Serving Up SaaS
Andy Steggles, CIO of the Risk and Insurance Management Society, considers himself a convert to software as a service. It was a very different story
18 months ago, when he was sure SaaS would never work for RIMS’ complex systems and the mission-critical data the New York-based professional association had on its 11,000 members around the world.
Steggles understood the benefits of SaaS—no infrastructure to mind, no maintenance, access from virtually anywhere via a browser—but he thought it was basically a sales pitch. “We were used to maintaining applications, and we liked the sense of control that gave us,” he says. “But we wanted to implement a sophisticated social network for our members, integrated with our main database. In a conventional deployment, the application we envisioned would have required four or five servers and cost maybe $150,000 for software and integration, plus maintenance. So we decided to try a SaaS solution from Higher Logic.
“Initially, we were concerned about it, but the numbers made it a no-brainer. Low integration costs and a very reasonable monthly charge meant massive savings. And in the 18 months since implementation, not only have those savings been realized, but the applica-tion has given us absolutely no trouble at all. It works reliably, and our members love it.
“Now I want everything to be SaaS,” he adds.
When listening to CIOs talk about SaaS, it’s clear that the conversion Steggles describes—from skeptic to believer—is becoming more common. One reason is long-term exposure: In an April SaaS survey conducted by Burton Group and Ziff Davis Enterprise Research, 67 percent of the 252 CIOs whose companies use some form of SaaS have been doing so for two or more years.
“The growing number of SaaS adopters was the primary reason for doing this survey,” says Craig Roth, Burton’s vice president and service director, collaboration and content strategies. “Most other surveys have focused on the risks and benefits of SaaS, but we felt there were finally enough software as a implementations to warrant a report on the lessons learned. This survey provides real-world information that other organizations considering SaaS can use to help plan their own deployments.”
The early adopters in our survey have had an opportunity to experience the full gamut of SaaS upsides and downsides, to educate and serve several generations of users and managers in the SaaS regime, and to shepherd their implementations through several budget cycles.
And these IT managers are talking. Of the respondents who have implemented SaaS, the majority ranked conversations with users at other companies as the strongest influence in evaluating potential SaaS applications—marginally ahead of reading trade publications and Web sites or speaking with vendor customer references. So there is an active word-of-mouth network reducing fear, uncertainty and doubt. And its messages are harmonizing with the obvious trends driving IT to reinvent itself, become more efficient and positively impact the bottom line.
Increased user familiarity with the notion of Internet-delivered applications also plays a role in reducing opposition to SaaS, engendering tolerance for the occasional quirkiness of applications that live “in the cloud.”
“We’re very interested in Web 2.0, the rich Internet and social media as a component of our foundational mission,” says Sharon Burns, CIO of the John D. and Catherine T. MacArthur Foundation, a private grant-making institution based in Chicago. “Our users spend a lot of time online and are very comfortable with the idea of working with applications via the browser. I think they’re also tolerant of what that may mean: having to refresh the page from time to time or deal with the occasional glitch. It’s not a big deal.”
The top three reasons mentioned for the interest in SaaS applications are no in-house maintenance, shorter time to rollout than with conventional software, and usability from just about anywhere.
Of the respondents already using SaaS, about three-quarters said they plan to expand their use of these applications, and 65 percent said using this solution has lowered their company’s overall software costs. More than one-quarter said their company’s architecture was fundamentally based on SaaS.
Reviewing the responses to survey questions reveals a striking metatrend, which is borne out in CIO interviews: Planning around SaaS is no more complex than working with conventional models of software deployment—and the problems are solved just as easily with commonsense solutions.
Survey respondents were pretty good at estimating the time required to get up and running on their SaaS applications. The majority—58 percent—reported that they had pegged the time correctly. Ten percent said the implementation took less time than expected, while 4 percent said it took much less time. In contrast, 23 percent said it took more time than expected, and 5 percent said it took much more time. The big time-consumer was integration, with end-user training the close runner-up.
Actual startup intervals ranged from as little as a week (6 percent) to more than 12 months (8 percent), with just under half the deployments requiring one to six months.
Respondents also were reasonably good at predicting total costs associated with their SaaS deployments: Only 5 percent said costs were much higher than predicted, while another 5 percent said they were much lower.
What did surprise survey respondents was the infrequency with which some of the feared downsides of SaaS actually happened. This was most notable in the area of security, where almost half expected a greater security risk, but only 18 percent actually experienced it.
As Steggles of RIMS says: “We find that our critical data is actually safer in the hands of our application host than it might be on our premises. This makes sense because they’re functioning at scale in active support of a single application, which they created. They clearly understand the security and integrity risks surrounding that application better than their typical customer does, and they’re equipped to manage access controls, backups and so on with great efficiency.”
