Our digital lives are predominantly spent online. Almost gone are the days of .exe files and installers; most programs run in the browser now. Low-cost streaming services make the offline hoarding of music and movies pointless. Our need to have access to all of our files from all our personal and work devices and all our future devices doesn’t allow us to just stay with our offline Word 2000.
Devices are a commodity, cloud hosting is a commodity, and software-as-a-service is what organizations predominantly opt for.
Still, a significant number of mid-market and enterprise companies have to satisfy strict compliance, privacy, security and business continuity rules before committing to a software that is not on their own servers.
Below is a list of the benefits of software-as-a-service (SaaS) products and recommendations of how to mitigate any risk related to them.
Processes you don’t need to take care of with SaaS
SaaS-providers are responsible for a number of processes and tasks that customers don’t need to take care of anymore:
- Hardware setup, maintenance and replacement
- Network maintenance
- Server management
- Storage management
- Virtualization processes
- Operation systems
- Running environments
- Application Setup and Settings.
Benefits of SaaS
By outsourcing these activities to specialized companies, several major savings and improvements can be achieved.
- Cost-efficiency – you only pay for what you use
- Smoothing out of expenditures – you don’t have a large, upfront, capital investment
- Auto-scaling in times of peak traffic
- Improve time-to-market by agile development practices like microservices
- Setting up new instances of the application (e.g. for new projects, new users) is much faster
- The overall cost-of-ownership is reduced and the overall agility of a team is increased
Other chores you don’t need to take care of anymore:
- You don’t need to take care of planning, scheduling, implementing software upgrades
- You don’t need to divert IT resources for testing the new upgrades or software patches
- The risk of budget variability is drastically reduced
- The time developers need to work overtime on unforeseen emergencies are also significantly reduced.
Still, what are the main risks with SaaS and how to minimize them?
Data integrity, security and privacy
- Make sure your provider has Point-in-Time-Recovery backups enabled -a standard for Google Cloud and AWS.
- Offsite backups - Usually more expensive but if you have a significant amount of critical data changing frequently in the cloud, you may want to diversify how and where it is backed up. With an offsite backup you can have an almost real-time version of your data on your own servers.
- Especially for critical data you need to make sure data is encrypted in transport (both ingress and regress).
Support and system availability
- Service Level Agreements (SLA) for Uptime - modern software is a chain of dependencies. Your customers depend on you, you depend on your SaaS providers, they depend on their infrastructure providers. An SLA for Uptime is a coordination mechanism and a reliability insurance.
- Service Level Agreements for Support - although modern SaaS companies are usually responsive to all of their users’ support requests, mid-market and enterprise customers need to ensure a hot-line to their technology providers. It is much cheaper to pay a bit for your problem resolution than to hire a full-time engineer (sysops, etc) taking care of maintenance. Also, having the ear of your vendor means you can gently nudge for features you want to see in your solution soon.
- Content Caching - even the largest infrastructure providers have outages affecting significant parts of the Internet and the SaaS solutions hosted there. Caching content allows you to hedge against availability glitches.
- Companies rise and fall all the time, so having a worst-case plan of action is important. Source code escrow clauses in your contract make no sense with SaaS. Code is written and updated daily, so a flash drive in an Escrow agent’s drawer won’t do the trick. One good solution is to contractually arrange for a migration of both the application environment and the data to some sort of dedicated infrastructure in the cloud. This dedicated instance will temporarily be maintained either by the customer itself, or a software agency hired for the purpose.
- A vibrant partner community around SaaS providers of critical systems is a good insurance.