Integrating Software as a Service with Legacy Systems
Members of the SIM Advanced Practices Council (APC), a forum for senior IT executives who bring transformational solutions to their organizations by commissioning research and sharing cross-industry perspectives, are very familiar with the benefits of SaaS, including lower costs and faster deployment at a time of shrinking IT budgets and greater pressure to deliver more with less. But hard-won experience has warned them of the coming challenges of integrating SaaS applications into their many legacy applications.
To address their concerns, they commissioned research on how best to integrate SaaS into their legacy environments. The report, “SaaS, IaaS and PaaS: Realities and Emerging Integration Issues,” written by Julie Smith David and Michael T. Lee, provides them with guidance on weighing the benefits of SaaS with its risks, and recommends integration options.
SaaS benefits have been touted widely by vendors: low initial cost for the needed functionality; predictable payments based on usage; vendor responsibility for hardware and software upgrades, maintenance and operations; quick implementation; potentially more scalable and agile environment for businesses to exploit strategically; reduced need for IT support staff; and best practice backup, security and recovery procedures in place and on demand.
SaaS users often mention security as a serious risk. They worry that data and information that reside on shared infrastructure outside the physical walls of their organization can be hacked by others that use the shared infrastructure. The fact that the software can only be used through an Internet browser also raises concerns about availability. Unlike traditionally installed software, which is available whenever the local computer is turned on, SaaS is only available if there is fast Internet connection and access. Subscribers also worry about the SaaS vendor’s uptime performance.
According to researchers David and Lee, a subscriber’s security concerns with SaaS may be unjustified. Security can be violated by simply sending proprietary data and information through a business email. Many proponents of SaaS have argued that data and information that reside within an organization are just as susceptible to corruption and theft. SaaS vendors can secure data and information either in their facilities or offsite ones with robust disaster recovery procedures. Issues related to privacy and hacking can be managed by the vendors’ experts, who design and implement best practice security measures.
Many SaaS vendors have earned independent certifications to demonstrate that their environments are secure, perhaps even more secure than their clients.
Another concern is potential lock-in because proprietary platforms use languages and technologies specific to the SaaS vendor, thereby increasing the switching costs for subscribers. Associated with lock-in is the concern about vendor survivability. There may be disastrous business consequences if the subscriber cannot read or manipulate the data stored in a particular format by a SaaS vendor that becomes commercially unviable.
David and Lee are convinced that long-term success with SaaS hinges on how well SaaS applications can be integrated into the organization’s technology architecture, making strategic data and information available throughout the organization and integrating process activities with distributed technology. Their report describes current viable options for integrating SaaS with legacy systems.
Many firms adopt Single-Sign-On (SSO) as their first level of integration between SaaS applications or between SaaS and on-premise functionality. SSO introduces a “hub” into the architecture that monitors a user’s session, authenticates the user for each of the integrated applications (the “spokes”), and passes simple data structures between the applications.
Integration as a Service (IaaS)
Integration platforms enable an organization to integrate applications either through traditional, in-house integration platforms, which have been used in the traditional environments, or through Integration-as-a-Service (IaaS) platforms that are hosted in the cloud. Having recognized the growth of SaaS, traditional integration platform vendors have enhanced their toolkits with pre-built interfaces to many of the most popular SaaS solutions. For example, webMethods and TIBCO both have Salesforce.com adapters included along with those for traditional vendors (SAP, PeopleSoft, Oracle, etc.).
IaaS vendors have perhaps stronger support for SaaS applications than traditional or legacy offerings. Some of the leading traditional players, such as IBM and Informatica, have extended their offerings into the IaaS category, while other players such as Adeptia and Boomi have been designed from their inception to be a service provided though the Internet. The advantages of IaaS are similar to those firms enjoy when they adopt SaaS: minimal upfront costs, fixed monthly service fees, rapid deployment requiring less in-house IT skills, and all of the economies of scale from multi-tenant applications.
Platform as a Service (PaaS)
SaaS providers have created Platform as a Service (PaaS) by opening their architectures to outside developers and encouraging them to build additional capabilities. Clients are able to select specific functionality, perhaps from multiple vendors, to be delivered as a service through the PaaS platform.
Current PaaS leaders are Salesforce.com’s AppExchange and Force.com platform, and Netsuite’s SuiteCloud. Both environments have attracted developers who have successfully launched applications, broadening the original application’s reach. Traditional vendors, including SAP with its Community Network, are considering opening their infrastructure to enable a broader network of developers to solve business solutions.
Although current PaaS offerings have, in general, less robust functionality than top-tier ERP players, their cost structure is so dramatically different from the traditional approach that organizations are adopting the less sophisticated applications because of the cost benefits. Additionally, because of the open nature of these platforms, development can happen quickly and the functionality can be expanded if users demand it.
The researchers observe an emerging application ecosystem for large organizations. Working together, major SaaS players are developing integrated suites that they predict will rival the sophistication of ERP vendors without the costs of an on-premise installation.
Selecting the Appropriate Integration Approach
The authors predict, based on their research, that those organizations that have deep experience with in-house integration projects and a high percentage of functionality supported with traditionally installed applications, including custom coded solutions, are more likely to use in-house tools to integrate new SaaS applications into their environment. However, organizations that rely more heavily on SaaS offerings are more likely to select IaaS platforms for their integration needs. Because they have already become comfortable with having their IT resources in the cloud, they will continue to adopt such solutions.
The researchers recommend that CIOs initiate the following activities to prepare their organizations for further SaaS and legacy system integration:
Inventory existing SaaS applications. Understand better the breadth of applications that staff currently use (e.g., Skype, Google Docs, Salesforce.com). If your organization has an explicit policy of not using SaaS, individuals may not reveal their SaaS applications unless convinced that they won’t face punitive action.
Inventory existing integration expertise. Since optimal integration solutions depend on local expertise and historical integration investments, document your integration capabilities to understand better the integration options available to you. This will lead to further analysis of existing tool capabilities (is your existing integration solution already able to integrate leading SaaS functionality?) and skill levels (do you have strong integration expertise already or will you need to train team members on emerging tools?).
Perform controlled pilot roll outs. If your organization has the luxury of controlling its SaaS adoption, identify functional areas that have strong user support and a sense of urgency, but are not tightly integrated to your firm’s most strategic activities. This type of project can allow you to evolve SaaS procedures for identifying and acquiring solutions that minimize major risks (vendor survivability, control concerns, etc.) while giving your applications team experience in successful SaaS adoption. Ideally, this process will result in an architecture that enables agile acquisition and integration of future functionality, and the IT team will be more able to support the organization’s overall strategic needs.
Conduct business process training. IT departments will require extensive business process management and execution capabilities to integrate and optimize the various applications for delivering business value. Identify key business analysts or integration specialists for additional training in business areas so they can effectively work with functional leaders, understanding their strategic needs, and translating them to the level of detail necessary to execute an integrated process across several different SaaS and legacy platforms, which will likely be the norm for several years until a truly successful PaaS emerges (if it does).
Develop a robust SaaS strategy: After identifying existing SaaS applications and working with key areas to pilot SaaS adoption, you will be better prepared to develop and document strategic SaaS guidelines. These guidelines should include standards for adoption, based upon integration tool capabilities, preferred PaaS platform decisions, or in-house areas of expertise. Once these standards are established, you can deploy new strategic functionality rapidly, better integrating these solutions with others, thereby enhancing the overall value to the firm.
Note: “SaaS, IaaS and PaaS: Realities and Emerging Integration Issues” can be downloaded here, along with other reports commissioned by the SIM Advanced Practices Council.