Where security can get dicey, it turns out, is in the managerial void that opens in the wake of transitioning internal processes and infrastructure to the SaaS framework. One place where the rubber meets the road is in managing end-user access to a remote application.
“We explored the possibility of single sign-on and will continue to revisit it,” says Burns of the MacArthur Foundation. “For the moment, that’s impractical, so we have to ask our users to manage different passwords and access modes for each remotely hosted application.”
That lack of central control can be problematic when users leave the company, as IT management may forget to revoke their access to SaaS applications.
Elsewhere, though, users more closely anticipated the downsides of SaaS, so experience was much in line with expectations. For example, roughly 42 percent of respondents had predicted issues with Internet connectivity, and about 45 percent reported experiencing them.
The enterprises surveyed had established some controls for managing SaaS applications. More than half had plans for disaster recovery/business continuity, 45 percent had a process for provisioning and deprovisioning users, and 40 percent had incident response and investigation procedures.
“It’s critical for companies implementing SaaS to put the right protections in place,” warns Burton’s Roth. “There are a number of areas to consider, including backup and business continuity, provisioning and deprovisioning, data integrity issues, confidentiality, contract negotiations, audit controls and whether there will be penalties for any downtime.”
Migrating to SaaS is easiest when considering point solutions, such as Web conferencing, or applications that require only data conversion but are comprehensive or monolithic, such as human resources. Web conferencing, customer relationship management (CRM), HR/benefits and customer/employee survey applications are the top four domains in which survey respondents said they are licensing SaaS, or planning to do so within 24 months. Areas that currently license conventional software the most include e-mail, accounting/billing and business intelligence.
Prospects seem especially good for SaaS conversions when departments or business units can be brought on individually. The predicted uptake is much less when the applications are broader-based and more highly integrated with infrastructure and process, such as enterprise resource planning systems.
E-mail, which is both universal and commoditized, offers a lot of potential for SaaS conversion. Currently, the vast majority of survey respondents said they are deploying e-mail applications in the conventional mold, but they also listed e-mail as the first SaaS application most likely to completely replace conventional applications in their company.
Steggles of RIMS, Burns of the MacArthur Foundation and other CIOs interviewed mentioned e-mail as a likely near-term target for SaaS conversion. That’s partially due to the growing sense that comprehensive e-mail management—incorporating virus protection, anti-spam, and a host of archival and reporting features that enable compliance with the Sarbanes-Oxley Act and other regulations—is an essential business tool.
However, even in situations in which SaaS provides a competitive solution, funding the conversion of conventional applications to a service model can be problematic.
RIMS’ Steggles explains: “The core application for our business is the Association Management System, which is complex and generally has a long service life. We know very closely what our cost for maintaining that application is, year over year.
“It can be hard to propose a completely different model, in which—due to a simple lack of experience—one’s predictive assurance is less. Further, it’s always easier to obtain capital funding than operational funding, though you can control expenses far better with a fixed monthly cost.”
Survey respondents seemed to agree about the difficulty of morphing their accounting systems into paying for SaaS on the classic pay-per-use model used by electric companies. Half said they would prefer to pay a flat-fee for an enterprise license. Only 23 percent preferred per-user pricing, and 18 percent preferred a usage payment method.
As more examples of successful SaaS deployments become available, says Steggles, the benefits will become clearer, and IT accounting protocols will adapt. But as models shift, it’s becoming obvious that one preconceived notion—that SaaS would permit IT headcount reductions—is not coming to pass.
Only 19 percent of survey respondents using SaaS indicated that they had been able to reduce headcount as a result of their deployments. Those reductions primarily affected application development and help desk/support and maintenance positions, with smaller reductions reported in data center operations and project management.
Steggles explains why. “We have a backlog of projects that have been requested and prioritized—perhaps 5,000 hours of work on our to-do list,” he says. “Our annual IT budget will allow for only 1,500 hours of that work to be done. It will be spread across smaller projects—perhaps of 50 to 200 hours—and massive 1,000-hour projects.
“From my perspective, SaaS is not so much a way of reducing headcount as it is a way of not increasing it. If we can convert applications and reduce their management and support burden, we can have a more manageable backlog.”
Steggles concludes with a provocative query: “As we’ve committed more and more to this model, I’ve asked myself this question: At what point would SaaS not be attractive to me? What if it cost me more than a conventional application? Would I still use it?
“I’ve been forced to answer with a qualified ‘yes.’ It’s not that I want vendors to charge me more, but being able to focus on what’s important to the business, and not having to deal with something that isn’t a core competency, is really worth something.”