@CloudExpo Authors: Pat Romanski, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, William Schmarzo

Related Topics: @CloudExpo

@CloudExpo: Article

SaaS and the Comeback of Blind Faith; Know Before You Subscribe

Running your business on SaaS applications shouldn't put your company at risk

Software as a Service (SaaS) continues to change the face of computing especially for the small and mid-sized company.  With SaaS offerings the small office is able to take advantage of enterprise class solutions for customer management, time tracking, accounting as well as thousands of other applications. Although there is much fanfare around the benefits of SaaS, there isn't much talk about the lack of delivery standards or certifications.   Choosing a quality SaaS application requires a bit of investigation.  The wrong choice can put your business at risk.

Here is the scenario.  A small business owner performs a search on Google for accounting software.  Right there at the top of the screen in a nice colorful outline is a pay-per-click ad for a SaaS solution.  After following the ad and being impressed by the nicely designed website and inexpensive subscription, he signs up for an account.  Over the next few weeks he moves all of his business into the solution, starts to invoice customers online and rely every day on the solution to keep his business moving.

A month goes by and the promise of SaaS holds true for the small business owner.  But one morning he attempts to log into the application without success.  He contacts the providers technical support and receives a standard message that says that there was an equipment failure and the company is working on a recovery....

In this scenario, what happens next?  For most SaaS subscribers there is a blind faith that the vendor understood the value of their data and will be able to quickly resolve the problem.  Unfortunately there is no standard of care when it comes to SaaS applications and their data.  Some vendors may have the resources to continually stream data off site and keep a secondary system at the ready.  But other less sophisticated SaaS vendors may not have implemented programs sufficient to recover data loss.  Although you don't hear about catastrophic failure very often it does happen.  Just look at the case of Ma.gnonlia back in 2009, the data was lost and the site went offline.

To combat the blind faith requirement,  SaaS subscribers must demand more information from the providers.  They must demand transparency in service delivery and as well as a minimum acceptable standard of care for data.

For vendors, addressing the transparency issue is rather straight forward assuming there are policies and procedures in place to deliver a high quality, reliable SaaS service.  Vendors can add a Statement of Operations  to their websites.  This statement can live along side the privacy statement and terms of use.  The Statement of Operations should tell the subscriber the frequency and breadth of backups.  It should describe an ongoing program to run recovery drills to validate backup usability.  It should describe how the availability and the performance of the application is being monitored.

The more difficult task is to call upon the industry to define a minimum standard of care that helps to ensure the security, reliability and recover-ability of customer data.  Today, ask four different vendors the minimum acceptable window for data loss and you will receive four very different answers ranging from zero to days to weeks.    Turn that around and ask four small businesses and I'm confident the answer will be the same across the board that no data loss is acceptable.

In the end SaaS vendors are in business to make a profit. And they only way they can do that is to keep customer data safe and secure.  But oversights do happen and technical failures are still commonplace.  A statement of operations is only as good as the implementation of the policies it describes but it's a step in the right direction.

The next time you are ready to subscribe to a SaaS offering, ask the vendor the question - Where is your statement of operations?.  Ask them where they document their service delivery, data backup and disaster recovery policies.   If the vendor doesn't publish the policies then don't purchase that subscription.  Seek out another provider that will guarantee you a standard of care that your business (i.e., life's work) can live with.

More Stories By David Abramowski

David Abramowski is a technologist turned product leader. David was a co-founder of Morph Labs, one of the first Platform as a Service plays on AWS. He was the GM for Parallels Virtuozzo containers, enterprise business, and most recently he is the leader of the product marketing team for the IT Operations Management solutions at the hyper growth SaaS company, ServiceNow.

CloudEXPO Stories
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, Alex Lovell-Troy, Director of Solutions Engineering at Pythian, presented a roadmap that can be leveraged by any organization to plan, analyze, evaluate, and execute on moving from configuration management tools to cloud orchestration tools. He also addressed the three major cloud vendors as well as some tools that will work with any cloud.
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is being used on IBM Cloud, Amazon, and Microsoft Azure and how to gain access to these resources in the cloud... for FREE!
Digital transformation has increased the pace of business creating a productivity divide between the technology haves and have nots. Managing financial information on spreadsheets and piecing together insight from numerous disconnected systems is no longer an option. Rapid market changes and aggressive competition are motivating business leaders to reevaluate legacy technology investments in search of modern technologies to achieve greater agility, reduced costs and organizational efficiencies. In this session, learn how today's business leaders are managing finance in the cloud and the essential steps required to get on the right path to creating an agile, efficient and future-ready business.
CI/CD is conceptually straightforward, yet often technically intricate to implement since it requires time and opportunities to develop intimate understanding on not only DevOps processes and operations, but likely product integrations with multiple platforms. This session intends to bridge the gap by offering an intense learning experience while witnessing the processes and operations to build from zero to a simple, yet functional CI/CD pipeline integrated with Jenkins, Github, Docker and Azure.