For years, IT departments have had full control over their own infrastructure (for better and worse) and are naturally uncomfortable with anything that prevents them from being the sole resource for their own infrastructure.
They have been trained to maintain tight control because of the complexity of their own environment—a positive trait that has helped to assure timely and accurate delivery—but also limits their ability to accept change.
It should also come as no surprise, then, that IT often views data leaving its network as a negative rather than a positive.
However, Software as a Service’s (SaaS) cost-savings and ability to help companies foster innovation within their own infrastructure is too strong a value proposition for most enterprises to ignore.
Although management may be pushing cloud initiatives on their reticent IT staff, many CISOs and CTOs are wary of the hype and have nagging fears around the loss of infrastructure control, loss of ownership of data, vendor lock-in and data security.
These fears are largely rooted in false perceptions around loss of control and security—and in false beliefs in the flexibility and strength of on-premise solutions. The key to easing these potential pitfalls is to thoroughly evaluate your SaaS partner.
Like any other industry that achieved popularity quickly, there are many companies that are slapping “Cloud Computing” stickers on their products and positioning them as brand new. Enterprises need to delve into the details of their partners’ operations, software and license agreements to ensure they are aligning themselves with a company taking advantage of modern technology and protocols so none of their fears come to pass.
Fear #1 – Loss of Infrastructure Control
This is a problem perpetuated by managed service providers during the 1990s, when businesses would move from on-premise solutions to managed services. Back then, some managed service providers could not provide an environment in which they could deliver timely or reactive support or functionality, thus frustrating the end users.
The sophistication of technology today has allowed the industry to move away from this unwanted scenario and provide the best of both worlds: the administrator retains the granularity and control that is provided by an on-premise solution while still getting timely support.
With that being said, however, all vendor infrastructure is not equal. Enterprises should fully understand the infrastructure of a vendor’s SaaS-based solution and ensure there are no single points of failure, such as those found in the recent T-Mobile data fiasco.
A key attribute enterprises can look for in cloud partners is whether or not they use a grid computing system and, if so, how they define grid computing. Grid computing is a proven method to achieving 99.999% reliability because these networks are able to shift data burdens – rather than creating single points of failure – to alternate locations or across shared multiple locations should an outage or corruption occur. Instead of causing an informational bottleneck, data is simply accessed from another part of the grid until the problem is fixed.
Rich SaaS implementations are every bit as powerful as on-premise solutions and allow the administrator to maintain control of the application without dealing with the environmental requirements.
Fear #2 – Loss of Ownership of Data
This ties into the first fear because it deals with IT being uncomfortable with data that is not on their own infrastructure.
This fear is a valid concern as data is generally processed or held offsite by cloud vendors; however, on-premise providers often lock customers into solutions by making any migration or upgrade path both cost-prohibitive and technically undoable.
Enterprises need to ensure that data ownership is addressed in detail in the cloud licensing agreement or terms and conditions. Reputable SaaS vendors will ensure that companies always own their data, and it is not provided to anyone else or used for the benefit of the service provider, and are able to easily access their information whenever they need it and get it back, however large the volume, should the partnership not work out.
Systems based on modern technology provide enterprises with a robust administration console that allows you to set all data policies, review access information, control data users and freely interact with data. If a SaaS company cannot guarantee these types of capabilities, enterprises should be wary of partnering with them.
Also, enterprises should research the company’s partners, press clippings and case studies to get an idea of what industries their solutions are best suited and how they work with clients.
Fear #3 – Vendor Lock-in
SaaS solutions can lock customers into their products by using proprietary formats for encryption and data storage that make future migration difficult. But guess what? So do on-premise vendors.
This is a long-standing IT problem that goes back well before the cloud. The reality is that cloud vendors make access to data easier and allow customers to export data as is, and when required.
Fear #4 – Data Security
Data security is an excuse that has underpinned the cloud skeptics’ position since the introduction of cloud computing or SaaS solutions. Issues such as the potential for multi-tenant systems to cross-contaminate data and allow a “jail break” data breach have made the round—but have no grounds in reality.
This mindset does not take into account that a cloud vendor is a security provider. Cloud vendors can build security and resilience into their solutions from the ground up and are able to provide massively more security and resilience to their customers than would ever be possible in an on-premise solution.
Encryption and data loss prevention capabilities are a given for SaaS vendors, but there are a few additional areas companies can look into to ensure their potential partners are secure:
- The security policies for data in flight, in use and at rest;
- The physical security practices the company employs for its servers; and
- The process in which data is shared with separate clients (to learn more about cross-contamination possibilities).
In reality, it is the CTOs and CISOs that are generally pushing for the adoption of cloud based solutions because they are technical users and decision makers who understand the concepts and architecture of the cloud.
As with any technology with a ton of hype, sometimes they are not able to filter through the rhetoric generated by skeptics and those afraid to make a change to the status quo. Methodical evaluations of SaaS vendors can go a long way in alleviating these fears and ensuring their cloud computing projects are successful.
These four fears often overshadow the one true SaaS benefit for CISOs and CTOs; namely, transforming the IT department from a help desk to a competitive differentiator. Moving high value systems into the cloud prevents enterprises from devoting funds and man-hours to operations, low-level upgrades and maintenance—and enables them to leverage their in-house technology expertise to focus on projects that drive the bottom line.
Mary Kay Roberto, SVP and General Manager, Mimecast