Members of the Society for information Management (SIM) Advanced Practices Council (APC)—a forum for senior IT executives who bring transformational solutions to their organizations by commissioning research and sharing cross-industry perspectives—are familiar with the benefits of software as a service (SaaS). They know it can bring lower costs and faster deployment at a time of shrinking IT budgets and greater pressure to deliver more with less. But experience has warned them of the challenges associated with integrating SaaS solutions into their legacy applications.
To address these concerns, they commissioned research on how best to integrate SaaS into their legacy environments. The report, “SaaS, IaaS and PaaS: Realities and Emerging Integration Issues,” written by researchers Julie Smith David and Michael T. Lee, provides guidance on weighing the benefits of SaaS against its risks, and recommends integration options.
SaaS benefits have been widely touted by vendors: low initial cost for needed functionality; predictable payments based on usage; vendor responsibility for hardware and software upgrades, maintenance and operations; quick implementation; a potentially more scalable and agile environment for businesses to exploit strategically; reduced need for IT support staff; and best-practice backup, security and recovery procedures on demand.
SaaS users, in contrast, often mention security as a serious risk. They worry that data and information that reside on a shared infrastructure beyond the physical walls of their organization can be hacked by other users of that infrastructure. The fact that the software can be used only through an Internet browser also raises concerns about availability: SaaS is available only if there is a fast Internet connection and access. Subscribers also worry about a vendor’s uptime performance.
According to researchers David and Lee, a subscriber’s security concerns about SaaS might be unjustified, as security can be violated by sending proprietary data through business email. Many SaaS proponents argue that data residing within an organization is just as susceptible to corruption and theft.
SaaS vendors can secure data either in their facilities or at off-site ones with robust disaster-recovery procedures. Issues related to privacy and hacking can be managed by the vendors’ experts, who design and implement best-practice security measures. Many SaaS vendors have earned independent certifications to demonstrate that their environments are secure—perhaps even more secure than their clients’ environments.
Another concern is potential lock-in because proprietary platforms use languages and technologies specific to the SaaS vendor, thereby increasing the switching costs for subscribers. Associated with lock-in is the concern about vendor survivability. There could be disastrous business consequences if the subscriber cannot read or manipulate the data stored in a particular format by a SaaS vendor that’s gone out of business.
David and Lee are convinced that long-term success with SaaS hinges on how well these applications can be integrated into the enterprise’s technology architecture, making strategic data available throughout the organization and integrating process activities with distributed technology. Their report describes options for integrating SaaS with legacy systems.