Integrating SaaS With Legacy Systems
Members of the Society for information Management (SIM) Advanced Practices Council (APC)—a forum for senior IT executives who bring transformational solutions to their organizations by commissioning research and sharing cross-industry perspectives—are familiar with the benefits of software as a service (SaaS). They know it can bring lower costs and faster deployment at a time of shrinking IT budgets and greater pressure to deliver more with less. But experience has warned them of the challenges associated with integrating SaaS solutions into their legacy applications.
To address these concerns, they commissioned research on how best to integrate SaaS into their legacy environments. The report, “SaaS, IaaS and PaaS: Realities and Emerging Integration Issues,” written by researchers Julie Smith David and Michael T. Lee, provides guidance on weighing the benefits of SaaS against its risks, and recommends integration options.
SaaS benefits have been widely touted by vendors: low initial cost for needed functionality; predictable payments based on usage; vendor responsibility for hardware and software upgrades, maintenance and operations; quick implementation; a potentially more scalable and agile environment for businesses to exploit strategically; reduced need for IT support staff; and best-practice backup, security and recovery procedures on demand.
SaaS users, in contrast, often mention security as a serious risk. They worry that data and information that reside on a shared infrastructure beyond the physical walls of their organization can be hacked by other users of that infrastructure. The fact that the software can be used only through an Internet browser also raises concerns about availability: SaaS is available only if there is a fast Internet connection and access. Subscribers also worry about a vendor’s uptime performance.
According to researchers David and Lee, a subscriber’s security concerns about SaaS might be unjustified, as security can be violated by sending proprietary data through business email. Many SaaS proponents argue that data residing within an organization is just as susceptible to corruption and theft.
SaaS vendors can secure data either in their facilities or at off-site ones with robust disaster-recovery procedures. Issues related to privacy and hacking can be managed by the vendors’ experts, who design and implement best-practice security measures. Many SaaS vendors have earned independent certifications to demonstrate that their environments are secure—perhaps even more secure than their clients’ environments.
Another concern is potential lock-in because proprietary platforms use languages and technologies specific to the SaaS vendor, thereby increasing the switching costs for subscribers. Associated with lock-in is the concern about vendor survivability. There could be disastrous business consequences if the subscriber cannot read or manipulate the data stored in a particular format by a SaaS vendor that’s gone out of business.
David and Lee are convinced that long-term success with SaaS hinges on how well these applications can be integrated into the enterprise’s technology architecture, making strategic data available throughout the organization and integrating process activities with distributed technology. Their report describes options for integrating SaaS with legacy systems.
Many firms adopt single-sign-on as their first level of integration between SaaS applications, or between SaaS and on-premises functionality. SSO introduces a “hub” into the architecture that monitors a user’s session, authenticates the user for each of the integrated applications (the “spokes”) and passes simple data structures between the applications.
Integration platforms enable an organization to integrate applications either through in-house integration platforms that have been used in traditional environments or through integration-as-a-service platforms that are hosted in the cloud. Recognizing the growth of SaaS, traditional integration-platform vendors have enhanced their toolkits with prebuilt interfaces to many of the most popular SaaS solutions. For example, webMethods and TIBCO both have Salesforce.com adapters included, along with those for traditional vendors.
Integration-as-a-service vendors may have stronger support for SaaS applications than they do for traditional or legacy offerings. Some of the leading traditional players, such as IBM and Informatica, have extended their offerings into the service category, while other players, such as Adeptia and Boomi, have been designed from their inception to be a service provided though the Internet. The advantages of integration as a service models are similar to those that firms enjoy when they adopt SaaS: minimal upfront costs, fixed monthly service fees, rapid deployment requiring less in-house IT skill and all of
the economies of scale provided by multitenant applications.
Platform as a Service
SaaS providers have created platform as a service offerings by opening their architectures to outside developers and encouraging them to build additional capabilities. Customers are able to select specific functionality—perhaps from multiple vendors—to be delivered as a service through the PaaS platform. Current PaaS leaders are Salesforce.com’s AppExchange and Force.com platforms, and NetSuite’s SuiteCloud.
Both environments have attracted developers who have successfully launched applications, broadening the original application’s reach. Traditional vendors, including SAP with its Community Network, are considering opening their infrastructure to enable a broader network of developers to create business solutions.
Although current PaaS offerings have, in general, less robust functionality than those from top-tier ERP players, their cost structure is so dramatically different from the traditional approach that organizations are adopting the less sophisticated applications because of these economies. Additionally, because of the open nature of these platforms, development can happen quickly, and the functionality can be expanded if users require it.
The researchers observe an emerging application ecosystem for large organizations. Working together, major SaaS players are developing integrated suites that they predict will rival the sophistication of offerings from ERP vendors without the costs of an on-premises installation.
Selecting the Integration Approach
David and Lee predict that organizations that have deep experience with in-house integration projects and a high percentage of functionality supported with traditionally installed applications are more likely to use in-house tools to integrate new SaaS applications into their environment. However, organizations that rely more heavily on SaaS offerings are more likely to select integration-as-a-service platforms for their integration needs. Because they are comfortable with having their IT resources in the cloud, they will continue to adopt such solutions.
The researchers recommend the following activities to prepare for further SaaS and legacy system integration:
Inventory existing SaaS applications. Understand the applications the staff currently uses. If your organization has a policy of not using SaaS, employees might not reveal their SaaS applications unless convinced they won’t face punitive action.
Inventory existing integration expertise. Document your integration capabilities so you can understand the integration options available to you. This will lead to further analysis of existing tool capabilities and skill levels.
Perform controlled pilot rollouts. If you have the luxury of controlling SaaS adoption, identify functional areas that have strong user support and a sense of urgency, but are not tightly integrated with your firm’s most strategic activities. This type of project lets you evolve SaaS procedures for identifying and acquiring solutions that minimize major risks, while giving your applications team experience in successful SaaS adoption. Ideally, this process will result in an architecture that enables agile acquisition and integration of future functionality.
Conduct business-process training. IT departments will require extensive business-process management and execution capabilities to integrate and optimize the various applications for delivering business value. Identify key business analysts or integration specialists for additional training in business areas. That will enable them to work effectively with functional leaders, understanding their strategic needs and translating them to the level of detail necessary to execute an integrated process across several different SaaS and legacy platforms.
Develop a robust SaaS strategy. After identifying existing SaaS applications and working with key areas to pilot SaaS adoption, you will be better prepared to develop and document strategic SaaS guidelines. These guidelines should include standards for adoption, based on integration-tool capabilities, preferred PaaS platform decisions or in-house areas of expertise. Once standards are established, you can deploy new strategic functionality rapidly, better integrating these solutions with others, thereby enhancing the overall value to the firm.
The “SaaS, IaaS and PaaS” report is available for sale here, along with others commissioned by the SIM Advanced Practices Council.
Madeline Weiss is director of the Advanced Practices Council of the Society for Information Management and president of Weiss Associates, a firm that specializes in strategic transformation, leadership development and business/technology alignment.