Welcome!

@CloudExpo Authors: Rajeev Kozhikkattuthodi, Pat Romanski, Elizabeth White, Yeshim Deniz, Michel Courtoy

Related Topics: Open Source Cloud, @CloudExpo, Cloud Security

Open Source Cloud: Blog Feed Post

The Top Five SaaS Risks and How to Mitigate Them

Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS

By Lonne Jaffe - You may have heard that cloud computing and Software-as-a-Service (SaaS) models can turn software technology into a pay-as-you-go utility that businesses can “plug in to” and use like electricity?

Perhaps — however, software technology is far more varied, nuanced and diverse than electricity. You don’t win customers by having better electricity than your competition. Software, by contrast, absolutely is a competitive differentiator for any business today. Companies in industries as varied as retail and finance use software at the very core of their value proposition to customers. It lets them deliver a variety of services to their customers, improve operational efficiencies, create new offerings and a lot more.

That’s not to downplay the business flexibility that SaaS can bring. Being able to “switch on” software and infrastructure delivered as a service for a metered fee can be an attractive alternative to having to build and manage your own IT environments.

However, as with all shiny new things in technology, buyer beware. Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS. With this in mind, here are five potential risks technology executives should consider about SaaS and some thoughts on how to manage them.

  1. SaaS Can Have Hidden Costs. The SaaS model typically involves pay-as-you-go, or term-based licensing, in which your organization pays monthly or annual fees based on some metrics (number of seats, number of queries, amount of data, etc.). There are certainly many situations in which this is more attractive than investing in servers, software licenses and IT manpower up front. The ability to keep cash on the balance sheet and to pay for software as it’s consumed (“by the drink,” as it were) can be helpful. For a growing business, the SaaS model lets you start small and scale up as the business becomes more successful over time. That said, don’t mistake this for “cheaper.” SaaS is not always cheaper, especially when factoring in the cost of learning and managing a new environment, and the often considerable effort of moving existing technology workloads onto a new SaaS platform. Make sure you consider all of these costs when you’re evaluating the total cost of ownership of a SaaS initiative.

  2. SaaS Can Introduce Bandwidth Issues. Moving to a cloud-based app can have a tremendous impact on your network infrastructure. There are circumstances where the data is so massive that it has a sort of “gravity” to it. The amount of data that can be transmitted over the Internet and the reliability of the network connections have improved dramatically, but it’s still difficult to move these large pools of data over the public Internet . Because of this, companies might find they need to have their compute power located physically close to the data to get the scalability and performance essential for high-profile, enterprise-grade systems.

  3. SaaS Can Accelerate the Rogue Cloud. SaaS can empower more tech-savvy business users, but it also encourages rogue software purchases. All it takes is a corporate credit card, and the business user is off and running with a new SaaS application, sometimes without consulting the technology leadership in the business. Of course, as my colleague Andi Mann has written about, this is not necessarily a bad thing and can be used to encourage skunk works innovation. But at the end of the day, the CIO remains responsible for the security, management and performance of the overall technology infrastructure. The breakdown in coordination caused by the rogue cloud adds complexity and risk to the job. I recommend investing in third-party software that helps CIOs: manage the performance of the SaaS applications; select ideal vendors based on price, performance, capability and quality of service; and secure the applications and data now seeping outside of the enterprise’s four walls.

  4. SaaS Requires a New Take on Security. The old perimeter model of walling off the data center to keep the bad guys out simply doesn’t work in a world where IT infrastructure and applications increasingly reside on public, private and hybrid clouds. When your data and compute power are scattered across the Internet, you can’t put a walled perimeter around it to keep it safe because there’s nothing concrete to put a wall around. A better paradigm: use “identity” as the new perimeter. Wherever data and applications reside, they can be locked down and secured using sophisticated identity and access management solutions that continuously evaluate and manage who is accessing systems and data. And advanced data-level encryption can be used to ensure that data— whether at rest or in motion— can’t be read by the bad guys.

  5. SaaS Has a Blindside. SaaS service providers do offer insight into the performance of their applications and platforms, but in many cases, their management capabilities are not good enough. As your organization increases its dependence on outside software resources, visibility into your technology environment’s performance could suffer. Look for management software that can help you monitor and proactively manage these critical SaaS applications across both cloud and non-cloud environments.

Businesses are reaping tremendous benefits from the use of SaaS services for a wide variety of applications, and the use of SaaS will only grow with time. Yes, it can be cheaper, faster, and more flexible than in-house implementations. But like everything else in life, SaaS is not without risks and needs a well-informed approach coupled with next-generation management and security software to ensure the benefits and mitigate the risks.

Read the original blog entry...

More Stories By Denise Dubie

Denise Dubie (@DDubie) is New Media Principal in CA Technologies Thought Leadership Group. She is charged with creating content relevant to today’s most pressing technology and business trends for industry leaders and IT professionals.

Prior to joining the company in 2010, Dubie spent 12 years of her career at Network World, an IDG company, covering the IT management industry and all of its players (including CA Technologies and its competitors) as well as high-tech careers, technology trends and vendors such as Cisco, HP, IBM and Microsoft. As Senior Editor at Network World, Dubie also authored the publication's twice-weekly Network and Systems Management Alert newsletter and contributed to the Web site's Microsoft Subnet blog. Before IDG, she served as Assistant Managing Editor at Application Development Trends, managing writers and the monthly publication's production process.

Dubie started her professional journalism career as a Staff Writer/Reporter at The Transcript, a small daily paper in Western Massachusetts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
"Tintri focuses on the Ops side of the DevOps, which basically is pushing more and more of the accessibility of the infrastructure to the developers and trying to get behind the scenes," explained Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
"We focus on composable infrastructure. Composable infrastructure has been named by companies like Gartner as the evolution of the IT infrastructure where everything is now driven by software," explained Bruno Andrade, CEO and Founder of HTBase, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...