Download this white paper which is written to help technology business managers and executives understand the requirements for SaaS. Read further input and commentary from two experienced SaaS pioneers.
workday. 10 Critical Requirements for Cloud Applications: How to Recognise Cloud Providers and Applications that Deliver Real Value 10 Critical Requirements for Cloud Applications: How to Recognise Cloud Providers and Applications that Deliver Real Value ClOs and other business technology managers can free up valuable resources for strategic activities by deploying cloud applications that are less costly and complex, yet more intelligent and user friendly, than on-premise applications. This opportunity can be lost, however, if ClOs are unable to differentiate rea cloud providers and applications from the imposters. In the enterprise software industry's rush to fulfil rising demand, some providers may skip requirements that are critical to delivering the true benefits of cloud applications. ndustry pioneers for cloud applications (also known as software-as-a-service [SaaS]) know shortcuts don't exist. Applications, architectures, and processes must be built from the ground up to produce superior, modern alternatives to the traditional on-premise software and maintenance model. The purpose of this document is to help technology and business managers and executives understand the requirements for SaaS. It includes input and commentary from two experienced SaaS pioneers: • Stan Swete, Chief Technology Officer at Workday, is responsible for Workday's overall technology strategy, direction, and execution. Swete spent more than 10 years in technology and product executive roles at a large, traditional enterprise software vendor before joining Workday to lead development of its cloud computing architecture and launch one of the world's first real SaaS applications in 2006. • Steven John, Strategic Chief Information Officer at Workday, works with customer ClOs and IT groups to help them realise the full benefits of Workday and cloud computing, and plays a key role in ensuring Workday's continued adherence to the industry's highest IT standards and processes. John deployed Workday and other cloud applications in his prior role as CIO at H.B. Fuller, a St. Paul, Minnesota-based manufacturer with more than $1 billion in annual revenues. This document outlines 10 critical requirements of cloud computing to help organisations distinguish the difference between real and fake cloud applications. If cloud applications and their providers do not meet the following requirements, it's unlikely they can deliver the full benefits of modern SaaS. Critical Requirement No. 1: True Multi-tenancy There is considerable debate in the marketplace as to whether organisations should know or even care about multi-tenancy. The truth is that multi-tenancy is the only proven SaaS delivery architecture that eliminates many of the problems created by the traditiona software licensing and upgrade model, so it's extremely valuable to know whether the provider uses a multi- tenant architecture. A provider should be able to answer this question with a simple "yes" or "no," and prove its answer. Multi-tenancy ensures that every customer is on the same version of the software. As a result, no customer is left behind when the software is updated to include new features and innovations. "Upgrades can be cost- prohibitive for ClOs due to their complexity and the resource requirements, and can be put off for months or even years," says Steven John, Strategic CIO at Workday. "With multi-tenancy, you won't be left behind." 2 A single software version also creates an unprecedented sense of community where customers and partners share knowledge, resources, and learning. "Smart ClOs work with their peers and learn from them and what they're doing," John says. "At most software companies' user group meetings, you have to seek out others who are on the same version. At a Workday conference, the community for sharing is limitless because everyone is on the same version. Even better, your time is spent talking about new functionality that can drive business productivity and innovation, rather than sharing tips on how to avoid a high-cost upgrade." The update vs. upgrade approach benefits both the vendor and the customer, Swete says. "The customer is relieved from IT upgrade projects, while the vendor can focus on what it does best, which is maintain its own software." Vendors have a strong technical under- standing of the software they developed, but the on-premise world requires vendors to share this knowledge with customers, which is not an easy feat, explains Swete. When customers don't have deep insight into the software, or have difficulty obtaining employees or contract workers skilled to work on that software, the result can be problematic and even failed upgrades. Multi-tenancy offers distinct cost benefits over traditional, single-tenant software hosting, says Stan Swete, CTO at Workday. A multi-tenant SaaS provider's resources are focused on maintaining a single, current version of the application, rather than spread out in an attempt to support multiple software versions for customers. "If a provider isn't using multi-tenancy, it may be hosting thousands of single-tenant customer implementations. Trying to maintain that is too costly for the vendor, and those costs become the customers' costs," Swete says. Swete adds that multi-tenancy requires a new archi- tectural approach. "You have to develop applications from the ground up for multi-tenancy," he says; otherwise, extensive work is required of the vendor to alter the on-premise application and underlying database for multi-tenancy, resulting in an even more complex, and potentially high-maintenance, application. Critical Requirement No.2: Regularly Delivered, Vendor-Managed Updates A cloud application is a single version of software that is regularly updated, often several times a year, for all customers. To realise the true cost benefits of SaaS, the provider should be managing all of those updates at no additional charge, and customers should be able to adopt the latest capabilities in the updates on their own timelines. Software that has to be upgraded on the customer's own dime, even if the vendor hosts it, does it, does not meet the requirements for a cloud application. "With multi-tenancy, you won't be left behind." Steven John, Strategic CIO, Workday Vendor-managed