Archive for Software as a Service

PART I – Compliance: The false comfort of data center audits for cloud services

// July 22nd, 2010 // No Comments » // Cloud Computing, Software as a Service //

Compliance and the cloud
Compliance is one of the most common sources of stress a company faces when moving solutions into the cloud. It’s a complex and arcane topic to begin with. When the inherent reduction in control that comes with outsourcing an IT service to the cloud is added, FUD (fear, uncertainty and doubt) can easily derail even the most carefully planned project.

Unfortunately, many of the cloud services vendors in the marketplace do more to add to the confusion than to address the very real compliance needs organizations face. My intent is to shed some light on this issue over the course of several posts. I’m also going to try to provide actionable advice that both IT and audit teams can benefit from when evaluating cloud-delivered solutions like SaaS, IaaS and PaaS (Software, Infrastructure, and Platform as a Service, respectively).

We all have needs
First, let’s define the needs of both parties. As outlined in part one and two of this series, these are the Wild West days of the cloud when thousands of vendors are driving a land grab for new business. Within this landscape, vendors both large and small are often motivated by:

  • Mind share – The ability to gain consistent coverage by press and analysts. Cutting edge is sexy. When there are no clear leaders, the desire to create the perception of leadership is often considered an end unto itself.
  • Market share – The ability to demonstrate growth, ideally at a rate higher than the competition. Within the land grab of an emerging market, capturing new business is often considered more important than profitability and customer retention.
  • Cost Reduction – The ability to lower start-up costs. Although there is general consensus that the convergence of both technical and cultural trends we call “cloud computing” has huge potential, no one can guarantee that it will grow as rapidly as the analysts predict. Within an immature market, it’s often easier to lower costs than increase sales.

Today’s compliance landscape is very complex and constantly changing. Corporate initiatives could be driven by federal regulatory mandates, state laws, demands from business partners or even as a response to events on the nightly news. Yet, the compliance needs of a company that has chosen to outsource an IT solution to the cloud are deceptively straightforward. Stated broadly, they need to have transparent insight into:

  • Scope – The ability to determine what business and technical objectives the vendor’s compliance program does and does not meet. Will the employees working with my data ensure that it remains private and secure as required by HIPAA? Do they have a password policy that addresses complexity, rotation and storage like our internal policy does?
  • Quality – The ability to determine if the vendor’s policies and procedures adequately address each objective. Maybe they have a password policy, but it states that a password can be four alphanumeric characters, is only rotated on leap years, and advises employees to write their passwords on a post-it note to ensure they never forget it. The point is that a customer must have some assurance that a policy not only exists . . . but that it’s commonly accepted as an “adequate” or even strong policy.
  • Execution – The ability to determine if work performed by the vendor’s employees and subcontractors complies with their policies and procedures. If the vendor has strong policies that no one follows, they’re not delivering much value to their customers.

In my next post, I’ll look at a pitfall disguised as a solution that goes by SAS70.

Please consider signing up – by e-mail or RSS – to get new posts from me and my fellow bloggers delivered automatically to your inbox. If you find our pieces intriguing and/or enlightening, please encourage your friends and colleagues to check us out. And if you have ideas for stories or ways to make this community better meet your needs, please let us know.

Bookmark and Share

PART II – Hyperbole in the cloud: Welcome to the Wild, Wild West

// July 14th, 2010 // No Comments » // Cloud Computing, Software as a Service //

Last time I started to lay the groundwork for my argument that cloud computing has a very bright future. Picking up where I left off, here are several more technical and business trends that, when combined, create the basis for a new generation of computing solutions that solve real-world problems. In no particular order, these trends are:

Ubiquitous Internet access
I started my career in the early phases of the dot-com era. I remember fantasizing about the day when everyone could have his or her own T1 line. Well, those days are here. Within the past 10 years, the total number of global broadband users has grown 400% and now represents 30% of the world’s population.

Bandwidth costs have also steadily declined and, thanks to the explosion in mobile technology, you can even carry it around in your back pocket! The movement of data to and from the cloud would not be possible without this readily available and affordable network capacity.

Outsourcing
Although outsourcing call center and manufacturing work overseas represents the majority of U.S. press coverage, outsourcing actually comes in all shapes and sizes. The overarching principle is simple. Your company should do what it does better than anyone else and outsource the rest to specialists.

When implemented successfully, outsourcing allows an organization to focus on its core competencies, increase customer satisfaction and lower costs. Its expanding use has created the environment in which companies are comfortable with the idea of moving their data and applications into the cloud.

