Recommended Strategies for the CIO Considering Cloud Computing

Posted on April 19, 2010 by Sam Conforti

 

As many of you know, SandHill.com is the online resource created for enterprise software executives. Kamesh Pemmaraju heads cloud research for the SandHill Group and writes a weekly report on the latest happenings influencing the cloud computing community. His latest report entitled Top 5 Cloud Strategies for CIOs is based on a survey of 511 software executives. The survey deals with these executive’s perceptions of cloud computing, their initiatives, implementation issues, and any perceived benefits. His report presents the top 5 strategies CIOs should follow when considering cloud computing. I will present a brief synopsis of those findings here as follows:

1.       Treat this decision like any other business decision:  Pemmaraju simply means to look at all the alternatives and do a traditional compare and contracts analysis. Look at the ROI and weigh the risks.

2.       The cloud is coming – Embrace it: Pemmaraju quotes one executive, “The cloud will come - it's happening now even if it is coming with a lot of hype and a lot of buzzwords. It's a very logical transition - like we are going from individual car craftsmanship into the era of the industrialization of IT services.” A large amount of the survey respondents have already started trials and pilot projects to jump start the learning curve for their personnel.

3.       A sandbox spurs innovation: Create an innovation sandbox in the cloud. The drag on spending due to maintenance is lifted. This new found freedom allows IT departments to redirect efforts from infrastructure constraints to more creative ways to run the business model.

4.       Cloud computing is a furtherance of Outsourcing trend: With this in mind, Pemmaraju presents a short checklist when evaluating whether to move in this direction:

a.       Perform your due diligence and pick a good cloud computing vendor.

b.      Confirm that support levels are adequate.

c.       Obtain copies of vendor certifications (i.e. SAS 70 etc.)

d.      Is your data retrievable in your desired format?

e.      How is your data isolated and protected from others?

5.       Retrain your IT staff: As one CIO respondent succinctly stated, “The jobs of people who sit there patching thousands of servers each time there is a change—those jobs are going away.” The focus will turn from infrastructure to vendor management, and program management, and business analysis.

Pemmaraju concludes his report with an analysis of the impact open source is having on cloud computing. He states that proprietary licenses are lagging in their offerings for cloud computing and so many cloud platforms are run on top of open source stacks. This will have an effect on hardware sales as most companies will be trying to avoid the big expenditures on infrastructure.

 

 

Tags: , , , , , , , , , , , , , ,

SaaS Customer: A Checklist of What You Need to Know Before Selecting the Vendor

Posted on December 15, 2008 by Sam Conforti

 

Bahan Sadegh, CEO and co-founder of NETtime Solutions and a veteran of the on-demand software industry, has written an article with the SMB Customer in mind.  Sadegh has created a list of questions for the SMB to consider before choosing its SaaS Vendor entitled 10 Questions To Ask A Potential SaaS Vendor.  His list is very informative and it would be wise to keep handy when considering which SaaS Vendor to select.  I cannot attest to the fact that this is an inclusive list, but I will tell you that his discussion of the points he has identified gives the reader enough information to perform their due diligence and ask more questions and there really are more than 10 points to know if one includes all the “sub-points” Sadegh includes.  I will try to provide a brief synopsis of his 10 Questions below:

1.     Billing should be pay-as-you-go: We all know there is a business cycle and your invoice should reflect this cycle.  Also, there should never be any maintenance fee on your invoice.

 

2.     Security:  Sadegh has a very good list of questions to ask in this very important area.  Instead of trying to paraphrase his words, I think it best to directly quote him on this matter:

“Ask your potential SaaS vendor:

-       Does the data center that is housing the servers have physical security 24/7?

 

-       Is the perimeter of the data center secured (do guards walk the perimeter at least once per 24 hours)?

 

-       Who has permission to the access these servers (only internal employees or do contractors also have access)?

 

-       Is there a log that captures who came in and when they left? If so then how often are those logs audited?

 

-       Does the application use industry standard 128-bit encryption?

 

-       If multiple customers are housed on the same server then are they logically/physically separated to ensure your data is not viewed by unauthorized eyes?

