The destruction done by Hurricane Sandy is another reminder of the vulnerability of maintaining an on-premise system. Businesses that had been running their business “from the cloud” didn’t experience the downtime and potential data loss of those with on-premise IT.
While most SMBs (Small to Medium Businesses with 50 to 250 employees) use some Cloud Software as a Service, the number of SMBs that are going “all in”, moving most of their software to the Cloud is exploding.
According to Microsoft over 87% of companies between 50 and 250 employees will be using the Cloud in 2015.Saugatuck Technology, 2014
Factors driving SMBs to a complete adoption of the Cloud
Business continuity after a disaster is just one reason why businesses of all sizes have been moving their IT operations “to the cloud”. Other factors include:
- The ability to focus on their key business drivers instead of their Information Technology (IT), eliminating tasks such as system upgrades, backups, and IT administration
- The improved business agility by rapidly being able to take advantage of new software capabilities
- The productivity gains of always using the most up-to-date software
- The ability to have world-class Information Technology not previously practical for SMBs without expensive IT staff
- The superior security and availability provided by world-class SaaS vendors
- The “Access Anywhere” cloud capability
Pitfalls to Avoid during the Transition to the Cloud
Cloud services can gives these SMBs the sophisticated new capabilities ultimately requiring fewer resources to provide the same capabilities as on-premise applications. Additional resources will be required to make the transition to the cloud successful with the development of a Cloud Transition Plan and its implementation. While the benefits of the SMB’s transition to the Cloud are great, there are pitfalls that must be avoided. The SMB may not have the existing IT resources and Cloud expertise to make the Cloud transition smooth and may need assistance from consultants or through additional services through VARs.
Cloud technology is being introduced into the SMB either through a planned strategy, or piecemeal as various individuals and departments deploy Cloud applications to meet specific business requirements often referred to as BYOC (Bring Your Own Cloud). An ad hoc cloud adoption can result in Cloud Sprawl where Cloud technology is implemented without a master plan to ensure all software components work together meeting the security, compliance, and interoperability requirements of the business. Additionally, the complexity of meeting these new requirements while reduced with Cloud technology can still be daunting.
With proper planning and with the help of Cloud savvy expertise (thoroughly vetted SaaS vendors, VARs, and/or consultants) SMBs can successfully transition to the Cloud.
The Strategic Cloud Transition Plan
The move to the Cloud is usually driven by the operational benefits of Cloud computing, together with new company strategic requirements that can best be met through the use of Cloud Technologies such as supporting mobile devices, social initiatives, Big Data initiatives, or new regulatory compliance requirements. These requirements may dictate a rethinking of the company’s Information Technology strategies.
The success of the company’s successful Cloud transition requires 1) ensuring appropriate cloud knowledgeable resources are available, 2) creating a strategic plan for transition to the Cloud while addressing new company strategic requirements, and 3) following the plan with a stage transition – no “big bang” cut-overs. A piecemeal move to the Cloud adopting one SaaS application at a time without a master plan is folly. The strategic roadmap will provide guidance to ensure the transition happens smoothly with the maximum business benefits while minimizing the transitional pitfalls. It will also ensure that company-wide standards such as security and regulatory compliance are addressed comprehensively by all of the IT applications, both Cloud and on-premise.
Classes of Cloud Technology Deployed
The Company’s use of the Cloud will likely encompass various classes of Cloud Technology combined with some legacy on-premise applications that will remain such as productivity applications or vertical applications not yet available in the Cloud. SMBs will use Public Cloud SaaS (Software as a Service) products to provide access to shared applications with potentially thousands of other clients that run in the Cloud such as NetSuite or Office 365. Certain applications not yet available on public clouds may be provided by a Managed Service Provider (MSP). Managed Service Providers run one or more applications and provide support for these applications. The applications that run at the MSP may or may not be natively Cloud enabled, but the MSP will host and support these applications and make them accessible over the internet.
SMBs may use Microsoft’s Remote Desktop Services (aka Terminal Services) or Virtual Desktop Interfaces (VDI) such as Citrix VDI to provide a web enabled interface to on-premise applications without requiring a VPN (Virtual Private Network) to provide secure access to these on-premise applications. Terminal Services and VDI aren’t generally thought of as Cloud technology (though often marketed as Cloud technology), these technologies allow remote access to legacy on-premise applications via the internet.
