There is a great article over at Information Week about why companies need a SaaS strategy. Hosted business applications as a market in itself is still quite new and is something that many businesses are just starting to explore. It’s imperative that IT departments take a long term approach to their adoption of cloud applications.
While SaaS shifts software deployment and maintenance burdens to the service provider, freeing up resources for other projects, IT is at the mercy of the provider for availability, data security, regulatory compliance, and other key issues. Outages will halt business, and poor response times will hamper productivity. SaaS apps aren't just a nice-to-have. Three-fourths of companies using SaaS consider application services extremely or critically important to their organizations, according to our InformationWeek Analytics survey of 281 business technologists, including 131 who now use SaaS. About one-third describe their SaaS apps as mission critical.
When Cloud applications become mission critical to a business there is an imperative to extend core IT principles to those cloud applications. Clearly this is a concern for many who are investigating SaaS adoption:
Data ownership is also a big obstacle, with 31% citing it as a reason they're not using SaaS. In speaking with SaaS vendors, they say security, privacy, and portability are the three objections they hear most. Portability will likely be one of the biggest worries this year, as companies pour more data into these apps and, having gained some SaaS experience and seen the growing number of choices, start switching providers.
The author goes on to discuss 9 key areas that need to be addressed when adopting SaaS applications for your business. A couple of them are items that I am consistently touting from my little soapbox in the world.
Have a detailed exit strategy. If you do cancel, can you get your data back, and in a form that you can use? This will become one of the biggest questions around SaaS in the coming year, as companies put increasingly vital information into these platforms, in increasingly large quantities. So make sure you have a plan to move data when you want to change providers, or bring the solution back in-house.
When you are putting your critical business data into someone else’s database and storing your important documents on someone else’s hard drive you need to be sure that you can get it out for any reason. That might be that you want to switch to another provider, you might want to integrate it into other applications, or it might just be that you want to have a full backup copy of it. Whatever the case you need to make sure that any cloud application you sign up for provides this capability or there is a third party tool that will allow you to extract that data for you.
Create a contingency plan. With SaaS, we haven't left the concept of five nines behind. While satisfaction levels are high for SaaS, IT must have a backup plan for apps that can't go down or data that can't be lost. It's critical to classify the type of data you need to back up.
Even though your SaaS provider will tell you that they are backing up your data for you any IT department worth their salaries will be skeptical of that. Until you have seen the backup data and know that you can access it when you need it you should keep looking for a backup solution. Fortunately there are beginning to be a number of third party services that can backup data for you from online applications and deliver that data directly to you.
Great tips. Another part of a SaaS stratgy can be 1) Escrow Agreements and 2) Security and Privacy compliance.
ReplyDeleteCompanies and request 3-way escrow agreements to be in place (for example Iron Mountain IP) where they are listed as the beneficiary to the SaaS provider's code + application / database in the event the SaaS provider goes belly up. These agreements are relatively cheap to setup and provide "a level of control" that would otherwise not exist.
Next is to ensure the SaaS Provider maintains a comprehensive ISMS (Information Security Management System) and is compliant in areas important to the business consuming the service. For example, as a eCommerce SaaS Platform, OrderDynamics.com maintains PCI compliance in addition to having a facilities provider that is SAS-70. Other benecial Security and Privacy points are HIPAA, SOX, ISO 27001, and PIPEDA.
Both of these deliverables should be embedded in the Master Service Agreement with the SaaS provider so they're accountable for maintaining them.
Michael Turcsanyi
www.orderdynamics.com