Web Apps Failure: A Pain in the SaaS

by Polly Traylor

Web-based applications come with a certain element of risk—from downtime to productivity to security. But with a bit of preparation, you can alleviate the issue.

For small businesses, software-as-a-service (SaaS) is making enterprise-class software more attainable for small businesses ‑‑ since you don't need staff to deploy, manage and support it.  SaaS, sometimes called on-demand, is exciting because it levels the playing field and gives your small business advanced automation without the prohibitive costs and hassle.

Still, there's plenty of chatter out there about security and other risks involved in moving your applications offsite and accessible through the Web. 

“The risk differs by the service you are looking at, but the main thing is that you're offloading data to a third party so you have to do a lot of due diligence,” said Gary Chen, principal with IT analyst firm McChen Research in Boston. "If you're buying a piece of storage on the Web you don’t know anything about the data center behind it,” he explains by example. “How big is it, who is running it, and what is its security and disaster recovery plan?"

Further complicating the matter is that in the cloud you sometimes (and often likely) deal with more than one provider.  The technology supplier might be different than the provider that stores and backs up your data, for instance.

Beyond security and reliability, there are other issues: your company has to deal with the fact that its data is now dispersed.  Josh Greenbaum of analyst firm Enterprise Applications Consulting in Berkeley, Calif., offers a for instance:

Your sales and marketing manager may struggle with how to maintain a central customer database, when some of that data is stored and managed separately offsite with an online provider. If you hope to do some in-depth customer analytics someday, this issue of data segregation might be a problem.

But let’s take a reality check: for a small business, online software today offers more benefits than it does risks.

"On-demand providers are usually held to higher standards for uptime and security than on-premise applications,” said Rebecca Wetteman, vice president of Research with IT advisory firm, Nucleus Research. “For small businesses, they are actually getting a higher level of security [than they could do on their own] anyway."

Adds Laurie McCabe, vice president of small business insights for New York-based AMI-partners: “Any big provider is going to have fully redundant systems to backup data, but they’re also physically redundant, with multiple data centers.”

Even with those assurances, it's still wise to take every precaution when entering into relationships with on-demand software providers. Here’s how:

1. Vendor Security and Reliability Record

When entering into SaaS engagements, reliability and security should be top criteria for selection ‑‑ perhaps on par or higher with features and functionality of the application. Chen suggests a checklist of sorts for key security measures at the vendor's site, covering:

  • how and where the provider uses data encryption (for instance, do they encrypt backups too?)
  • what's the quality of the data center's network defenses;
  • how does the provider handle authentication and secure connections
  • does the provider use data loss protection (DLP) technology?
  • Ask about multi-tenancy, since you’ll probably be sharing server space and computing resources with other businesses. 

"Some providers are more secure than others when it comes to separating customer data, " Chen explained, regarding multi-tenancy. You may want to request that the vendor dedicates virtual machines just for your data, if you are in doubt, he suggested.

2. The Contract: Focus on Uptime

At the end of the day, you want as few business interruptions as possible. Should you trust the ubiquitous 99.99 percent guarantees for uptime? “What does it mean to offer four 9s of uptime—what time zone are they guaranteeing?” said Greenbaum.

Find out exactly what the vendor means by uptime—such as, whether vendors include routine maintenance as part of its uptime calculations.  Fortunately, SaaS vendors are used to these negotiations, so there should be few if any surprises for a well-established partner.

"There are a lot of security and reliability discussions in contracts, but I rarely see it holding up deployments," said Wetteman.

3. Include Clauses for Downtime and Losses

Wetteman advises doing an ROI calculation about the cost of a security breach and/or data loss, and sharing that with your vendor:  "We don't see any vendors writing compensation into contracts, but make sure that the vendor sees what your loss could be," she said.  "A lot of this is about peace of mind.  Allow the vendor to make any extra assurances for you [based on your risk]."

Chen, however, said that companies should include clauses requiring credits or some form of financial payout for downtime or data loss.  And, he suggested, make sure that you, not the vendor, retains ownership of the data at all times.  "If [something] happens, you are going to pay the price with customers, not the vendor."

4. Ensure Offline Access

Outages are bound to happen on the Web, and your company will need a backup plan so that employees can keep mission-critical work going and still service customers.  "You have to make sure there is access to some functionality and data offline," Greenbaum said.  "A warehouse management firm I know has a system to capture externally-stored data into on premise system.”

Added Chen: "Offline access is something a lot of customers ask for, not just for downtime but if you're somewhere without network access such as an airplane."  See what your vendor offers and how much of this offline capability they can handle for you.

5. Require a Communications Process for Bad News

When suddenly you can't access an application or its data, there's nothing more aggravating than being left in the dark.  "Vendors really need to be proactive about providing information," Wetteman said.  "Before you buy a service, ask what happens if the vendor's data center goes down, and how you can extract data from the vendor if needed." Ideally, said Chen, the vendor will have a portal to communicate status updates to their clients immediately.

6. Test it First

One of the advantages SaaS offers is the flexibility to quickly adopt a new application but still have an easy exit if everyone hates it.  Many vendors will even offer a free trial with no commitment, said Laurie McCabe. “Kick the tires and take it for a test drive,” she suggested. If your vendor doesn't offer a free trial, perhaps they could give you a month-to-month service agreement for a period of time. 

There's another advantage here: if reliability and performance do become an issue, dump the vendor and do some more shopping. After all, for now anyway, it’s a buyer’s market for on-demand applications.

Polly Schneider Traylor is a freelance business and technology writer based in San Mateo, California.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

This article was originally published on Tuesday Sep 23rd 2008
Mobile Site | Full Site