I speak to alot of customers and students about “the cloud”; that all encompassing, ill defined marketing term that everybody seems to be able to use in a sentence, but unable to define when asked. Most of the discussions have to do with the various benefits of this architectural model vs. that technology platform or vendor product. Every so often though, I get asked a question that requires me to actually stop and think about the entire construct of cloud computing, and how the evolution of this technology is impacting business.
Just such a question is what I wanted to discuss with you, and in so doing, challenge you to stop and think about what you are doing, or maybe preparing to do within ” the cloud ” today. Specifically, I wanted to get you thinking about what a SaaS solution may mean to your way of consuming software today, and what it could mean tomorrow if you were to address the nine requirements that I have listed below through an integrated and coherent strategy, one that touches on these nine points and the concerns and opportunities that they represent.
Requirement No. 1: Multi-tenancy
There is considerable debate today as to whether organizations should know or even care about multi-tenancy. The truth is that multi-tenancy is the only proven SaaS delivery architecture that eliminates many of the problems created by the traditional software licensing and upgrade model, so it is valuable to know whether a provider uses a multi-tenant architecture or not. A provider should be able to answer this question with a simple “yes” or “no,” and prove its answer. Multi-tenancy ensures that every customer is on the same version of the software. As a result, no customer is left behind when the software is updated to include new features and innovations. Multi-tenancy offers distinct cost benefits over traditional, single-tenant software hosting. A multi-tenant SaaS provider’s resources are focused on maintaining a single, current version of the application, rather than spread out in an attempt to support multiple software versions for customers.
Requirement No. 2: Regularly Delivered, Vendor-Managed Updates
A cloud application is a single version of software that is regularly updated, often several times a year, for all customers. To realize the true cost benefits of SaaS, the provider should be managing all of those updates at no additional charge, and customers should be able to adopt the latest capabilities in the updates on their own timelines. Software that has to be upgraded on the customer’s own dime, even if the vendor hosts it, does not meet the requirements for a cloud application. The update vs. upgrade approach benefits both the vendor and the customer. The customer is relieved from IT upgrade projects, while the vendor can focus on what it does best, which is maintain its own software. Vendors have a strong technical understanding of the software they developed, but the on premise world requires vendors to share this knowledge with customers, which is not an easy feat. When customers do not have deep insight into the software, or have difficulty obtaining employees or contract workers skilled to work on that software, the result can be problematic and may lead to failed upgrades. Vendor-managed updates deliver continuous improvement and allow companies to stay compliant with new laws and regulations.
Requirement No. 3: Seamless Integration On-demand
Cloud applications should be built from the ground up to lower the cost, time, and risk of integrating them with existing on premise and on-demand applications. A cloud application provider worth doing business with will share the burden of integration with its customers versus leaving them on their own. Cloud providers should make an integration infrastructure and integration tools available, assist its customers with integrations, and develop a partner ecosystem that includes consultants, integrators, and other software and SaaS companies. The concept of a vendor-provided integration platform will become increasingly important in differentiating real cloud applications from those that do not meet the requirements of their customers. Any integration point is a potential failure point, and leveraging an integration cloud platform can reduce the amount of manual integration time and work required, which in turn reduces the risk of something going wrong with your integration.
Requirement No. 4: Business-Driven Configurability
Cloud computing applications should be configurable, so your IT organization is freed from costly customizations, and businesspeople can configure processes that meet the specific needs of the organization. A configurable cloud application should include a catalog of choices in business processes that are designed to meet the needs of any organization. What is enlightening about configurable software, which should offer plenty of industry standard choices, is that it becomes apparent how much time and cost has gone into customizing software just because a process has always been done that way. One of the myths of SaaS is that since it is in the cloud, it is one-size-fits-all, but that could not be further from the truth. Real SaaS solutions should not only be configurable for the company, but in different ways for different parts of a company.
Requirement No. 5: Data Centers and Security
A cloud application provider should be able to offer security and data privacy solutions that are better than what its customers can do on their own, and at no additional cost. Processes and policies should encompass physical, network, application, and data-level security, as well as full back-up and disaster recovery. The provider should be compliant with security-oriented laws and auditing programs, including Safe Harbor, ISO 27001, and SAS70 Type II. Reputable SaaS providers are proving that SaaS can be done at least as securely as most enterprise implementations, and in some cases more securely. SaaS providers must take a holistic approach to security, ranging from technical safety guards such as encryption to understanding data privacy laws and compliance, and building those safety guards into every product and process. Meanwhile, it is the responsibility of CIO’s to conduct due diligence on SaaS providers. No one should enter a relationship without thoroughly vetting the provider’s capabilities. Providers that will not allow you to engage in a thorough examination of them and their platform solutions, claiming all kinds of reasons, are the ones to avoid.
Requirement No 6: High-Performing, Sustainable IT Infrastructure
The cloud application provider should maintain a high-performance IT infrastructure, which includes the data centers and databases, operating systems, networks, and storage systems used to run cloud applications and manage customer data. It should have well documented and top notch IT operations, security, maintenance, and performance tuning processes. Cloud applications are environmentally sustainable due to the multi-tenant infrastructure in which they are delivered. Multi-tenant SaaS reduces electricity consumption, paper waste, and lowers CO2 emissions. A thousand customers, using 1000 different systems, is less efficient and more impactful on the environment than those customers all sharing the same data center.
Critical Requirement No. 7: A Predictable Total Cost of Ownership Model
There should be no surprise costs with cloud applications. Implementation costs should be predictable, and subscription-based pricing should be transparent with no hidden fees. Cloud applications should not require upfront investments in hardware and software license fees. Where multi-tenancy, a single version of the software, and vendor-managed updates all come together and really payoff is having more predictability around your total cost of ownership. There are no more highly unpredictable projects, with the most common among those being software upgrades. Such predictability lends transparency to the budget process and means you will not have to fight budget battles for unexpected costs.
Requirement No. 8: Faster Deployment
Since cloud applications do not require investments and installation of hardware and software, organizations should be able to get them up and running and productive in a fraction of the time compared with on premise software. Multi-tenant SaaS deployments are highly iterative and collaborative with the customer, and a provider’s deployment staff should be skilled down to the most minute of tasks. In a configurable cloud application environment, once the processes and training are in place, you turn it on.
Requirement No. 9: Control
Cloud applications should allow organizations complete control of their data, even though it is located off premise. While organizations are freed from application maintenance, there should be no roadblocks or bureaucracy that hinder the ability of authorized individuals to import, export, purge, and archive data to and from the application without having to first contact the SaaS vendor. SaaS providers should make it possible to have a “sandbox” version of the production environment, so an organization’s project team can view and analyze data and experiment with features and configurations before going into production. IT and business managers need to have a place where they can go in and play with the functionality without any risk to the production environment. In addition, quality SaaS providers should provide regular audit reports for their customers about the data in their applications.
- Rockin’ the CASB – What you need to know about Cloud Access Security Brokers …
- Cloud Tweaks Blog … What Do You Know About Cloud Security?
- Security Awareness @ ISC2 Security Congress 2015
- Secure the Power of the Cloud … (and get certified while doing it)
- Announcing Exchange Server 2016 Preview!
- VMware Scripting Overview – A quick look under the hood
- Checklist: Use AD FS to implement and manage single sign-on with Server 2012/R2
- Checklist: Setting up a Federation Server (ADFS) for use with Office 365 on Windows Server 2008/R2
- The (ISC)² CISSP Domain Refresh … Are you prepared?
- vSphere 6.0 is on the way !!! …. Are you ready???