updates deliver continuous improve- ment and allow companies to stay compliant with new aws and regulations, John says. "Traditional software vendors might offer some big, new changes every four to five years. With Workday, we received consistent, value-added improvements through updates three times a year, and didn't have to pay extra for any of them." Critical Requirement No.3: Seamless Integration On Demand Cloud applications should be built from the ground up to lower the cost, time, and risk of integrating them with existing on-premise and on-demand applications. A cloud application provider worth doing business with will share the burden of integration with its customers versus leaving them on their own. Cloud providers should 4 make an integration infrastructure and integration tools available, assist its customers with integrations, and develop a partner ecosystem that includes consultants, integrators, and other software and SaaS companies. "At Workday, we believe seamless integration between our products and other products and services is another opportunity to transfer even more cost and complexity occurring within customers' data centers 3 into the cloud," says Swete. "We've developed, and will continue to develop, tools for customers and partners to build their integrations, and the infrastructure in our cloud to execute them. Customers can control the execution of integrations without having the complexity of managing the infrastructure." John believes the concept of a vendor-provided integration platform will become increasingly important in differentiating real cloud applications from those that don't meet the needed requirements. "Any integration point is a potential failure point, and everaging an integration cloud platform can reduce the amount of manual integration time and work required, which in turn reduces the risk of something going wrong with your integration," explains John. Critical Requirement No.4: Business-Driven Configurability Cloud computing applications should be configurable, so your IT organisation is freed from costly customisations, and businesspeople can configure processes that meet the specific needs of the organisation. "The greatest self-inflicted wound we've made as ClOs is allowing too much customisation to software," says John. "It gets down to how a CIO balances freedom vs. order. Customisation is all about freedom, but if you go too far down that road, you lose order. I have found that configurable software lets an organisation balance freedom and order." A configurable cloud application should include a catalog of choices in business processes that are designed to meet the needs of any organisation. What's enlightening about configurable software, which should offer plenty of industry standard choices, is that it becomes apparent how much time and cost has gone into customising software just because "a process has always been done that way," John says. "With customisations, ClOs often aren't designing for business processes, they're designing for personalities." "The greatest self-inflicted wound we've made as ClOs is allowing too much customisation." Steven John, Strategic CIO, Workday "One of the myths of SaaS is that since it's in the cloud, it's one-size-fits-all, but that couldn't be further from the truth," Swete says. "Real SaaS solutions should not only be configurable for the company, but in different ways for different parts of a company." Many Workday customers with global footprints, for example, require different hiring processes for different countries, which can be configured in Workday HCM without the need for customisations. Critical Requirement No.5: World-Class Data Center and Security A cloud application provider should be able to offer world class security and data privacy better than its customers can do on their own, and at no additiona cost. Processes and policies should encompass physical, network, application, and data-level security, as well as full back-up and disaster recovery. The provider should be compliant with security-oriented laws and auditing programs, including Safe Harbor, ISO 27001, and SAS70 Type II. "Reputable SaaS providers are proving that SaaS can be done at least as securely as most enterprise implementations, and in some cases more securely," Swete says. For example, at Workday, direct access to the database is limited to a select set of people on Workday's operations staff. A typical on-premise ERP implementation would grant this access to a much wider group, creating a security challenge. "SaaS providers must take a holistic approach to security, ranging from technical safety guards such as encryption to understanding data privacy laws and compliance, and building those safety guards into every product and process," Swete says. 4 Meanwhile, it is the responsibility of ClOs to conduct due diligence on SaaS providers. "Go in and see what they're doing around data security and privacy" John says. "No one should enter a relationship without thoroughly vetting the provider's capabilities. Providers that won't allow you a thorough examination, claiming all kinds of reasons, are the ones to avoid." "Real SaaS is a lot more than just hosting," says Swete. "Where multi-tenancy, a single version of the software, and vendor-managed updates all come together and really pay off is having more predictability around your total cost of ownership. There are no more highly unpredictable projects, with the most common among those being software upgrades." Critical Requirement No.6: A High-Performance, Sustainable IT Infrastructure The cloud application provider should maintain a high performance IT infrastructure, which includes the data centers and databases, operating systems, networks, and storage systems used to run cloud applications and manage customer data. It should have stellar IT operations, security, maintenance, and performance tuning processes. "Our livelihood depends on our ability to securely and effectively manage our operations, and that means keeping pace with the most current technologies," Swete says. "Our entire business is based on high-performing IT operations. This is our lifeblood. It is how we remain competitive, and where we'll continue to innovate. Cloud applications are also environmentally sustainable due to the multi-tenant infrastructure in which they're delivered. Multi-tenant SaaS reduces electricity con- sumption, paper waste, and lowers CO2 emissions. "A