I hate when I hear this from my users, I mean, I REALLY Hate to hear this, but I am fortunate, as I have direct control of my environment, and I have a limited number of users. We are seeing a greater move to the SaaS, ASP, and Cloud models and that brings a new reality to the corporate Information Technology world.
Data and Applications are no longer under the complete control of the IT department. Vendors have greater control over data and applications than ever before.
In the context of a midsized corporation, I have been struggling with this idea for some time now. When you start outsourcing applications and data hosting to an outside vendor, you start relying on their infrastructure, systems and procedures greatly. Most people do not think about the pitfalls that can await them when they move to hosted platforms. Do not get me wrong, I believe in this model but the positives and negatives must be understood by management.
For those that have no idea what I am talking about, and who stuck it out this far, here is a bit of background.
The industry has been moving towards provider based models. This means vendors offer applications and data hosting services located on servers operated at the vendors’ data centers. The users usually access applications and data through a web page based front ends, but this does not have to the be the case.
Google Apps is a great example of a provider based model. Your documents and the applications are accessed via web browser, applications and data reside at Google’s data centers and everything is under Google’s control. There are so many applications, too many to list here, that operate under this model and all of these applications, and the associated data, are out of the direct control of the corporation’s IT department.
Some (definitely not all) of the “big” questions to ask before you move to a hosted solution:
- How long can your company operate if the vendor has an outage?
Look at a recent occurrence of a Google Apps outage. How long can your company go without access to your data or application? The vendor has huge responsibility for application operability, data security and accessibility. Corporate IT cannot correct problems on the vendor’s side when they occur.
- How long can your company operate if your Internet provider has an outage?
A few years back, a crane fell over and knocked out almost everything in our business park for over a week. With hosted solutions, no Internet access equals no data access. Do not discount the probability of an Internet outage. It does happen and must be taken into account.
- How confidential is your data?
Data confidentiality varies greatly from industry to industry and this issue must be addressed by management. It is rare for data breaches to occur at the vendors’ side but it is not out of the realm of possibility. The accidental release of information is the most likely situation, and when it occurs, it is often caused by simple human error. Search engines have indexed, and made pubic, very confidential data in the past because of a mistake.
- Are you able to “backup” your data in an easy manor?
The vendor is responsible for data backup from a DR point of view, but you never want to be held hostage by your data. You must receive or be able to make regular backups of your remote data. Otherwise, the vendor has too much leverage over your company.
- How strong is your contract with the vendor…mater of fact, how strong is the vendor?
Do you have clear data ownership in your contract and a good exit provision? Be sure your vendor has financial penalties for operating at a less then X percent up time. Hold them accountable to their service level agreement.You must choose a vendor that has proper funding and is not holding on by the skin of their teeth. D&B reports, SEC filings (if a public company) and asking for a copy of their most recent audited financial statements are all prudent items to review in your selection process. Also, review the rights assignment clause in case either party is acquired.
- Can you live if any feature of the application is changed or discontinued?
In a hosted model, many times, you do not have a choice when features are added, altered or removed. If you are locked into a specific function or feature of the application that can not replaced if lost, you must understand the risk you face and have a very strong relationship with the vendor.
These are only some of the issues that need to be thought about before moving into a hosted platform. I have never been affected when our hosted applications have had outages in the past, but that does not mean we never will. This is something that I can guarantee will happen at some point in the future.
We will get calls from the staff and be peppered in the halls with constant questions about when services will be restored. We give the best answer that we can, “I am sorry for the problems you are experiencing but the vendor has not given us an ETA, please know that we are regularly following up with them and will provide an update as soon as one is available”.