Strategic CIO // IT Strategy
Commentary
8/1/2014
09:06 AM
Lawrence Garvin
Lawrence Garvin
Commentary
Connect Directly
RSS
E-Mail
100%
0%

SaaS: Still Not Simple-As-A-Service

Cost, data ownership, security, and other factors can complicate the SaaS decision.

Software-as-a-service has moved well beyond the tidy world created by Salesforce.com. While there are now hundreds of successful SaaS vendors, customers have paid scant attention to the complexity this proliferation is having on their companies and end users.

The first impact is cost. Subscription, per-user SaaS fees, payable monthly or quarterly, seemingly provide a low entry point. But this "cheap road in" overlooks the other infrastructure investments SaaS customers must make, including redundant connectivity from multiple ISPs to ensure continuous access to business-critical software. Startups and small businesses that don't have the in-house expertise to implement the required connectivity must pay up for consultants to do so.

Another complication of the SaaS model, one that's usually considered a benefit, is automatic feature updates. More frequent, regular updates are great, provided that the new features don't materially change how people use the product to perform critical business processes. However, if a customer has to reevaluate or change core processes with minimal notice to test and validate new workflows, end users are in for rude awakenings.

[Do you know what lurks in the fine print of that service agreement? Read Cloud Contracts: 8 Questions To Ask.]

Complexity is also increased as a byproduct of SaaS being browser-based. It's not just four or five different browsers, some with multiple versions in release on both PCs and Macs, but also a host of browser platforms on mobile devices -- any one of which becomes problematic for the IT pro if an employee can't do work when and where he or she wants to. IT pros now have to build out browser support policies that are more complex than ever.

But the elephant in the room in regard to SaaS is who has custody of the data, and how easy it is to get complete and portable copies of that data. It's one thing to have an offline/offsite backup of the dataset in a format compatible with the SaaS product. It's an entirely different consideration to have an offline/offsite backup of the dataset that your company can port easily into a competing SaaS product if the current one becomes unusable, unacceptable, or just goes away unexpectedly.

A secondary issue is the protection of the data in the custody of the SaaS vendor. Where is it encrypted? Who holds the encryption keys? Who has access to the encryption keys? Which encryption methodologies are in use? Going with a SaaS provider means handing the house keys over to a third party, and without a clear understanding of security and compliance, this is a leap of faith for the typical IT pro.

There are also legal implications that are beyond the realm of a typical IT pro. SaaS applications -- not unlike on-premises applications -- come with complex contracts, terms of service, licensing parameters, data storage and security requirements, and other issues, all defined in legalese. If IT pros haven't already formed relationships with members of their legal teams, they soon will.

All of these considerations can overwhelm experienced IT pros used to dealing with such issues in-house, where they had full control. Know what you're getting into before you embrace SaaS as the "simpler" enterprise software option.

Cloud Connect (Sept. 29 to Oct. 2, 2014) brings its "cloud-as–business–enabler" programming to Interop New York for the first time in 2014. The two-day Cloud Connect Summit will give Interop attendees an intensive immersion in how to leverage the cloud to drive innovation and growth for their business. In addition to the Summit, Interop will feature five cloud workshops programmed by Cloud Connect. The Interop Expo will also feature a Cloud Connect Zone showcasing cloud companies' technology solutions. Register with Discount Code MPIWK or $200 off Total Access or Cloud Connect Summit Passes.

Lawrence Garvin, head geek and technical product marketing manager at SolarWinds, wrote his first computer program, in RPG-II, in 1974, to calculate quadratic equations. He tested it on some spare weekend cycles on an IBM System 3 that he "borrowed" from his father's ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LawrenceGarvin
50%
50%
LawrenceGarvin,
User Rank: Author
8/5/2014 | 12:01:30 PM
Re: good point
For my thoughts on what is, or is not, Software-as-a-Service, I invite you to read an earlier article here in Information Week.

http://www.informationweek.com/cloud/stop-the-cloud-i-want-to-get-off/d/d-id/1113948?

But truly, whether Dropbox is or is not SaaS is the least relevant point of this conversation. The point of the article is access to the *data* sitting behind the application. Since a Dropbox user has *direct* access to the individual files contained in that service, I'd say Dropbox is really out-of-scope for the concerns brought forth in the article.

As for "not being offline for a few hours".... personally I know of organizations that would be catastrophically affected if NetSuite or Saleforce were offline "for a few hours".

And, as for that naive "it's never happened before" mentality.... most catastrophically crashed servers in an organizations on-premise datacenter "have never crashed before"...

The point here is to be able to immediately and effectively recover from the "it's never happened before" possibility...

AND... as for that same mentality, I have but one word: Nirvanix.

http://www.informationweek.com/cloud/infrastructure-as-a-service/nirvanix-shutdown-some-customers-face-mission-impossible/d/d-id/1111601?

