AdSlot 1 (Leaderboard)

Special feature: Every cloud – the increasing importance of cloud computing

Software-as-a-Service (SaaS), which gives companies access
to commercial applications delivered by third-party providers on the internet
‘cloud’, is now big business and getting bigger every day. Over the past year,
SaaS deployments globally have grown significantly, across North America and
Europe adoption in large enterprises grew 33% and adoption in the small and
medium-sized business market grew 50%, according to a survey from Forrester.

The analyst firm found that HR applications, collaboration and CRM are the
most popular choices for delivery as a service. Human capital management
applications were the most widely-used SaaS technologies, deployed in 45% of
companies. Other SaaS applications used by more than a third of respondents were
collaboration software (38%), CRM software (36%) and order management software
(35%). There are also increasing instances of multiple SaaS application usage.

Liz Herbert, senior analyst with Forrester, says that growth in SaaS adoption
is being accompanied by a shift in the type of applications that are being
delivered. Companies that have been running relatively low-level applications as
services are increasingly considering the model for delivery of more
mission-critical functions.

“As companies increase their usage of SaaS applications and deploy them for
more mission-critical functions, they must be more prudent about their contracts
with providers. Sourcing departments should take the initiative to help with
best practices for negotiating the growing numbers of SaaS contracts,” says

“Key considerations include data ownership, systems uptime and performance
expectations, backup and recovery and support. Sourcing departments should also
take responsibility for keeping repositories of contracts and tracking
application usage so they can be more successful in future negotiations.”

Taking ownership
The importance of securing ownership of data was echoed by Clive Longbottom,
service director at analyst outfit Quocirca. “Data is king and this means, first
and foremost, intellectual property must be safeguarded. Firms need to have a
‘Plan B’ in mind and ensure they have a storage device they own and control ­
either in their own buildings or offsite ­ that holds their data. They must
always have their data mirrored onto a machine that belongs to them and not to
the SaaS partner, which may fail in the future.”

Herbert says Forrester clients often ask whether shared architectures and
internet delivery put their sensitive data at risk. According to Herbert this
should not be a significant concern if companies ensure basic safeguards are in
place. “Vendors must take appropriate steps to ensure strong access rights, data
security and physical security in the data centre. Leading firms are getting
certifications such as SAS 70 Type II to prove their security to prospects and
customers. Smaller vendors should partner with leading hosts to ensure physical

According to Longbottom, companies that do not have technology as their core
competency often find that outsourcing even mission-critical applications to
SaaS partners offers compelling advantages. “The simple answer is that the SaaS
model is ready to support mission-critical applications. However, the caveat is
that companies must choose carefully which applications can be delivered in this
way and also which partner is best placed to deliver them.

“In security terms, a professional IT provider should be better positioned
and have a state-of-the-art infrastructure with very high levels of data and
physical security. Security needs to address technical issues, but also physical
factors such who has access to the physical machines hosting data. This is an
area where many companies do not address well internally.

“In terms of reliability, companies must look at what levels of uptime they
have with existing systems and compare these with the uptime guarantees offered
in the SaaS provider’s service level agreement (SLA). Do not just assume that
existing reliability levels are adequate; find out what they are and compare
them to the SLA.”

Security concerns
Dave Armstrong, Google’s head of enterprise marketing in Europe, the Middle East
and Africa, believes concerns over the security and reliability of
mission-critical applications are rapidly being assuaged. “With cloud computing,
we are at a point similar to when people started realising their money was safer
in a bank than under their mattress.

However, the benefits of cloud computing will not be realised if businesses
are not convinced of its security,” he says.

“Trust is at the centre of success and providers have to prove themselves
worthy of that trust if hosted services are going to work. That’s why security
is one of the most important factors we consider when we develop products that
handle a lot of personal and business data.”

But far from being a concern for enterprises, the SaaS model can improve
application security, according to Steve Farr, product solutions marketing
manager at Microsoft: “With SaaS, businesses can be bolstered by adding extra
security and data backup on top of their existing IT infrastructure. At a time
where the security of business data is paramount, SaaS offerings can ensure a
more sophisticated and reliable level of data protection.

