Is SaaS the new business standard?
Software as a service (SaaS) enterprise applications are quashing on-premises options, as cloud increasingly offers companies new and better ways of doing business.
SaaS is no longer a choice.Kevin Derman, cloud and hosting manager, First Distribution
"SaaS is no longer a choice but a reality in every company, large or small," says First Distribution's cloud and hosting manager Kevin Derman. He says software purchases have largely moved from an ownership model to a 'pay-as-you-go' model, a transition influenced by consumers. Derman believes large companies that don't embrace SaaS will lose to their competition.
One of the biggest business risks companies face today is to remain married to legacy enterprise applications, says Sage ERP Africa MD Jeremy Waterman: "Applications need to be designed for the world of cloud, mobile, social, work and consumerised IT."
He believes companies that want to remain competitive have no choice but to modernise their systems so they're better aligned with the pace and connected nature of the digital world.
Demand for SaaS enterprise applications is accelerating and exceeding the demand for on-premises applications by five times, according to the IDC. During the five-year forecast period through 2018, it forecasts SaaS revenue to grow at 17.6% CAGR, while on-premises revenue growth is only forecast at 3.1%.
According to Vodacom Business managing executive Ermano Quartero, the move to realise 'everything as a service' will continue, and thereby enable businesses to reduce the size of their core operations and shift from capex-based ownership models to opex-based consumption.
Operational savings and reduced risk are two major drivers for SaaS uptake, says Uriel Rootshtain, office division lead at Microsoft, but the biggest driving force for companies is agility. "However, for large organisations that are complex in their structure, possess a greater amount of legacy technology, and have a lot of decision-makers who must provide input before change management occurs, the task of leaving traditional on-premises infrastructure behind to take up cloud services can be a difficult, drawn-out process."
While the SaaS model offers a number of benefits to business, larger organisations have proven to be slow migrators when it comes to adopting these solutions, points out Pippa Wilson, Jasco Enterprise's manager: cloud solutions.
She highlights integration as one of the greatest challenges. "If the current business processes don't have to change too much, a successful migration is possible."
Rootshtain believes enterprises first need to know what they want to get out of SaaS. He suggests enterprises set up objectives first, and then ensure they have the right infrastructure in place to support those objectives.
However, these objectives are meaningless if the current health of an existing legacy system is poor. Says Rootshtain: "A key challenge enterprises face when adopting SaaS for individual user groups or some of its workloads includes the health of the existing environment and infrastructure, as bad legacy systems will necessitate the need for remedial processes first."
If a certain application migration has a big impact on the business process, user training has to be factored into the strategy. "People are often the biggest delay," Wilson says.
"Change management is a key factor," Rootshtain agrees. "Users need to know how things are going to change after migration, as their behaviour will have to change."
Enterprises need to know what they want to get out of SaaS.Uriel Rootshtain, office division lead, Microsoft
That said, users can also present problems in a different way. According to Derman, users will take the easiest path to get the job done, and this means downloading apps without permission, which puts the organisation at risk. He cites PMG's Cloud Sprawl Survey 2013, which showed that 52% of IT professionals felt an influx of unsanctioned software negatively affected the organisation.
"People are using the applications anyway," he says. "So the sooner you embrace it, the sooner you can begin to control it."
It's this kind of loss of control that is keeping business executives awake at night. Says Wilson: "Aside from security and data availability concerns, large enterprises worry about the control of the system. A SaaS provider delivers everything from the infrastructure right through to the application layer, which, while highly beneficial for the smaller business, is a challenge for large enterprise. This model relies on the roll-out of solutions that require minimal customisation; otherwise economies of scale cannot be reached. However, for the core business systems of a large enterprise, customisation is critical. As a result, while certain business applications such as ERP, CRM, payroll and so on may be migrated to the SaaS model, the core business platforms of large enterprise will, by necessity, remain as in-house solutions."
Hybrid sweet spot
Existing somewhere between the 'as a service' and on-premises enterprise application models is the ideal environment for larger organisations. Although SaaS is enjoying a healthy uptake, a pure-play SaaS future seems unlikely.
"There will always be a need for both models, especially from a governance perspective," Derman says. "Although we will move more and more into SaaS, some companies will always need their own data centres."
The increase of SaaS uptake, Quartero notes, will give rise to a new type of managed service - cloud brokerage. "A new way of consuming SaaS is through the use of cloud brokers." This service offering sells multiple SaaS platforms to its customers, who deal with a single point of contact. We're going to start seeing a lot more coming up around cloud brokerage as a managed service, Quartero says.