Larger IT organizations could move their IT operations into a Private Cloud which may be run at an independent facility. While the IT services are in a private Cloud, they are primarily accessed behind the company firewall for enhanced security. A Private Cloud is a cloud infrastructure dedicated to a single enterprise — this is unlikely to be used by an SMB due to its complexity for smaller organizations.
Steps to a Cloud Success
The company should inventory its software currently used (and not used) by category and identify the new strategic initiatives impacting IT. Once the current software (the “as-is”) and new requirements are identified the complete Cloud based IT system requirements (the “to-be”) can formulated. A major objective of the strategy is to provide flexibility through agile SaaS software that makes the “to-be” IT resources much more agile to deliver future business value not yet identified — it is the nature of agile implementations that presumes requirements will evolve over time.
It is likely there is significant use of SaaS within most SMBs in areas such as Web Content Management, Social Networks, Payroll, or Email Systems. These systems will likely be a part of the new Cloud strategy or may be replaced by a Cloud SaaS suite which encompasses many of the required capabilities (such as SaaS suites offered by companies including Salesforce and NetSuite).
While the strategy should encompass the full vision for the Cloud Information Technology, the transition can be incremental as long as it follows the strategic roadmap and addresses the company-wide issues discussed below.
The SMB should start their transition to the cloud with a business function where a temporary outage would not be disruptive, does not require a 100% cut-over and is not tightly integrated with existing systems to gain experience with the Cloud transition. For example, Google Apps for Business or Microsoft Office 365 might be used for a certain set of documents that need to be shared among a number of employees collaboratively which can be adopted for certain projects without requiring a total conversion. Cloud collaboration tools like Google+ Hangouts can be used for a set of projects while employees become comfortable with the technology.
As the company becomes more comfortable with the Cloud transition, bigger projects such as a hosted VOIP may be a capability contained within a larger SaaS suite. For example, Microsoft Lync Online is contained as a component within Office 365.
Representative categories and example products to be included in a manifest of SaaS applications is shown in Table 1.
Company-wide Issues to be Addressed with the Cloud Transformation
The Cloud transition strategy must provide a framework adhered to by all Cloud (and other IT) initiatives to meet the company-wide requirements — this is a major component and reason a Cloud transformation strategy is mandatory to provide a minimum set of requirements for each Cloud project to adhere to. These crucial company-wide IT issues are 1) Security, 2) Regulatory Compliance, 3) Integration between the company’s software/SaaS systems, and 4) Disaster Recovery/Availability. Additionally, there may be new projects such as Business Analytics or Market Intelligence that are logical to address with Cloud products. While the details of these projects are beyond the scope of this article, there are a few key considerations for each of these areas.
Security within the company’s firewall and the mobile/internet access to the company’s data are crucial. All devices that access the company’s systems should be certain to have update-to-date malware protection and the company’s network must be verified secure. Products such as those offered nCircle PureCloud, and GFI provide Cloud based threat protection while products such as Microsoft Windows Intune, provide both device management and security. It is also crucial to have password/identity management or SSO (Single Sign-On) capabilities to protect against authorized access all the Cloud/SaaS applications. Privacy issues are related to security, but require more attention with critical company and customer data stored in a virtualized Cloud. Without specific provisions by the Cloud provider (which are rare), the SMB will have little control over the location of their data — this isn’t usually a problem unless there are regulatory issues, or data locality issues dictated by governments (such as EU data location requirements). Depending on the requirementsof the SMB and the extent of their security concerns, these SMBs may not accept certain data being intermixed with other client data in the same database though the data security of most larger B2B SaaS vendors is very good. In any case, the Cloud transition strategy should set minimum Cloud security and privacy standards for Cloud providers.
