31 January 2008

SaaS - Software as a Service

Recently I was introduced by someone to the term SaaS or Software as a Service. It was presented as a "revolution" in the means of providing software to SME's.

Being the eternal cynic my views are
- Yes it is a new term;
- No it is not a new idea!

SaaS is basically the 1980's concept of timesharing provided by the likes of GEASCO (or was it GSISCO) during the late 70's and early 80's, but revamped to use the internet/web. The web replacing the dedicated BT telephone lines that timesharing used. Which is why in the 70's/80's it was a preserve of larger organisations who could carry the cost of the dedicated lines. With the advent of cheaper mainframes. midi's and PC's from the late 80's onwards, timesharing faded away.

Yes SaaS does allow software to be used without the headache of maintaining a system/server and it can be an economic means of using such software. But there are hidden dangers to this approach. Dangers that are very rarely addressed by the salesperson for the SaaS provider and often ignored or overlooked by the company using the SaaS system.

These dangers can be highlighted by answering the following questions:
- what happens if you loose internet connection for an extended period of time?
- what happens if the SaaS is continually attacked by a Denial of Service?
- what happens if the SaaS provider goes belly up?
- what happens if a rogue/disgruntled employee has a whole night to corrupt your data before you can contact the SaaS provider and get them barred?

The answer is simple - you cannot get to or rely on your company data!
How will this effect your company?
For most companies it would be a disaster that could at the extreme force you to go under.

Are such extended periods without access to your data likely?
Well the IT news of to-day is about the internet lines to India and the Middle East being severally disrupted due to a broken cable carrying internet traffic between Europe and Asia.

This is the crux of the problem - such downtimes/disasters cannot be forecast.

It reminds me of a situation that occured at a company I worked for in the mid 80's. It was moving from timeshare to an in-house system, with the new mainframe servers being based in the north of England some 200 miles away. Everything was set up, tested and ready for the switch over. On the morning of the switchover after a couple of hours of being live, a builder in a JCB outside the new server building decided to dig a trench and went right through the comms. cables ripping them out of the ground. It took 2/3 weeks to re-instate the cables delaying the switchover by a month. Luckily for the company it could immediately switch back to the timeshare provider to allow its business to continue. If this builder has done his trick several weeks later the switch back would not have been an option and the company would have suffered untold damage to its reputation and business.

Of course, this is why Disaster Recovery Plans are so important, no matter what size of company you are, having a Disaster Recovery Plan is essential.

Do you as a SaaS user have a Disaster Recovery Plan for your data stored at the SaaS provider? Plans and data that are independent of those provided by the SaaS provider.

With your own PCs/server it is relatively easy to backup and store company data off-site on an regular basis. It is all under you direct physical control. Getting to it or barring access to it is relatively easy.

Does the SaaS allow you to do this for ALL your data?
Not its own backups, but your backups that you can get to independently of the SaaS provider.

And having got the data, how easy will it be to get access to underlying applications in an emergency with little or no notice!

The cost of having to carry out these recovery plans will be fairly high but it will keep you in business. Without your data you will be severely hampered in keeping the business going.

When things are going well, it is easy to forget the problems that can be caused by the loss of a simple object like a telephone line.

My overall view is that many companies are attracted to SaaS because it saves time, money and having to deal with mundane things like data recovery plans. The very things that when the 'sh.. hits the fans' you will need in bucket fulls.

SaaS is fine when it works, but can be a real disaster when it does not!
For me SaaS is a disaster waiting to happen because it gives a false sense of security to the user company. Just because you use SaaS does not mean that you do not need an independent Disaster Recovery Plan for your company data.

How many SME's that currently use SaaS have Disaster Recovery Plans for the data held at the SaaS?

Was SaaS not supposed to remove the need for such things?
Well yes, but as you can see you can't!