 

-       Has the staff of the SaaS vendor who has access to your data gone through a criminal background check? It’s important to know whether or not convicted felons have access to your sensitive personal data.

 

-       Does the vendor have a formal BCP (Business Continuity Plan)? Is the vendor willing to share it with you and does it satisfy your concerns?”

 

 

3.     Solution must be web based:  There should be no requirement to install an application on any computer.     Also any SaaS application should be able to run on any platform and any browser.  In the event of a computer crash, you must have access to your application.

 

4.     An experienced vendor:  Make sure the vendor has experience in hosting.  A vendor experienced in hosting has already addressed such issues as scalability and security and is not merely repackaging their application as SaaS. (NOTE:  See point 8 below regarding MSP’s).

 

5.     Upgrades should be automatic:  You want to be on the latest version and have the most current functionality.  There should be no need to retrain your users.  The upgrades should be seamless.

 

6.     Integration:  You should have the ability to transfer between the web based applications and any on-premise applications.

 

7.     Data must be backed up regularly:  Nightly onsite back-ups and weekly offsite back-ups should be the minimum.  Does the vendor test how to restore their database?

 

8.     Who is hosting the solution:  Is this an in-house hosting arrangement or has the SaaS vendor contracted out with a Managed Service Provider (“MSP”)?  Get a SAS 70 report and verify that in the data center every system has at least one independent backup to ensure availability in the event of system failure; this is known as N+1 configuration.

 

9.     Scalabilty:  Can the SaaS vendor grow as your company grows?  Ask about their largest customer and ask them about their plans for growth.

 

10.  Is the SaaS system monitored:  An easily overlooked question.  Do they have monitoring software and do they test their firewalls?

 

Sadegh concludes his checklist by suggesting that the SaaS Customer perform a bi-annual review of their service with the above checklist in mind.

 

 

Tags: , , , , , , , , , , , , , , ,

SaaS Vendors: A Legal Checklist

Posted on December 1, 2008 by Sam Conforti

 

Due to the differences between traditional “on premise” software licensing and the newer software as a service (“SaaS”) offering, there were bound to be required adjustments on how the software customer contracted for these services.  We owe a debt of gratitude to Gene Landy with the law firm of Ruberto, Israel & Weiner, P.C. in Boston, MA.   Landy has put together a list of 8 items in his article 8 Legal Tips for SaaS Vendors that should be considered by the SaaS Vendor while developing their SaaS offering.  Including some or all of these tips in your contract may be a smart decision.  Here is a brief summary of those legal tips:

1.     Look for restrictions in your own software licenses:  As you develop your offering, do your licenses prohibit use as a service bureau or are there restrictions on remote access or use as an Application Service Provider.  You wouldn’t want your SaaS application to be in violation of any of these restrictions.

 

2.     Has your contract model evolved:  Initially the SaaS offering came in a 2 part form - first a software license and then a hosting agreement.  Today the more common contract model is to view this as a subscription and not mention licensing in the agreement.

 

3.     The Tax Man:  Your customers may be interested to know that most states do not levy a tax on services as they do for the sale of a license.

 

4.     Trials:  The SaaS Vendor could include a trial period bundled into the subscription agreement.

 

5.     Required upgrades limit the SaaS vendor’s maintenance costs:  Require customers to upgrade and eliminate having to maintain prior releases.

 

6.     Security:  It is fine to tout your security measures, but never promise 100% guaranteed data protection.  This is IT after all and you are using the internet.

 

7.     Consider SAS 70 as a selling feature:  You can provide your customers with an extra level of comfort and some of your customers may actually require a SAS 70 certification.  This is a certification performed by an outside accounting firm which attests to the accuracy and security a vendor provides.  The certification states that the controls are adequate.

 

8.     Data Breach Notification:  In the event of a data breach most states require a notification be sent out to the subjects of such a breach.  Make sure that your customers do not attempt to place such obligation upon you.  The costs could be prohibitive.

This is by no means an inclusive list, but Landy has hit some key issues. I found it very informative and helpful.

 

 

Tags: , , , , , , , , , ,