Welcome!

@CloudExpo Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Matt Brickey, Christoph Schell

Related Topics: @CloudExpo

@CloudExpo: Article

SaaS and the Comeback of Blind Faith; Know Before You Subscribe

Running your business on SaaS applications shouldn't put your company at risk

Software as a Service (SaaS) continues to change the face of computing especially for the small and mid-sized company.  With SaaS offerings the small office is able to take advantage of enterprise class solutions for customer management, time tracking, accounting as well as thousands of other applications. Although there is much fanfare around the benefits of SaaS, there isn't much talk about the lack of delivery standards or certifications.   Choosing a quality SaaS application requires a bit of investigation.  The wrong choice can put your business at risk.

Here is the scenario.  A small business owner performs a search on Google for accounting software.  Right there at the top of the screen in a nice colorful outline is a pay-per-click ad for a SaaS solution.  After following the ad and being impressed by the nicely designed website and inexpensive subscription, he signs up for an account.  Over the next few weeks he moves all of his business into the solution, starts to invoice customers online and rely every day on the solution to keep his business moving.

A month goes by and the promise of SaaS holds true for the small business owner.  But one morning he attempts to log into the application without success.  He contacts the providers technical support and receives a standard message that says that there was an equipment failure and the company is working on a recovery....

In this scenario, what happens next?  For most SaaS subscribers there is a blind faith that the vendor understood the value of their data and will be able to quickly resolve the problem.  Unfortunately there is no standard of care when it comes to SaaS applications and their data.  Some vendors may have the resources to continually stream data off site and keep a secondary system at the ready.  But other less sophisticated SaaS vendors may not have implemented programs sufficient to recover data loss.  Although you don't hear about catastrophic failure very often it does happen.  Just look at the case of Ma.gnonlia back in 2009, the data was lost and the site went offline.

To combat the blind faith requirement,  SaaS subscribers must demand more information from the providers.  They must demand transparency in service delivery and as well as a minimum acceptable standard of care for data.

For vendors, addressing the transparency issue is rather straight forward assuming there are policies and procedures in place to deliver a high quality, reliable SaaS service.  Vendors can add a Statement of Operations  to their websites.  This statement can live along side the privacy statement and terms of use.  The Statement of Operations should tell the subscriber the frequency and breadth of backups.  It should describe an ongoing program to run recovery drills to validate backup usability.  It should describe how the availability and the performance of the application is being monitored.

The more difficult task is to call upon the industry to define a minimum standard of care that helps to ensure the security, reliability and recover-ability of customer data.  Today, ask four different vendors the minimum acceptable window for data loss and you will receive four very different answers ranging from zero to days to weeks.    Turn that around and ask four small businesses and I'm confident the answer will be the same across the board that no data loss is acceptable.

In the end SaaS vendors are in business to make a profit. And they only way they can do that is to keep customer data safe and secure.  But oversights do happen and technical failures are still commonplace.  A statement of operations is only as good as the implementation of the policies it describes but it's a step in the right direction.

The next time you are ready to subscribe to a SaaS offering, ask the vendor the question - Where is your statement of operations?.  Ask them where they document their service delivery, data backup and disaster recovery policies.   If the vendor doesn't publish the policies then don't purchase that subscription.  Seek out another provider that will guarantee you a standard of care that your business (i.e., life's work) can live with.

More Stories By David Abramowski

David Abramowski is a technologist turned product leader. David was a co-founder of Morph Labs, one of the first Platform as a Service plays on AWS. He was the GM for Parallels Virtuozzo containers, enterprise business, and most recently he is the leader of the product marketing team for the IT Operations Management solutions at the hyper growth SaaS company, ServiceNow.

@CloudExpo Stories
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
As enterprise cloud becomes the norm, businesses and government programs must address compounded regulatory compliance related to data privacy and information protection. The most recent, Controlled Unclassified Information and the EU’s GDPR have board level implications and companies still struggle with demonstrating due diligence. Developers and DevOps leaders, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by in...
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained Michael Fuhrman, Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.