"Now, cryin' won't help you, prayin' won't do you no good,
When the levee breaks, mama, you got to move."

- Memphis Minnie, inspired by the Great Mississippi Flood of 1927

Saas is a great way to deliver software efficiently and effectively, but all too often it can be used as a way to do a run around IT. In doing so, critical IT functions such as ensuring security and system reliability can be short-circuited. Companies must apply sufficient consideration to questions of business continuity rather than relying on the brand name of their SaaS vendor to 'always be there'.

SaaS: Strategic but not Foolproof
SaaS is quite rightly lauded as an excellent way to reduce capital expenditure, shorten implementation times, and generally deliver applications at lower cost and with lower risk. However, some SaaS vendors have overstated their case in proposing to cut out the need for IT completely and remove any need for the customer to think about business continuity. Regardless of the SaaS vendors own abilities and reliability, the simple fact is that the vendor is a single point of commercial and legal control. Single points of control always have the capacity to become single points of failure.

We've already seen some examples where this can break down. Google users were unable to access their Gmail accounts, and Google Analytics was off-air for several days in 2007. Minor inconveniences one might say, they do however, give a glimpse at the potential for failure when a company relies upon SaaS for a business-critical function. As more and more companies are placing more and more of their business data in the trust of SaaS providers, it's crucial that to give serious consideration to business continuity plans.

Of course all responsible SaaS vendors take measures to prevent outages. Back-up data centers and redundant architectures are the norm. But even twin-engine planes crash, and it's unwise to take for granted a vendors' disaster recovery plans, since this a priori assumes the vendor is fully competent and has made all the necessary investments. It also downplays that class of events that can best be described as 'Acts of God'.

Many failure scenarios are possible. For most companies, loss of the customer database would almost certainly impact their current and next quarter revenues. The short but devastating war in Georgia left no doubt that Cyber attacks are an effective tactic for stoking disarray in any open society. Is it therefore a stretch to think that terrorists or hostile governments might target the network of a large SaaS ERP or CRM vendor? Nobody knows what exactly the next disaster will be. I also have no idea which SaaS vendor may be affected. I just know that sometime in the next five years something will almost certainly happen to cause you to need a business continuity plan. There is an age-old taboo about taking a hard look at low frequency / high impact events; a feeling that talking through the consequences is somehow sensationalist, or unnaturally pessimistic.

Continued...

Pages: 1 2 3

-