Head in the Clouds or Head in the Sand? SaaS Faces the Facts
April 6, 2009 Dan Burger
Companies need to pay attention to the software as a service (SaaS) option. For a lot of companies, it’s being dismissed as too early in the game, but you can’t ignore the young companies and the start-ups–possibly your future competitors–that are choosing SaaS and cloud computing for their IT strategy. Meanwhile the heavyweights of the IT business are attempting to devise some standards that make interoperability a priority while accusations fly about who is still carrying proprietary baggage and who has vendor lock-in as an ulterior motive.
Conversations leading up to the difficult decisions between SaaS and traditional off-the-shelf software used on in-house machines are occurring much more frequently. The interoperability issue is a big one, and executives are continually griping about information silos cramping their decision-making abilities. Also, the current economic situation is SaaS-friendly. It may push things in the direction of IT outsourcing.
Late last week, I talked with Amy Wohl, the principal consultant at Wohl Associates, a firm that specializes in software as a service, enterprise software, service oriented architecture, open source software, and new business models. She came to my attention when I received a press release from the Computer Measurement Group, an organization focused on IT service delivery improvements based on quantitative analysis and forecasting. Wohl is the keynote speaker at the CMG 2009 International Conference December 6 through 11 in Dallas, Texas.
SaaS and cloud computing are terms that are intermingled and often ill defined. As a result, their meanings are frequently misconstrued and conversations can become a jumble of misunderstandings. Some people believe the terms to be synonymous and others don’t. To get us all on the same page, I asked Wohl how she keeps them separated and then we got into a discussion about what SaaS and the cloud can do, what it can’t, where it is today, and where it is headed in the near future.
Dan Burger: How closely intertwined is SaaS with the cloud?
Amy Wohl: When we started talking about the cloud years ago, we really were talking about infrastructure. We were talking about buying compute resources and storage online. We were talking about maybe buying some systems management so that the resources had a certain amount of systems management associated with them. We weren’t really talking about the applications because that’s what the customer was going to load onto the infrastructure. In the last year or so, the SaaS applications have become closely associated with the cloud. Now people are talking about SaaS applications as if they are cloud computing. So those who sell SaaS applications are talking like they are a cloud computing vendor.
I don’t think it’s useful to say it can’t be used like that, but when I talk to people about cloud computing I want to make sure we have the same thing in mind. If they have in mind infrastructure, then that’s how I talk about it. If they have in mind all things from top to bottom including SaaS applications, then I want to know that. Otherwise we will be talking at cross-purposes.
You can’t have SaaS without the infrastructure to run it on. The infrastructure is what we call cloud.
In the ASP round–when the software as a service model was first brought to market in the late 1990s vendors that offered it were referred to as application service providers–the ASPs built their own infrastructure. That was one of the problems. In order to be an ASP, you had to raise enough money not just to build an application, but to build a data center. And you had to have enough employees to keep the application up and running and to run a data center. In this round, that is generally not true. Most software vendors do not run a data center. They buy their computing resource from what we now call a cloud vendor. The platform they rent is cloud computing. In some cases the whole thing is cloud computing.
When a customer buys a SaaS application–from Google Docs to a high end application like Workday (HR and financials)–they don’t care if they run it in their own data center or they run it on a data center owned by some big company like a telco or an IBM. All the care about is that they have made an arrangement that is very reliable and very well backed up. The customer needs to ask questions about that and make sure it will work well.
They are not buying the cloud infrastructure. They are buying an application and the infrastructure is provided. The contract is with the application vendor not the cloud computing infrastructure people.
DB: You mentioned the ASP model that was tried without much success–Salesforce.com being the notable exception–almost ten years ago. Much of the early resistance to ASPs had to do with security and trust. Is that still an obstacle that stands in the way of SaaS?
AW: I refer to that topic as durability. You want reassurance from the SaaS vendor. First of all, are you a company with business values that assure they will be around? What guarantees do they offer for supplying the service they promised or if their business is interrupted? What do they do with your data and software? Do you keep a copy? You need to understand that–just like you would when buying software from anybody. Just because you are buying software online and paying for it on a usage basis, doesn’t mean you wouldn’t vet it like any other software.
You can have any amount of security you want in the cloud environment. The answer, to some extent, is how much are you willing to pay for and at what point does the amount of security you want make using the cloud not worthwhile. The reason that we have companies like IBM offering private clouds is that some companies believe they can’t obtain the level of security that they are required to have due to regulation or whatever other reason. Although they like the architecture, maybe they have 25 remote locations and they love the idea that all the locations can share information in a cloud, but they are not willing to do that in somebody else’s cloud. So they want their own cloud. It will be secure because no one else’s information will be in that cloud.
If you are talking about how secure is it to be sending information in and out of the cloud, we’ve been sending on the wire for a lot longer than cloud computing. We know how to make it secure, but it still comes down to how much are you willing to pay. If you want a high level of encryption both in and out, for instance, it will increase the cost.
DB: A lot of people think SaaS will save them money. At some point does SaaS becomes too expensive?
AW: It could. It depends what you are asking for. If you ask for as much or more security as you would get internally, it might get more expensive than operating your own data center. It will vary according to the SaaS vendor. You need to look at the options and the costs and make a business decision.