Global markets
Because of the recent financial crisis, we’re all aware of how interconnected the global markets are. However, this extends well beyond the sale of commodities and securities. Every major industry within our economy faces competitive pressures both domestically and abroad. To remain viable, organizations must increase the rate of innovation and aggressively drive down costs.

This hyper-competitive landscape has created demand for cloud computing. In addition to the potential cost savings I’ve already outlined, cloud delivery lowers the risk associated with more frequent product release cycles and expansion into new geographic regions by lowering up-front investment costs.

Mo’ better data
We really are living in the information age. IDC estimates that the amount of digital data increased by 62% from 2008 to 2009 to a total of 800 billion gigabytes. By 2020, they project this to increase to 35 trillion gigabytes. If this information was written to DVD and placed on my desk, the stack would reach halfway to Mars.

Translating this data into information and knowledge is a challenge every modern business faces. As the volume of data increases, so does the amount of computing power required to store, process, catalogue and manage it. This tends to increase our reliance on this information, which, in turn, also increases the cost of data center downtime.

Clouds represent an efficient way to meet these challenges. Capacity can be dynamically provisioned to account for fluctuations in data processing demand. In the event of a problem, applications and data can be relocated to maintain availability.

Every cowboy needs a sidekick
Just like in the old days of the Wild West, the rules are being made up as we go along and the terrain is difficult to navigate. Although I won’t pretend to have all of the answers, the intent of this series of posts is to highlight common misconceptions, pitfalls, and hyperbole within the cloud computing marketplace so that companies can make more informed decisions. I hope you find it to be practical, informative, and thought provoking. I encourage you to share your own thoughts, experiences and opinions as we go along.

Bookmark and Share

PART I – Hyperbole in the cloud: Welcome to the Wild, Wild West

// July 9th, 2010 // No Comments » // Cloud Computing, Software as a Service //

The state of the cloud
It’s hard to find a technology magazine, blog or portal today that doesn’t contain some article or advertisement for cloud computing. It’s even on the evening news!

All of this excitement is for good reason. The migration of computing capacity from private corporate networks to shared public clouds represents a huge opportunity to make IT departments more responsive to the businesses they support. New technology solutions can be deployed more quickly, additional capacity can be added to existing systems “Just in Time” (JIT), and unneeded capacity can be removed before the next billing cycle begins.

The ability of cloud hosting providers to meet demand for heterogeneous technology solutions using a generic pool of computing cycles also promises to dramatically lower costs for companies of all sizes. Computing capacity appears to be nearly unlimited, and customers only pay for the resources that they use.

The analysts certainly agree. In a recent study, Gartner predicted that cloud computing would grow from $58.6 billion in revenue in 2009 to $63.8 billion in 2010. By 2014, the global cloud computing market is expected to be an impressive $148.8 billion. That represents an annual growth rate of more than 16%.

A modern land grab
But the cloud is not limited to silver linings. In fact, there’s a lot of vapor up there. This is an immature market that has just completed its second wave of incubation. There are no clear leaders yet. Literally thousands of startups and established vendors are vying for their piece of the pie. Commonly accepted standards, operating procedures and legal precedents don’t exist. We’re effectively witnessing a virtual land grab, not unlike the Western expansion experienced in the 19th Century.

A point of convergence
It’s easy to be skeptical about such glowing predictions. Indeed, no one – not even Gartner, can reliably predict the future. However, I personally believe that the cloud computing services trend is real. The most compelling evidence at my disposal is the observation that cloud computing isn’t a single product or even a specific service. Rather, it the convergence of several technical and business trends that, when combined, create the basis for a new generation of computing solutions that solve real-world problems. In no particular order, these trends are:

Virtualization
Simply put, the cloud would not exist without virtualization because it allows the cloud to scale efficiently. Virtualization is what transforms a server from a single-tenant platform dedicated to a single purpose into a generic set of computer cycles that can be consumed by anyone to accomplish anything.

Gartner predicts that 60 percent of server workloads will be virtualized with an average density of 10 servers per physical server by 2013. That equates to 5,708 new virtual machines being created each and every hour of every day. They also predict that this workload will be achieved using only 10 percent of the total number of physical servers sold within the same timeframe. In other words, 60 percent of the world’s computations will be accomplished using only 10% of the physical server capacity.

In my next blog post, I’ll share more trends that are leading to new computing solutions.

Questions or comments in the meantime, I’d love to hear from you.

Bookmark and Share

SaaS solutions: the answer to meeting “meaningful use” requirements in healthcare?

