Welcome!

Cloud Expo Authors: Greg Ness, Bernard Golden, Roger Strukhoff, Elizabeth White, Carmen Gonzalez

Related Topics: Open Source, Cloud Expo, Security

Open Source: Blog Feed Post

The Top Five SaaS Risks and How to Mitigate Them

Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS

By Lonne Jaffe - You may have heard that cloud computing and Software-as-a-Service (SaaS) models can turn software technology into a pay-as-you-go utility that businesses can “plug in to” and use like electricity?

Perhaps — however, software technology is far more varied, nuanced and diverse than electricity. You don’t win customers by having better electricity than your competition. Software, by contrast, absolutely is a competitive differentiator for any business today. Companies in industries as varied as retail and finance use software at the very core of their value proposition to customers. It lets them deliver a variety of services to their customers, improve operational efficiencies, create new offerings and a lot more.

That’s not to downplay the business flexibility that SaaS can bring. Being able to “switch on” software and infrastructure delivered as a service for a metered fee can be an attractive alternative to having to build and manage your own IT environments.

However, as with all shiny new things in technology, buyer beware. Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS. With this in mind, here are five potential risks technology executives should consider about SaaS and some thoughts on how to manage them.

  1. SaaS Can Have Hidden Costs. The SaaS model typically involves pay-as-you-go, or term-based licensing, in which your organization pays monthly or annual fees based on some metrics (number of seats, number of queries, amount of data, etc.). There are certainly many situations in which this is more attractive than investing in servers, software licenses and IT manpower up front. The ability to keep cash on the balance sheet and to pay for software as it’s consumed (“by the drink,” as it were) can be helpful. For a growing business, the SaaS model lets you start small and scale up as the business becomes more successful over time. That said, don’t mistake this for “cheaper.” SaaS is not always cheaper, especially when factoring in the cost of learning and managing a new environment, and the often considerable effort of moving existing technology workloads onto a new SaaS platform. Make sure you consider all of these costs when you’re evaluating the total cost of ownership of a SaaS initiative.

  2. SaaS Can Introduce Bandwidth Issues. Moving to a cloud-based app can have a tremendous impact on your network infrastructure. There are circumstances where the data is so massive that it has a sort of “gravity” to it. The amount of data that can be transmitted over the Internet and the reliability of the network connections have improved dramatically, but it’s still difficult to move these large pools of data over the public Internet . Because of this, companies might find they need to have their compute power located physically close to the data to get the scalability and performance essential for high-profile, enterprise-grade systems.

  3. SaaS Can Accelerate the Rogue Cloud. SaaS can empower more tech-savvy business users, but it also encourages rogue software purchases. All it takes is a corporate credit card, and the business user is off and running with a new SaaS application, sometimes without consulting the technology leadership in the business. Of course, as my colleague Andi Mann has written about, this is not necessarily a bad thing and can be used to encourage skunk works innovation. But at the end of the day, the CIO remains responsible for the security, management and performance of the overall technology infrastructure. The breakdown in coordination caused by the rogue cloud adds complexity and risk to the job. I recommend investing in third-party software that helps CIOs: manage the performance of the SaaS applications; select ideal vendors based on price, performance, capability and quality of service; and secure the applications and data now seeping outside of the enterprise’s four walls.

  4. SaaS Requires a New Take on Security. The old perimeter model of walling off the data center to keep the bad guys out simply doesn’t work in a world where IT infrastructure and applications increasingly reside on public, private and hybrid clouds. When your data and compute power are scattered across the Internet, you can’t put a walled perimeter around it to keep it safe because there’s nothing concrete to put a wall around. A better paradigm: use “identity” as the new perimeter. Wherever data and applications reside, they can be locked down and secured using sophisticated identity and access management solutions that continuously evaluate and manage who is accessing systems and data. And advanced data-level encryption can be used to ensure that data— whether at rest or in motion— can’t be read by the bad guys.