It’s dangerous to think that you can get everything you want for close to nothing just because it’s SaaS. There is no free lunch. You can get access to a relatively sophisticated and complex application for significantly less in a SaaS environment, but you will get an application they are offering, not a custom version of it, and you’ll get it in the environment they offer. Can you get it in a more secure environment? Maybe. Depending on what the vendor is willing to do. Can you customize the application? Maybe. Depending on what kind of customization the vendor provides. Some vendors provide everything up to completely customized. Some vendors won’t do that.
You should be assured that you can’t have everything you ever wanted and have it not cost anything.
This is the basis of my remark about how we expect to see more companies moving to SaaS in this economic environment. A lot of larger companies have been relatively slow to consider SaaS. There are many reasons, but one reason is that they can’t get exactly what they want. They aren’t satisfied that they aren’t getting something particularly tuned to their specific needs.
If they want something that saves money, they will have to take something that is slightly less customized. When hard times come, executives are much more pressured to make decisions in an environment where they have fewer choices. The result is more people selecting SaaS.
DB: Let’s go back to the early adopters. What has happened to those companies that were ASP customers nearly 10 years ago?
AW: There are Salesforce.com customers that have been around this entire time (10 years) and they have widened their use of SaaS to include other vendors.
Some customers have been using Lotus Notes or Microsoft Exchange online in the ASP realm. They’ve used it for years and have progressed to newer versions or other apps that provide those functions in the SaaS format.
DB: The success of Salesforce.com is widely known. To a lesser extent, there may be an awareness of e-mail and collaboration success with SaaS. What other successful examples are out there?
AW: E-mail and collaboration are popular. Accounting, business suites, and ERP have done well. Applications like NetSuite (accounting, ERP, CRM, and e-commerce), Workday, and Intacct (an accounting system).
There are thousands of companies using these collectively. Workday has about 150 customers after just two years. They sell human resources and financial management products and will compete with SAP when completed. Not all the modules are available yet. This is a growth area especially for mid size companies that find it difficult and expensive to get that kind of product and implement it internally.
The interesting part of the SaaS market is when an ISV looks at things that probably wouldn’t be practical to do using conventional software products. But they figure out how to do them with SaaS products. Something where it has to be online or resources have to be shared among multiple users. The ones that didn’t exist before.
Salesforce.com figured out that if you build an application for the Web and then you get other vendors to build applications on top of that product and connect to that database.
I think there will be lots of interconnection and interoperability. Users will be able to look online and find an application that is useful and then be able to access it in a relatively short period of time ranging from right now to complex apps that may take a few weeks or a month to make it ready for a business use.
DB: So now we’re back in the current environment. What do you think the little cloud computing blow-up last week that resulted from the IBM manifesto and what will that episode–it looked like posturing to me–do to the overall process of cloud computing acceptance?
AW: I think posturing would be a really good term for what’s going on. Everyone who was at that meeting, from what I understand, was careful to say that no one was ready to say they knew what would be in the standard. They were getting together to discuss how they would ensure interoperability. They knew it was too early for a standard, but they also knew the customers were really interested in interoperability across applications and across platforms. They wanted to make sure they could make that happen rather than go ahead with what they were doing and have to make changes later on.
What happened after that? You never know exactly what happens because you only know what people say. What they say and what actually happens are sort of different stories. I’ve already heard three or four different stories from industry insiders.
What I hear is that Microsoft was miffed because they weren’t included as one of the leaders and they don’t want IBM in a leadership role. I think the problem is that Microsoft doesn’t want someone else to be in charge.
DB: So putting all the bluster and posturing aside, what really is the issue? What should be worth talking about?
AW: I think it is interoperability. As soon as you talk to the smaller ISVs, it’s clear that interoperability is a really big issue. They know that without it this is just one more round of the operating system wars. Nobody wants that. Moving from where we were to the Internet meant that we were moving away from that. And if we were going to build platforms on top of the Internet–that is the cloud–then the cloud should be abstract enough that people can move things back and forth between the clouds.
DB: But don’t the IT giants want to have some type of proprietary angle on this or they lose grasp of their long established competitive advantages?
AW: The point of having a group and getting together to talk about it is to avoid that from happening. It’s sort of like a very complicated dance. All of the companies want to reserve some things for themselves while at the same time that they agree on doing some things together so that some level of interoperability is possible. The question is how much will they give up to achieve a common ground. They have to agree to act as a group and put their cards on the table. It’s very complicated. I don’t pretend to think that it’s easy to do this, but the worst thing you can do is decide what you want to do too soon. Then you get things frozen into the standards that don’t belong there, but you have to live with them.
DB: Have companies that have already gotten into SaaS in a big way jumped the gun and potentially put themselves in a troublesome place five years down the road?
AW: There is always a problem with standards. How do you do them so that you are not too early and not too late? There is no right answer because there is no way to tell when the right time is when you are in the middle of it.
I think it’s fine for companies to start a conversation about SaaS. If the standards process was reaching a conclusion tomorrow, it would make me very nervous. They might agree on a few guidelines, but it’s way too early to have standards. They don’t know enough about what the standards should be. They need to be sure they are not cutting things off too soon. Will decisions being made today be really hard to get away from later on if necessary?
DB: What about these companies that are getting into SaaS now?
AW: My advice is to prefer companies that are involved in efforts to support interoperability, that follow existing open standards, that support as many platforms as possible, so they are not locking themselves out of choices in the future.