hundred customers, using 100 different systems, is less efficient and more impactful on the environment than those customers all sharing the same data center," notes Swete. Critical Requirement No.7: Predictable Total Cost of Ownership Model There should be no surprise costs with cloud applications. Implementation costs should be predictable, and subscription-based pricing should be transparent with no hidden fees. Cloud applications should not require upfront investments in hardware and software license fees. John agrees. "One thing that can kill a ClO's reputation is surprises, particularly surprises with lots of dollar signs," he says. "With a valid cloud application, ClOs can determine what it's going to cost over the next five years. "There are no more highly unpredictable projects, with the most common among those being software upgrades." Stan Swete, CTO, Workday Such predictability lends transparency to the budget process and means you won't have to fight budget battles for unexpected costs. Critical Requirement No.8: Faster Deployment Since cloud applications don't require investments and installation of hardware and software, organisations should be able to get them running and productive in a fraction of the time compared with on-premise software. (At Workday, that's typically 3 to 4 months for customers with under $1 billion in annual revenue, and 5 to 8 months for customers with more than $1 billion in annual revenue.) 5 "On day one, our customers are able to look at our demonstration data, and very quickly after that they can test their data in our system to see how it looks and works," Swete says. Multi-tenant SaaS deployments are highly iterative and collaborative with the customer, and a provider's deployment staff should be skilled down to the most minute of tasks. With multi-tenant, configurable cloud applications, "the coding has been outsourced," explains John. With H.B. Fuller's implementation of Workday, the business side of the organisation was able to play a significant role in leading the project, which let John focus his finite IT resources on data, integrations, and working with the business team to ensure technology and processes were aligned. "In a configurable cloud application environment, once the processes and training are in place, you turn it on." Critical Requirement No.9: Control Cloud applications should allow organisations complete control of their data, even though it is located off premise. While organisations are freed of application maintenance, there should be no roadblocks or bureaucracy that hinder the ability of authorised individuals to import, export, purge, and archive data to and from the application without having to first contact the SaaS vendor. SaaS providers should make it possible to have a "sandbox" version of the production environment, so an organisation's project team can view and analyse data and experiment with features and configurations before going into production. "IT and business managers need to have a place where they can go in and play with the functionality without any risk to the production environment," John says. What's more, quality SaaS providers should provide regular audit reports for their customers about the data in their applications. "Workday offers a rich set of audit information that our customers access directly through reports," Swete says. "Any customer can understand, very quickly, the changes that were made and who made them." Critical Requirement No. 10: Liberation from Non- Strategic IT Issues Cloud applications should free ClOs and their teams from time and energy spent on non-strategic, back office IT operations and software coding. Today and into the future, the most highly valued ClOs-the ones that become heroes to the business-are those who are closely aligned with strategic business initiatives and drive the IT projects that support those initiatives. Furthermore, ClOs are staffing their teams with people who understand and drive the critical relationship between business and IT. "Now, you can really talk strategy with the business. You're able to focus on the business processes, and the value they bring to people, and not on the nuts-and-bolts of technology and IT infrastructure." Steven John, Strategic CIO, Workday 6 "As a CIO, I believe in this mantra: 'If I'm doing things someone else could do, then things that only I can do aren't getting done'," John says. "A data center is a commodity, and a company that specialises in running a data center is going to do it better than I can. And that frees me up to do what I do best, which is to focus on strategic work and innovations and find ways to provide true business value." Because cloud applications are managed in secure, offsite data centers, battling for dollars to support them is never a discussion during budget negotiations. "If don't have to fight for maintenance or security dollars, keep more 'chips' during the budget negotiation process," John explains. "I'm in a better position to negotiate for dollars for new applications, systems, or devices that will help us meet our business goals." Successful cloud applications are those that empower ClOs by "removing the roadblocks that have been part of IT departments for years," John adds. "Now, you can really talk strategy with the business. You're able to focus on the business processes, and the value they bring to people, and not on the nuts-and-bolts of technology and IT infrastructure." The Workday Difference Although a number of business software vendors claim to offer cloud applications, Workday provides the only real SaaS alternative to hosted on-premise ERP solutions. Workday's offerings meet the 10 critical requirements of cloud applications, including Human Capital Management (HCM), Talent Management, Payroll, Financial Manage- ment, and Spend Management, all on a unified core. Designed from the ground up for a multi-tenant, SaaS delivery model, Workday gives customers unprecedented global access for workers and real-time visibility for executives into the state of the business. 7 workday. Workday, Inc. | 83 Baker Street | Westminster, London W1U 6AG | United Kingdom Phone:+44 (0)20 3384 4710 | Fax:+44 (0)207 034 716 | www.workday.com © 2011. Workday, Inc. All rights reserved. Workday and the Workday logo are registered trademarks of Workday, Inc. All other brand and product names are trademarks or registered trademarks of their respective holders. WD10CRIQ-UK-09082011