  5. SaaS Has a Blindside. SaaS service providers do offer insight into the performance of their applications and platforms, but in many cases, their management capabilities are not good enough. As your organization increases its dependence on outside software resources, visibility into your technology environment’s performance could suffer. Look for management software that can help you monitor and proactively manage these critical SaaS applications across both cloud and non-cloud environments.

Businesses are reaping tremendous benefits from the use of SaaS services for a wide variety of applications, and the use of SaaS will only grow with time. Yes, it can be cheaper, faster, and more flexible than in-house implementations. But like everything else in life, SaaS is not without risks and needs a well-informed approach coupled with next-generation management and security software to ensure the benefits and mitigate the risks.

Read the original blog entry...

More Stories By Denise Dubie

Denise Dubie (@DDubie) is New Media Principal in CA Technologies Thought Leadership Group. She is charged with creating content relevant to today’s most pressing technology and business trends for industry leaders and IT professionals.

Prior to joining the company in 2010, Dubie spent 12 years of her career at Network World, an IDG company, covering the IT management industry and all of its players (including CA Technologies and its competitors) as well as high-tech careers, technology trends and vendors such as Cisco, HP, IBM and Microsoft. As Senior Editor at Network World, Dubie also authored the publication's twice-weekly Network and Systems Management Alert newsletter and contributed to the Web site's Microsoft Subnet blog. Before IDG, she served as Assistant Managing Editor at Application Development Trends, managing writers and the monthly publication's production process.

Dubie started her professional journalism career as a Staff Writer/Reporter at The Transcript, a small daily paper in Western Massachusetts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo, moderated by Ashar Baig, Research ...
StackIQ offers a comprehensive software suite that automates the deployment, provisioning, and management of Big Infrastructure. With StackIQ’s software, you can spin up fully configured big data clusters, quickly and consistently — from bare-metal up to the applications layer — and manage them efficiently. Our software’s modular architecture allows customers to integrate nearly any application with the StackIQ software stack.
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, will focus on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud pla...
As Platform as a Service (PaaS) matures as a category, developers should have the ability to use the programming language of their choice to build applications and have access to a wide array of services. Bluemix is IBM's open cloud development platform that enables users to easily build cloud-based, creative mobile and web applications without having to spend large amounts of time and resources on configuring infrastructure and multiple software licenses. In this track, you will learn about the...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: ...
Compute virtualization has been transformational, yet security policy implementation and enforcement has lagged behind in agility and automation. There are a number of key considerations when implementing policy in private and hybrid clouds. In his session at 15th Cloud Expo, Holland Barry, VP of Technology at Catbird, will discuss the impact of this new paradigm and what organizations can do today to safely move to software-defined network and compute architectures, including: How normal ope...
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: S...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff hap...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accel...
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customiz...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
SYS-CON Events announced today that ElasticBox is holding a Hackathon at DevOps Summit, November 6 from 12 pm -4 pm at the Santa Clara Convention Center in Santa Clara, CA. You can enter as an individual or team of up to 10 developers. A New Star Is Born Every Month! All completed ElasticBoxes will then be sent to a judging panel - 12 winners will be featured on the ElasticBox website in 2015. All entrants will receive five full enterprise licenses for one year + ElasticBox headphones + Elasti...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT tranformation? In his session at 15th Cloud Expo, John Hatem, head of V...
Cloud services are the newest tool in the arsenal of IT products in the market today. These cloud services integrate process and tools. In order to use these products effectively, organizations must have a good understanding of themselves and their business requirements. In his session at 15th Cloud Expo, Brian Lewis, Principal Architect at Verizon Cloud, will outline key areas of organizational focus, and how to formalize an actionable plan when migrating applications and internal services to...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, will discuss how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP ...
Ixia develops amazing products so its customers can connect the world. Ixia helps its customers provide an always-on user experience through fast, secure delivery of dynamic connected technologies and services. Through actionable insights that accelerate and secure application and service delivery, Ixia's customers benefit from faster time to market, optimized application performance and higher-quality deployments.
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals,...
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue bu...
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce t...
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has dem...