Best practices for scaling up SaaS
These organizations are floating more and more applications into the cloud. They're scaling up, while keeping a keen eye on the risks and rewards.
February 13, 2012 06:00 AM ET
Computerworld - Guardian Life Insurance isn't about to take big risks when making IT investments, and CIO Frank Wander will be the first to tell you that he doesn't have a cloud computing strategy, per se.
But over the past five years, the $10 billion financial services company has moved 18 applications into the cloud. It shut down a compute grid and moved its actuarial modeling application into an Amazon EC2 cloud. And it's now in the process of broadly deploying two major software-as-a-service suites.
One of the two is Workday's human resource management suite. Guardian wasn't ready to reveal the other, but at the Atmosphere conference last fall, Google announced that it had signed Guardian as a Google Apps customer.
There's no cloud agenda at work here, says Wander. Each service has earned its seat at the table by undergoing a rigorous technology acquisition process that has been updated to include considerations unique to SaaS and other cloud services. Each service has also passed through a collaborative review process that involved the legal, security and sourcing groups in addition to IT.
"We don't do anything because it's cloud. But if the financials look right, if the risk profile looks right, if the richness and robustness look right, we go with that solution," says Wander.
The sheer breadth of Guardian's move to the cloud puts the company on the leading edge among Fortune 250 organizations. The extent of its commitment to cloud services is also changing the business's IT infrastructure and redefining roles in the IT organization.
As more corporate infrastructure moves to SaaS, it's important for organizations to build a strong foundation of best practices to manage risks around security, uptime guarantees, compliance, limitations of liability, remedies and other contract details, say Wander and other IT executives. The business must be fully engaged in the technology acquisition process, and the organization must follow best practices that are well thought out -- from the initial request for information to integration, ongoing management and contract renewal.
Computerworld talked with several organizations about the challenges they face in scaling up with SaaS and other cloud services, why the technology still isn't the best fit for some applications or business requirements, and why they decided to sign on -- or walk away.
Leading by Example
Wander "is a real leader," says Robert McNeill, vice president of research at HFS Research. In many organizations, he says, SaaS "happens" to CIOs as business units bypass IT. "What's interesting is that he is using SaaS in IT -- an area that he controls. He is embracing SaaS as a way of changing the business," says McNeill.
Would you sign this contract?
The following terms and conditions have been summarized from actual SaaS vendor agreements. It pays to read the fine print. What's more, users may encounter a "click-wrap agreement" that pops up, even if they have a separate contract. Which agreement takes precedence if a user clicks OK? Make sure your contract spells that out, says Russell Weiss, a partner at Morrison & Foerster.
The SaaS vendor can suspend your right and license to use services, or terminate the agreement in its entirety, for any reason or no reason, at its discretion at any time, with, at most, 60 days' notice.
In the event of a suspension of service, the SaaS provider will not intentionally erase your data (but will not represent that it will preserve it) and can condition return of your data upon your compliance with terms and conditions that the SaaS provider may establish in the future.
Your access to services may be suspended without notice, and the SaaS vendor will have no liability with regard to such downtime.
You bear sole responsibility for adequate security, protection and backup of your data, even though the other party is hosting it.
The contract terms can be changed at any time by the SaaS vendor.
Your company must indemnify the SaaS provider from all claims relating to your use of the vendor's services, with no limitations on liability.
Source: Morrison & Foerster
— Robert L. Mitchell