Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Mehdi Daoudi, Elizabeth White, Rene Buest

Related Topics: Open Source Cloud, @CloudExpo, Cloud Security

Open Source Cloud: Blog Feed Post

The Top Five SaaS Risks and How to Mitigate Them

Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS

By Lonne Jaffe - You may have heard that cloud computing and Software-as-a-Service (SaaS) models can turn software technology into a pay-as-you-go utility that businesses can “plug in to” and use like electricity?

Perhaps — however, software technology is far more varied, nuanced and diverse than electricity. You don’t win customers by having better electricity than your competition. Software, by contrast, absolutely is a competitive differentiator for any business today. Companies in industries as varied as retail and finance use software at the very core of their value proposition to customers. It lets them deliver a variety of services to their customers, improve operational efficiencies, create new offerings and a lot more.

That’s not to downplay the business flexibility that SaaS can bring. Being able to “switch on” software and infrastructure delivered as a service for a metered fee can be an attractive alternative to having to build and manage your own IT environments.

However, as with all shiny new things in technology, buyer beware. Business and technology leaders alike need to understand and balance both the benefits and the risks of SaaS. With this in mind, here are five potential risks technology executives should consider about SaaS and some thoughts on how to manage them.

  1. SaaS Can Have Hidden Costs. The SaaS model typically involves pay-as-you-go, or term-based licensing, in which your organization pays monthly or annual fees based on some metrics (number of seats, number of queries, amount of data, etc.). There are certainly many situations in which this is more attractive than investing in servers, software licenses and IT manpower up front. The ability to keep cash on the balance sheet and to pay for software as it’s consumed (“by the drink,” as it were) can be helpful. For a growing business, the SaaS model lets you start small and scale up as the business becomes more successful over time. That said, don’t mistake this for “cheaper.” SaaS is not always cheaper, especially when factoring in the cost of learning and managing a new environment, and the often considerable effort of moving existing technology workloads onto a new SaaS platform. Make sure you consider all of these costs when you’re evaluating the total cost of ownership of a SaaS initiative.

  2. SaaS Can Introduce Bandwidth Issues. Moving to a cloud-based app can have a tremendous impact on your network infrastructure. There are circumstances where the data is so massive that it has a sort of “gravity” to it. The amount of data that can be transmitted over the Internet and the reliability of the network connections have improved dramatically, but it’s still difficult to move these large pools of data over the public Internet . Because of this, companies might find they need to have their compute power located physically close to the data to get the scalability and performance essential for high-profile, enterprise-grade systems.

  3. SaaS Can Accelerate the Rogue Cloud. SaaS can empower more tech-savvy business users, but it also encourages rogue software purchases. All it takes is a corporate credit card, and the business user is off and running with a new SaaS application, sometimes without consulting the technology leadership in the business. Of course, as my colleague Andi Mann has written about, this is not necessarily a bad thing and can be used to encourage skunk works innovation. But at the end of the day, the CIO remains responsible for the security, management and performance of the overall technology infrastructure. The breakdown in coordination caused by the rogue cloud adds complexity and risk to the job. I recommend investing in third-party software that helps CIOs: manage the performance of the SaaS applications; select ideal vendors based on price, performance, capability and quality of service; and secure the applications and data now seeping outside of the enterprise’s four walls.

  4. SaaS Requires a New Take on Security. The old perimeter model of walling off the data center to keep the bad guys out simply doesn’t work in a world where IT infrastructure and applications increasingly reside on public, private and hybrid clouds. When your data and compute power are scattered across the Internet, you can’t put a walled perimeter around it to keep it safe because there’s nothing concrete to put a wall around. A better paradigm: use “identity” as the new perimeter. Wherever data and applications reside, they can be locked down and secured using sophisticated identity and access management solutions that continuously evaluate and manage who is accessing systems and data. And advanced data-level encryption can be used to ensure that data— whether at rest or in motion— can’t be read by the bad guys.

  5. SaaS Has a Blindside. SaaS service providers do offer insight into the performance of their applications and platforms, but in many cases, their management capabilities are not good enough. As your organization increases its dependence on outside software resources, visibility into your technology environment’s performance could suffer. Look for management software that can help you monitor and proactively manage these critical SaaS applications across both cloud and non-cloud environments.

Businesses are reaping tremendous benefits from the use of SaaS services for a wide variety of applications, and the use of SaaS will only grow with time. Yes, it can be cheaper, faster, and more flexible than in-house implementations. But like everything else in life, SaaS is not without risks and needs a well-informed approach coupled with next-generation management and security software to ensure the benefits and mitigate the risks.

Read the original blog entry...

More Stories By Denise Dubie

Denise Dubie (@DDubie) is New Media Principal in CA Technologies Thought Leadership Group. She is charged with creating content relevant to today’s most pressing technology and business trends for industry leaders and IT professionals.

Prior to joining the company in 2010, Dubie spent 12 years of her career at Network World, an IDG company, covering the IT management industry and all of its players (including CA Technologies and its competitors) as well as high-tech careers, technology trends and vendors such as Cisco, HP, IBM and Microsoft. As Senior Editor at Network World, Dubie also authored the publication's twice-weekly Network and Systems Management Alert newsletter and contributed to the Web site's Microsoft Subnet blog. Before IDG, she served as Assistant Managing Editor at Application Development Trends, managing writers and the monthly publication's production process.

Dubie started her professional journalism career as a Staff Writer/Reporter at The Transcript, a small daily paper in Western Massachusetts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., discussed how these tools can be leveraged to develop a lasting competitive advantage ...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, presented an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He then expounded on the industry issues he frequently came up against as an analyst, and ...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
FinTechs use the cloud to operate at the speed and scale of digital financial activity, but are often hindered by the complexity of managing security and compliance in the cloud. In his session at 20th Cloud Expo, Sesh Murthy, co-founder and CTO of Cloud Raxak, showed how proactive and automated cloud security enables FinTechs to leverage the cloud to achieve their business goals. Through business-driven cloud security, FinTechs can speed time-to-market, diminish risk and costs, maintain continu...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monitoring, smart-glass, and robotic. Because of this, NTT Communications has numerous IoT business use-cases that its customers are developing on top of PaaS. WebRTC will lead IoT businesses to be more innovative and address...