(At least Nirvanix provided a few weeks notice, which didn't do those people who needed six weeks worth of bandwidth to transfer their data much help anyway.)

The premise here is what happens when there's NO NOTICE!??

 
tom_t
50%
50%
tom_t,
User Rank: Apprentice
8/5/2014 | 11:52:38 AM
Re: good point
What's your examples of software as a service? When was DropBox or Netsuite ever offline for more than a few hours? Just wondering...
LawrenceGarvin
50%
50%
LawrenceGarvin,
User Rank: Author
8/5/2014 | 11:22:48 AM
Re: good point
Comparing NetSuite (or Salesforce) and Dropbox is a bit of a stretch.

Dropbox is a single purpose utility where the data is always under direct control of the user. Dropbox is not, however, a Software-as-a-Service offering. It's just a file storage service.

NetSuite and Salesforce, however, have complex database structures behind them that assimilate and correlate the data from various different purposes. They are, simply stated, CRM-in-the-Cloud. Now consider the database environment that would sit underneath an on-premise CRM system. How would you protect that? How would you back it up? How would you write a Disaster Recovery plan for that on-premise CRM system? How would you write a Business Continuity plan for tha on-premise CRM system?

If your CRM server crashes, how do you rebuild it. Ahh... no problem, you have backups at an offsite safehouse, you just go get the media, rebuild the server, and restore.

Now.... explain that same procedure if NetSuite or Salesforce is inaccessible to your organization for a day? a week? longer? What if the company disappears completely (along with all of your CRM data)?
  • What is that procedure for backing up your NetSuite data to a *portable* state?
  • What is that procedure for backing up your Salesforce data to a *portable* state?
  • What vendors have you identified to replace Salesforce or NetSuite if they should "go away".
  • Have you *tested* the importing/restoring of those NetSuite and Salesforce backups you have?
zerox203
50%
50%
zerox203,
User Rank: Ninja
8/5/2014 | 10:31:07 AM
Re: Still Not Simple-As-A-Service
I think your mentality is not taken often enough in the IT blogosphere, Lawrence. Talk is cheap; what's important is what happens when real IT organizations try to use this technology in a real-world setting. Many IT depts, even at large companies, don't really exist on that cutting edge. The expression is 'keeping the lights on' and while that may sound mundane, it's often the reality. for example, for them, constant connectivity might very well be a top concern... even if it already sounds old-fashioned to some of us. So, you're right - the 'cost savings' of SaaS might still be a trap to those of us who are ill-prepared... or just underequipped. One size certainly does not fit all.

As for privacy, compliance, and data ownership concerns, I think those are universal. We still have some people poo-poo'ing the idea that SaaS invites risk, and I get their point - you could say e-mail invites risk over snail mail, but that doesn't mean we shouldn't use e-mail. Nevertheless, people were skeptical of e-mail once upon a time, and we'd do well to keep that skepticism alive with SaaS. What data you're willing to let sit under someone else's control  (or risk non-compliance on, etc.) may vary depending on your company... so don't let someone else tell you whether or not it's the right decision. Decide for yourself.
Li Tan
100%
0%
Li Tan,
User Rank: Ninja
8/2/2014 | 6:30:51 AM
Re: good point
I agree with you, Laurianne. As I have mentioned in several other comments for SaaS topic, in cloud world the new silos and walls start to erect. The enterprise is being seized and confined to specific cloud vendors. It's not easy to achieve seamless portability across different vendors.
tom_t
100%
0%
tom_t,
User Rank: Apprentice
8/2/2014 | 5:55:19 AM
Re: good point
I disagree. Certainly any organization expecting to replace an HR system or a financial one (workday, net suite) can expect to deal with complexity. But many SAAS offerings are aimed at ease if use, flexibility, and excellent end user experience. Look at DropBox - fulfills a niche, a need, with minimal hassle. Cost, even on-going, is reasonable. And there's plenty of other business apps that solve "one problem" well -- another aspect of SAAS we frequently forget. Of course one needs an "always on" Internet connection. But which smart phone like the iPhone connected via multiple wifi or the telecoms network, I'd argue even the SMB organization has levels of connectivity with up times unheard of only a few years ago. For not much money, and, frankly, almost everywhere.
Laurianne
100%
0%
Laurianne,
User Rank: Author
8/1/2014 | 1:06:23 PM
good point
"It's an entirely different consideration to have an offline/offsite backup of the dataset that your company can port easily into a competing SaaS product if the current one becomes unusable, unacceptable, or just goes away unexpectedly." This is such a big issue -- and certainly not easy at the moment.
Transformative CIOs Organize for Success
Transformative CIOs Organize for Success
Trying to meet today’s business technology needs with yesterday’s IT organizational structure is like driving a Model T at the Indy 500. Time for a reset.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.