make to the SaaS application are even trickier to move, so the more you tweak the platform, the more challenging it will be to move your application to another provider or back in house.
Many vendors are just not forthcoming about how, exactly, they will deliver your data, so always ask for a sample extraction. It does you little good to get back two years' worth of human resources records in a proprietary format.
5 Steps To Stay Up And Running
Even as they ship more IT functions off site, companies haven't left the concept of five nines behind. CIOs must have backup plans in place for all SaaS important or mission-critical apps--and fully 87% of respondents rate their as-a-service apps that way. Steps to take:
>> Classify the types of data you need to back up, either to your site or to a cloud-based backup provider. The SaaS vendor should give you tools to extract this data without requiring support from its staff. If you work with multiple SaaS providers, consider deploying a cloud service bus or other orchestration tool to streamline this process.
>> For cloud-based backups, ensure the vendor can honor your data retention and restoration policies. How long do you expect the SaaS vendor to retain the backups? What recovery points are available? If a user requests a restoration, how long will it take? These are all critical considerations to ensure you won't get burned by data loss.
>> Build a new skill set. Instead of spending time keeping servers up and commodity applications healthy, IT must now manage vendors and configure, integrate, and become custodians of valuable data trusted to outsiders. Get skilled at partnering with business managers to ensure that SaaS fulfills the promise of lower costs and higher speed.
>> Decide up front who's responsible for what. If you thought internal finger-pointing was a time suck, wait until you're arguing with a SaaS provider and an ISP over why the CFO's financial system is down.
>> Don't skimp on performance management. SaaS metrics take the form of key performance indicators and operational-level agreements, as well as SLAs. To measure and tie application services back to these metrics, SaaS performance management is critical.
Speaking of performance, what happens when (not if) one of those critical services slows to a crawl or fails? Users won't accept "the Internet is slow today" as an excuse for poor performance.
Satisfaction levels are determined largely by bandwidth availability. How much throughput you'll need for the additional capacity required for SaaS depends greatly on application type.
Vendors used by more than 10% of companies in our survey include ADP, IBM, EMC, Google, Microsoft, Oracle, and Salesforce, with IBM and ADP showing the largest gains and Salesforce the biggest drop. But the most popular vendor was "Other," with a full 42%. This illustrates the diversity in SaaS.
Microsoft showed some of the biggest gains among larger vendors. Its flagship Office 365 SaaS offering encompasses productivity and collaboration applications, including Word, PowerPoint, Excel, Exchange, and SharePoint. Microsoft also launched its Microsoft Dynamics CRM Online, hoping to take a bite out of Salesforce's market dominance.
To stand out among the huge field of vendors, some SaaS providers are targeting niches. For example, OmniUpdate, a SaaS-based Web content management system, is aimed at colleges and universities. DentalCurve provides dental practice management in a SaaS environment. Practice Fusion offers a free, hosted electronic health records package for doctors' offices and clinics. This approach is in contrast to vendors trying to provide functions across a broad range of markets; Symantec, for example, expects its Hosted Services SaaS-based division to generate 15% of the company's revenue--$1 billion in annual sales--within the next five years.
This vibrant, competitive ecosystem means the most important function for IT may be to constantly evaluate its SaaS portfolio to ensure the company gets the services best tailored to your business, at the lowest possible price.
Michael Biddick is president and CTO of Fusion PPT. Write to us at email@example.com.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.