Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

Related Topics: @CloudExpo

@CloudExpo: Article

SaaS and the Comeback of Blind Faith; Know Before You Subscribe

Running your business on SaaS applications shouldn't put your company at risk

Software as a Service (SaaS) continues to change the face of computing especially for the small and mid-sized company.  With SaaS offerings the small office is able to take advantage of enterprise class solutions for customer management, time tracking, accounting as well as thousands of other applications. Although there is much fanfare around the benefits of SaaS, there isn't much talk about the lack of delivery standards or certifications.   Choosing a quality SaaS application requires a bit of investigation.  The wrong choice can put your business at risk.

Here is the scenario.  A small business owner performs a search on Google for accounting software.  Right there at the top of the screen in a nice colorful outline is a pay-per-click ad for a SaaS solution.  After following the ad and being impressed by the nicely designed website and inexpensive subscription, he signs up for an account.  Over the next few weeks he moves all of his business into the solution, starts to invoice customers online and rely every day on the solution to keep his business moving.

A month goes by and the promise of SaaS holds true for the small business owner.  But one morning he attempts to log into the application without success.  He contacts the providers technical support and receives a standard message that says that there was an equipment failure and the company is working on a recovery....

In this scenario, what happens next?  For most SaaS subscribers there is a blind faith that the vendor understood the value of their data and will be able to quickly resolve the problem.  Unfortunately there is no standard of care when it comes to SaaS applications and their data.  Some vendors may have the resources to continually stream data off site and keep a secondary system at the ready.  But other less sophisticated SaaS vendors may not have implemented programs sufficient to recover data loss.  Although you don't hear about catastrophic failure very often it does happen.  Just look at the case of Ma.gnonlia back in 2009, the data was lost and the site went offline.

To combat the blind faith requirement,  SaaS subscribers must demand more information from the providers.  They must demand transparency in service delivery and as well as a minimum acceptable standard of care for data.

For vendors, addressing the transparency issue is rather straight forward assuming there are policies and procedures in place to deliver a high quality, reliable SaaS service.  Vendors can add a Statement of Operations  to their websites.  This statement can live along side the privacy statement and terms of use.  The Statement of Operations should tell the subscriber the frequency and breadth of backups.  It should describe an ongoing program to run recovery drills to validate backup usability.  It should describe how the availability and the performance of the application is being monitored.

The more difficult task is to call upon the industry to define a minimum standard of care that helps to ensure the security, reliability and recover-ability of customer data.  Today, ask four different vendors the minimum acceptable window for data loss and you will receive four very different answers ranging from zero to days to weeks.    Turn that around and ask four small businesses and I'm confident the answer will be the same across the board that no data loss is acceptable.

In the end SaaS vendors are in business to make a profit. And they only way they can do that is to keep customer data safe and secure.  But oversights do happen and technical failures are still commonplace.  A statement of operations is only as good as the implementation of the policies it describes but it's a step in the right direction.

The next time you are ready to subscribe to a SaaS offering, ask the vendor the question - Where is your statement of operations?.  Ask them where they document their service delivery, data backup and disaster recovery policies.   If the vendor doesn't publish the policies then don't purchase that subscription.  Seek out another provider that will guarantee you a standard of care that your business (i.e., life's work) can live with.

More Stories By David Abramowski

David Abramowski is a technologist turned product leader. David was a co-founder of Morph Labs, one of the first Platform as a Service plays on AWS. He was the GM for Parallels Virtuozzo containers, enterprise business, and most recently he is the leader of the product marketing team for the IT Operations Management solutions at the hyper growth SaaS company, ServiceNow.

IoT & Smart Cities Stories
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...