// June 14th, 2010 // 1 Comment » // Cloud Computing, Healthcare, Software as a Service //

Software as a Service (SaaS) is a popular topic on the blog lately.  So, it seems like a great time to piggyback on what Jacqui Conn and Terri Jones had to say about it – but, from a healthcare software perspective.

A hosted software model isn’t new in healthcare, or any industry for that matter.  Providers from community hospitals to physician practices have already seen the benefits. Minimize IT staffing and support. Avoid the costs of equipment, servers and other necessary hardware. Identify budget as an operating expense instead of a larger, capital expense. Accelerate deployment.    

Let’s take a look at faster deployment times. Right now, this is the key to why SaaS is so important to healthcare. And it all comes down to two words: meaningful use.

As part of the HITECH Act in ARRA, healthcare providers are now required to meet certain standards, not just based on what technology they use, but also how they use it. We already discussed why ECM or document management is a critical technology piece in answering this “how they use it” part. But here’s the catch – these “meaningful use” requirements aren’t just about the “what” or the “how” – they’re about the “when.” The federal government has set a deadline for the requirements to be met – 2011.

HIMSS "meaningful use" pumpkin analogy

Photo credited to Neil Versel’s blog with the original source as Pat Wise of HIMSS.

That means that providers must have the people to research, choose and implement a solution, the hardware to support it and the budget to do these things – all within a limited time frame. For an on-premise solution, this would certainly be a challenge to get done, and get right. But not for SaaS.

Because SaaS solutions boast short start-to-finish deployments, they might be the only way for some healthcare organizations to get up and running in time for the deadline.  They also answer the budget, staffing and hardware issues – a rent-like pricing model and outsourced staff and servers to manage the data.

But despite the obvious potential of this deployment option, I have yet to see SaaS mentioned in the same article – let alone the same sentence – as “meaningful use.” At the same time, the major healthcare providers and associations continue to suggest that the deadlines are too restricting to meet. And maybe they are. But one thing is absolutely-without-a-doubt too restricting – limiting software to a single deployment option, and not even considering one that might make more sense – SaaS.

Bookmark and Share

The cloud in government? It might be the best way to make document management software happen

// June 3rd, 2010 // 1 Comment » // Cloud Computing, Government, Software as a Service //

I really enjoyed Jacqui Conn’s thoughts on software as a service (SaaS) and IT security. It brought me back nearly a decade to a time when, as an IT director, I stood in the way of just such a proposal for government software…as a service.

My state had selected a vendor. Their task: produce a portal website and provide far away servers – servers I did not control – to store documents and data about the people we served. Security was never discussed. I’m pretty sure we were supposed to blindly trust that they would manage it “correctly.”

Even scarier, their pricing was by the document. Not a bad strategy when you’re trying to start a business with government as your target market! But needless to say, I did not sign up my agency.

Times sure have changed. Clouds have moved in over Washington, and not just because of midterm elections. President Obama has begun an IT initiative to move the use of SaaS into the federal government realm. But that’s federal. Should state and local government consider SaaS?

Yes! (If you need more information on the security part of the decision, Jacqui’s article is a great reference).

So how can government’s unique mission be served by a SaaS model?

Let’s use the example of enterprise content management as SaaS. If I can 1) offer improved public access to documents and services through a website, plus 2) cut the costs of storing and retrieving documents that my staff uses every day, I have just pushed my agency ahead technologically – without bearing the costs of staffing the deployment or purchasing the capital equipment to power it. And all of this is accomplished just by sharing server and staff costs with other customers through SaaS. This is budget brilliance because you are getting more for less!

Think you might want to have the technology in-house someday? At least one ECM vendor has even worked out the ability to assist its customers to move their solution in-house. This way, the solution you start as SaaS can be brought into your agency or department, if, of course, that makes sense for your staff and technology initiatives (or your improved budget).

But how does it match up with the mission of government?

Last time, I wrote about the need to put our increasingly smaller government workforce where it counts the most…and that is not moving paper files around. What if the SaaS model allowed you to do just that?  The cost structure it provides allows you to move forward with – you guessed it – those IT investments that get rid of the paper and manual processes. Mission accomplished.

Sometimes you live long enough to change your mind. And I have, especially in this time of difficult budgets. Because if the price is appropriate, if the security is there, if the functionality matches the need and there are vendors with proven ability to deliver these solutions, why wouldn’t I consider it?

Government is never asked to do less, they are asked to do more with less. A SaaS option could meet this challenge.  And, to take it a step further, the SaaS model coupled with the cost-saving effect of enterprise content management may just be the right combination to position your agency for maximum staff efficiency and citizen service.

