If we’re to segment Enterprise Software-As-A-Service (SaaS) customers, we would roughly put them into two buckets:
- Departmental Units or Line of Businesses (LOB’s) – Sales, Finance, HR, Marketing etc.
- IT & Security Teams – Operations, Security, Infrastructure, Windows, Unix etc.
When it comes to the former, the question whether to go Software-As-A-Service (SaaS) or not is largely settled in favour of SaaS based platforms. This is the case for companies of all sizes. SaaS seems to be the way forward for Departmental Units or Line of Businesses who require solutions for their different functions: CRM, HR, Payroll, Employee Expenses, Travel, Marketing etc.
These Lines Of Business functions seems be quit happy to store internal employees and customer information, marketing information etc in the Cloud and deal with any concerns around data privacy, compliance and security.
Why is this happening?
- The business benefit is so great, the LOB’s are happy to “overcome” their concerns.
- There is a tribal effect here – “everybody seems to be doing it, so surely so we can too”.
- While there is a current lack of clarity around EU data privacy regulation, SaaS vendors seems to be addressing most of these concerns via their Terms of Service and other legal tools (E.G. Model Clauses)
- SaaS vendors often offer resilient, proven, robust and secured architectures, which largely satisfy customers requirements.
Diagram 1: Lines of Business are already way on their way to the Cloud. Next wave of SaaS growth will come from IT led by the ever the growing machine generated data and the need to analyze it.
The story is slightly different when it comes to the latter. IT & Security Teams are still largely contemplating whether or not to “Saasify” some of the services they consume themselves. Operational Monitoring and Analytics SaaS solutions often come under greater scrutiny when it comes to data privacy, compliance and security. Consuming Machine Data Operational Intelligence as a cloud service still get the occasional push back from the Operation and Security teams when it comes to consuming these services via SaaS.
I have been told several times by Ops teams that SaaS is not an option for them for machine data Analytics, because of data sensitivity concerns. The “data is too sensitive to be put into the Cloud” I am often told. However when asked how come their companies are happily using SaaS platforms like SFDC or Workday to store sensitive data in the Cloud? they couldn’t really explain.
There are some reasons for that:
- LOB’s are quicker to make business driven decisions and usually have more freedom than IT Operation or Security teams to do so.
- IT Operation and Security teams are more risk averse by their nature.
- Unlike LOB’s, IT Ops still widely own and operate their infrastructure in the Data Centre and therefore prefer to run and consume these solutions on top of that Infrastructure.
- Many IT organisations are starting to put in place a “Cloud first” policy but are yet to act on it.
- There is a perception that sending large quantities of data to the Cloud very often is too taxing on network bandwidth.
- In the EU there is some uncertainty around data protection regulation at the moment.
For me the Economics of the datacenter of the future will force IT Operation and Security teams to hand-over some of these services to be run and managed and therefore consumed in the Cloud as SaaS, as companies reduce the amount of services they run and manage on-premise. The TCO reduction and the validity of the business case is just too strong to ignore in my view. It simply is a question of time. The next wave of growth for SaaS markets is around addressing the needs of the IT & Security Teams. This will be fuelled by the enormously valuable analytics one can drive from machine data, which is ever growing in volume.
In the meantime SaaS vendors should definitely address some of the concerns by offering some good answers to the main points:
- Compliance Attestations and Certifications – Increase customer confidence by attaining a number of compliance attestations/certifications to provide customers
with third-party validation of the efforts to safeguard their data. Things like SOC 2
Type 2 attestation, ISO 27001 certification and PCI-DSS compliance are critical.
- Encryption – Both at for data at rest and at transit using industry standard SSL encryption using AES 256-bit encryption.
- Employee Access – Access to the Cloud infrastructure should be restricted to key personnel and be based on a least privilege model.
- Hardening – Every customer instance should be hardened to industry standards, regularly scanned for host/application level threats and runs the latest available stable OS and packages.
- Logical data separation – customer data should be logically separated from other customer’s data.
- Regulation – During this period of regulatory uncertainty (EU data protection laws are being renegotiated as we speak) SaaS vendors should come up with legal solutions to satisfy any concern, for example Model Clauses. Getting legal teams involved early is of the essence.
- Performance and Availability – The solution should be architected for uptime and reliable performance. Aggressive SLA targets should be offered. Scalability and flexibility to meet customer needs. Vendors should offer bursting flexibility for spikes in data volume and scale to TB’s per day.
- Choice – The best SaaS vendors for Machine Data Analytics should offer choice around deployment options. Customer should be able to go on-premise, SaaS or Hybrid to combine the best of both worlds.
Machine data analytics is so valuable but the data is ever growing, and so going forward organizations will need to have the choice to deploy where suits them best – on-premise or in the cloud, with hybrid visibility across both.
Summary and Key Takeaways:
- Machine generated data analysis is super valuable.
- Machine data is ever growing and so new ways to consume it (SaaS) are emerging where TCO is low and ROI is high.
- LOB’s are already happily using SaaS where possible.
- IT & Security teams are next to do so (hence the growth in SaaS)
- SaaS vendors should have the good answers to provide in order to convince the unconvinced and address any concerns.
- Choice is ultra important and so vendors who offers a hybrid model are best positioned to help customers on their journey