Dale Vile, originally published on The Register
Software as a service (SaaS) promises a lot but many are still nervous about relying on it for business use. The concerns we hear most centre on security, privacy and operational risk. The first two are the most important and we will be covering these later in our workshop. In the meantime, we will start by considering operational risk.
Ensuring that the IT capability required to support the business is available when needed involves managing resilience, recoverability, performance and access. Communications play a big part here, given the reliance of hosted services on a quick and stable network connection. It also involves disciplines such as systems integration, application performance management and data protection. Requirements such as service level management and end-user support are also key to keeping things running smoothly.
Not all hosted services are alike. Few would question the performance and scalability of services from megahosters such as Google or Microsoft or global business service providers such as Salesforce.com and Netsuite. These players offer infrastructures with serious muscle. At the other end of the spectrum, among a huge community of smaller niche providers, are SaaS services operated on a shoestring. The best you are going to get here is good intentions as they struggle, for example, to compete for limited resources at peak times.
How well providers manage availability also varies. With the little guys you are more likely to have to put up with downtime during maintenance and upgrade of their infrastructure. The larger players can make in-flight modifications without service interruption, but in terms of unplanned downtime, they too can be called into question. The press is quick to pounce on major outages, reinforcing the general impression of customer vulnerability.
Is such trial by media really fair? The truth is that the downtime experienced with hosted services is often less than for in-house systems. We know from reader research that these are often not as robust as they could be. This is not surprising when we look at the shortfall of protection measures in place, even for systems as fundamental as email.
Whether it’s failover or recovery, as we are looking at here, or protection from data loss or corruption, the gaps translate to tangible business risk. And the underlying cause is the cost pressure that all too often leads to risk and resilience measures being cut or deferred. If you are lucky, these measures get implemented as an afterthought, which is better than nothing. If you are unlucky, a disaster happens before the risks are taken seriously and the gaps are plugged.
A well-designed hosted service, on the other hand, is much more likely to have had business-class operational capability baked into it from the start: resilience and recovery measures as well as resources, skills and processes.
One conclusion to be drawn from this discussion is to avoid making assumptions about the operational risks of hosted services. What’s true in one instance may be quite different in another. Another is to consider the on-premise alternative. No solution is perfect, and a hosted alternative could be many times better than could be achieved in-house.
Of course, as well as performance and availability, there are other risk factors such as security and privacy to consider. So if you have experience of how reliable or otherwise hosted services have proved to be in your environment, then let us know. Success stories, sob stories and horror stories are equally welcome, as are tips and tricks to help others avoid the pitfalls.