Bookmark and Share

Software as a service solutions and IT security: (Potentially) a match made in heaven

// May 13th, 2010 // 3 Comments » // Cloud Computing, Software as a Service //

I had a few minutes the other day to peruse my backlogged library of articles (you know – the ones you put away until you can get your head above water long enough to catch your breath) when an article about SaaS and cloud services security in the government sector caught my attention. 

 The reason I did a “wait just a minute” on the piece is that the hot topic in our SaaS/cloud world is security, especially when it comes to content management and ECM SaaS solutions.   

We all know that our data – personal and business – is stored somewhere, and a lot (if not most) of it is accessible via the Internet. And, we’ve all heard a horror story (or two) about security breaches. Definitely scary stuff.   

So, when looking at security from a business perspective, here are a handful of questions to ask yourself – or to add to your RFP/RFI – if you’re in the market for a SaaS solution provider. And even if you already have a SaaS ECM solution provider, they should be able to answer these questions – and answer them with a “yes!”    

  • Is the data center where your data is hosted SAS70 II audited? In researching your SaaS solutions, this question should be asked by someone in your IT department. In fact, this audit is so comprehensive that, in our conversations with IT management, just mentioning this compliance level calms a host of security concerns.
     
  • Is the backup location compliant, too? Pop quiz: If the primary (production) data center is compliant, does the secondary (backup) data center need the same level of compliance?  Answer: Yes!
  • Does the hosting provider’s processes, infrastructure, etc. undergo an independent audit, defined by either ISO or SysTrust standards?”
  • Does the SaaS provider perform their own internal security audits on a regular basis? Can they provide documentation to you upon request?
  • Does your SaaS ECM provider give you the opportunity to engage a third-party vendor, such as SecureState©, to perform your own audit against the solution? Yes, this may be an additional cost for you. But your provider should be open to letting you look “behind the curtain” of your ECM SaaS solution.

While there are plenty of other questions you could ask, the bottom line is this: SaaS ECM solutions are as secure as any on-premise software when they’re done right. And in many cases, as the article pointed out, they might even be more secure (hence the title of this post). After all, who would you rather have implement software for you? The company that developed it, or a government agency or department?

Bookmark and Share

On-Premises vs. SaaS; Manual vs. Automatic

// January 20th, 2010 // No Comments » // Cloud Computing, Software as a Service //

Recently, a local software company in a non-competitive industry approached me to get my opinion about SaaS, and the strategic importance of developing a SaaS product plan.

It was the first time in a long time that I even thought about that question. In fact, last week, I celebrated six years of running the SaaS offering for Hyland Software. Since then, while I have defended and evangelized the SaaS approach, I had not really thought about the go/no-go decision.

If you read the analysts and journalists, more and more, SaaS is growing. There are lots of technical reasons for that, and a number of business reasons, too. But most of all, I think it comes down to meeting the needs of the prospective customer.

Customers want choice; the debate as to which is best is based on each customer’s specific and very unique need(s). With hosting/SaaS/The Cloud, technology is allowing software vendors to meet the needs of more prospective customers. In the coming years, I sincerely believe that those that do not offer a SaaS/Hosted solution will not survive.

An interesting parallel could be made between auto manufacturers offering standard and automatic transmission. No matter which you personally feel is better, each customer will make the decision based on their own needs and desires (and some are passionate about their preference). For an auto manufacturer to not offer a choice limits their ability to serve prospective customers.

Interestingly, automatic transmission was NOT the popular option when it first came out.  There was limited manufacturing in 1904, but it was not readily adopted by consumers (similar to the failed Applicatio Service Providers (ASP) from the last millennium). Drivers liked their manual transmission because that is what they were used to.  Even after technology advances and the cost efficiencies of mass-production in the 1940s and 1950s, automatic transmission was included in a minority of cars sold to the public.   It was not until a new generation of drivers hit the road from the 1960s to the 1980s that automatic transmissions really took off.  Fast forward to today, and 80%+ of all cars are automatic transmission.

As is often the case with something that is “new” or “different” (like automatic transmissions), SaaS adoption has not exploded overnight…though we have seen solid, steady growth over the past six years.  However, I expect SaaS will become eventually the IT equivalent of automatic transmissions. As the technology evolves, as  more people see the advantages and as a new generation of IT leadership hits the workforce, more customers will want to utilize SaaS/Hosting/The Cloud.  The once new, unfamiliar territory of SaaS, in my mind, will eventually be the choice of the majority.

Bookmark and Share
Page 2 of 212