“The challenge of working on mission-critical applications in the cloud is
that users have to rely on an online connection, which can’t always be
guaranteed. As such, future development in the cloud will depend on the ability
to work both online and offline,” says Farr.

However, Rhys Sharp, chief technical officer for systems integrator SCC,
points out that, although overall SaaS adoption is relatively strong, some of
the newer services have yet to break through as serious mainstream business

“The more challenging part of the equation is the emerging environments from
organisations such as Google, Amazon and Microsoft’s Azure platform. These are
less mature and people are only just starting to work out how to use them, so
it’s true that widescale adoption is a little bit away. Even then, I think it
will only be six to 12 months before those environments become fully mature and
everybody understands the cost model associated with them,” says Sharp.

“In companies where commodity components are already being outsourced, the
day-to-day business transactional functions are still frequently being retained
in house, so we could be 10 to 15 years away from large companies pushing all
their technology requirements into the cloud. The process is already underway,
however, and in many smaller companies we are already seeing the demise of the
internal IT department as a result,” he says.

Choose carefully
Robert Whiteley, vice president and research director at Forrester, says, “Your
selection of SaaS solutions must begin with an understanding of the business
capabilities you need to provide and any financial, procedural, regulatory, or
other constraints on the decision. Once you understand what you hope to gain
from an SaaS deployment, make sure you vet potential vendors with an eye toward
your priorities.

“Without active IT guidance, business units can rush into SaaS deployments
that work well for specific functions but require large IT investment to
integrate. Instead, spearhead the due diligence required to find a solution that
addresses business needs without neglecting IT concerns.”

Google’s Armstrong shares these concerns, but points out that moving to a
cloud computing model requires FDs and other senior business decision makers to
change the way they manage IT. “More than anything, the hosted model provides a
stimulus for innovation and when you’re breaking new ground, businesses and
their users have to trust the internet and their service providers if they want
to bring flexibility, choice and innovation to their organisation,” he said.

“This entails changing the way they manage enterprise technology. Previously,
enterprise technology was highly predictable, but also highly siloed and
controlled. The inevitable paradigm shifts in IT were more disruptive since the
ability to quickly implement new changes was not there.”

However, Twiggy Lo, principal research analyst at Gartner, is less upbeat
about the current value of SaaS. “Hesitation over the true cost of SaaS
solutions and concerns regarding how successfully SaaS applications can be
integrated with other applications all point to issues that will need addressing
and resolving,” Lo says. She thinks providers will need to focus on reducing
costs and facilitating easier deployments that can be integrated into
“real-world” corporate IT systems which typically include a variety of
technology systems.

SAAS checklist: put due diligence first
As companies increase their use of SaaS across multiple applications, larger
populations of users and more mission-critical applications, due diligence
becomes even more crucial during provider selection, warns Forrester. According
to the analyst group, businesses should ensure they cover the following areas:

Security, backup and recovery – ­ Find out where data is
physically hosted. It is advisable for some to have their own security teams to
do physical audits. Check for compliance with emerging SaaS security standards
such as SAS 70 Type II. Ask your SaaS provider if it has data physically backed
up at a second location, about the frequency of backups and how long it would
take to restore your data and the application in the event of a problem.
Integration and customisation capabilities – ­ Some SaaS
buyers get into trouble because they do not thoroughly evaluate integration or
customisation capabilities at the time of purchase. They later go to IT with
requests that the application simply cannot support.
Pricing, SLA and data ownership considerations – ­ Companies
often forget about contract terms such as uptime considerations, payout for
unplanned downtime and helpdesk or support expectations. It is up to the
sourcing team to ensure such oversights do not occur. Also, detail expectations
around price, such as a percentage cap on renewal rate, increase at the end of
the contract. Finally, make sure you are clear on any costs associated with
getting your data back at the end of your contract and fees associated with
terminating your contract early.
Source: SaaS Clients Face Growing Complexity, Forrester

Related reading