Although SA has been slow to cloud, it does have certain advantages over the more tech-enabled countries such as the US and countries in Europe, Waterman reassures. "Since we're not at the bleeding edge, we can wait for new technology to be tried and tested overseas before we consider rolling it out here."
Governance is migration's genesis
Before embarking on a SaaS migration plan, companies need to consider all aspects of governance.
As it stands, governance is the single most important consideration to a large organisation's software as a service (SaaS) migration strategy. This is according to Dr Mariana Carroll, technology researcher, advisor and trainer at Mariana Carroll Consulting. She finds this critical aspect is often overlooked, which can lead to financial loss and many hours wasted.
"Governance is not something that should be 'worked into' the implementation half-way," she says. "Because it affects every aspect of business, it needs to be understood, and weaved into every decision and each stage of the migration."
Why is SaaS migration necessary at all? Cloud is the catalyst for many of the transformations larger organisations are currently undergoing, to better fit new and emerging trends. "Large organisations are increasingly adopting SaaS-based cloud solutions to maintain or gain competitive edge through increased innovation, and offering the customer more value. Operating in a real-time environment allows companies to be more customer-centric, and become more valuable to their customers, who will, in turn, more likely remain loyal," says Carroll.
To best illustrate where governance fits into the SaaS migration strategy, and why it's important, Carrol presents four key areas pertinent to successful migration to SaaS:
1. The migration strategy must be aligned with the business. "This means executive buy-in and involvement is not a 'nice to have', but is absolutely crucial," she insists.
2. Financial return. "This goes without saying. If there was no cost benefit to such a project, it would not be considered."
3. Integration and orchestration with existing IT systems.
4. The influence of governance, risk and compliance.
Governance concerns need to be addressed from the very beginning, before you embark on your SaaS migration journey, says Carroll.
If the company realises half-way through the migration that it hasn't yet considered regulatory implications, it will need to go back to the very beginning and re-do the entire migration plan to include governance.
She believes understanding the landscape is crucial. "Laws like the Protection of Personal Information Act that have had lengthy media exposure are well-known by the industry, but there are many more pieces of legislation and best-practice standards that must also be considered. And in the case of South African companies expanding into Africa, they have to realise that corporate data is going cross-border, so the migration plan needs to consider all of that country's laws and standards as well."
The data exodus
Make sure SaaS SLAs address all relevant countries' regulatory concerns.
Cloud has made it much easier for South African businesses to move into Africa and beyond, but are the various regulatory needs being catered to?
According to Dr Mariana Carroll, technology researcher, advisor and trainer at Mariana Carroll Consulting, cloud is creating a big drive towards Africa and unlocking potential there.
"The availability and affordability of cloud means South African businesses can now much more easily partner and work with companies in other African countries. They can also fast-forward their plans to expand into Africa, as large infrastructure investments are no longer necessary, and cloud-based solutions are quick to set up and deploy," she says.
Although cloud makes it easier to work in and with countries where there's little or no Internet infrastructure, it does create complications where data ownership is concerned. "It brings to mind questions like, 'Where is the data?', 'Who owns it?' and 'What would be the implications of lost data?'"
Ensuring adequate protection, access control and compliance for the cross-border transfer of data is complex, as compliance with local in-country and international regulators relevant to transferring personal information across borders comes into play.
This is why it's crucial for organisations to understand the regulatory landscapes of all countries involved, so everything can be correctly factored into their third-party cloud provider service level agreements (SLAs).
"The SLA should clearly state who is responsible for what, concerning the integrity and security of the data, in the cloud, and who has access to what and when. Companies need to ensure that the agreement between the provider and consumer caters for the applicable privacy and security requirements," says Carroll.
Her advice to companies, before drawing up the SLA, is:
1. Analyse regulatory requirements for all countries involved and determine which ones apply to the situation specifically.
2. Determine the capabilities of the hosting environment. Ask yourself, "How do they comply with the regulations and standards of other countries? Will they be able to fit in with ours? What is available and will this be sufficient in terms of the needs of the organisation?"
3. Map requirements to the environment's capabilities and select the best solution. "Or possibly negotiate customisation options with a third-party provider, based on unique requirements."
She suggests digital evidence and e-discovery issues are considered in contracts (ie, ensuring the agreement between the provider and consumer caters for these requirements and that adequate controls are enforced), and adequate exit strategies are not overlooked.