Regulatory Compliance is a major growth area, driving additional cost and complexity of many applications. Like security, compliance is a non-negotiable requirement that must be addressed at the strategic level to set standards for all Cloud software. In certain markets such as medical, financial, or e-Commerce, standards for HIPAA, FINRA, and PCI set minimum requirements potentially impacting any software used by the company. Minimum Security, Privacy, Accessibility, Data Locality, and Process requirements are set by the standards which will have implications in the SaaS products that are used — some Cloud products do not meet the minimum regulatory requirements and therefore are not suitable as a component in the company’s IT strategy. In particular, given the virtual nature of the Cloud there are more complex compliance requirements when the computer hardware on which the applications runs is “in the cloud” — most major Cloud companies have provided the foundation to meet most regulatory requirements, but this requires independent research by the SMB to verify the regulatory, privacy, and security requirements are met. Even for companies in unregulated industries there are regulatory requirements particularly in areas of privacy and social media that must be considered.
Integration between software packages has always been an issue which is exacerbated by the Cloud. While not ideal, SMBs have used their VARs (Value Added Resellers) to access their on-premise applications’ databases to share data between disparate applications. This data while generally accessible through APIs to the SaaS vendors’ software, is complex and expensive to integrate by the SMB if a prepacked integration (such as that included in Saleforce’s AppExchange) is not available for some of the Cloud vendors — particularly if they consider themselves competitors. For example, there is no off-the-shelf integration to share data between Salesforce’s customer data with NetSuite’s accounting data, or ADP payroll data with NetSuite’s accounting system. These systems can be integrated with integration packages such as those offered by Dell Boomi, IBM Cast Iron, or Mulesoft, but these packages are more complex and expensive then most SMBs would like. It is important to determine which Cloud/SaaS packages natively integrate with other Cloud/SaaS packages before a purchase decision is made.
Disaster Recovery/Availability of the vast majority of (paid) Cloud applications is much higher than on-premise applications at the SMB’s locations despite some Cloud outages and the publicity they garnered. Smaller Cloud providers may not have the track record and resources of larger Cloud vendors and should be checked more carefully. The SMB should review the SaaS Vendor’s SLA (Service Level Agreements), but frankly most of them have extremely weak guarantees and SMBs have little power to dictate reasonable uptime guarantees. One major SaaS vendor has an uptime guarantee of only 99.5% per quarter which equates to almost 11 hours of downtime. While there is little negotiating power, most reputable SaaS vendors publish their uptime statistics — the SMB should be certain that the historical uptime record is acceptable to them. SMBs should also review the backup data availability standards of their Cloud vendor. The backup should be done at intervals which will ensure no critical company data could be lost, the time to recovery from a data loss should be acceptable, and the SMB needs assurance that all their data is owned and accessible by them if they choose to move to another SaaS provider.
Reporting/Analytics: Companies should also consider how they can consolidate the data from multiple SaaS applications through Business Intelligence to help them more effectively run and grow their businesses. Many SaaS applications provide integrated BI tools or dashboards that are a part of the core SaaS applications such as NetSuite’s SuiteAnalytics. Alternatively an analytics tool that works across multiple platforms such as GoodData can be used to create a comprehensive set of Business Intelligence insights to better manage the business.
There are a great number of benefits to moving IT to the cloud; Huricane Sandy demonstrated that companies which had their IT resources moved to the Cloud avoided the disruption that occured at many SMBs with legacy on-premise operations. While SMBs are rapidly moving to the Cloud, “Cloud Sprawl” can occur when new cloud services are deployed in a random fashion leading to incompatible systems that do not inter-operate with each other, create potential security and regulatory issues, and make business processes between these systems difficult to implement.
SMBs needs to tie their cloud strategy together to ensure that their security, disaster recovery, regulatory compliance, and mobile requirements are addressed in the plan. Finally the plan should include consideration on how all the individual Cloud applications will be integrated to share data to create uniform operations through the business.
This transition by SMBs to the Cloud is providing a huge opportunity for ISVs with SaaS offerings and fueling the 17.4% CAGR for SaaS software forecast by Gartner. In the Cloud Strategies’ forthcoming February 2013 post, “How SaaS Vendors can fit into CIO’s SaaS Strategy” it is discussed how SaaS Vendors can build SaaS products that best fit within the SMB’s comprehensive Cloud strategy.
IT Categories and Representative SaaS Offerings
Communications Applications: Telephony, Phone, Chat, Video Conferencing
Content Management: Document Management, Digital Signatures, CMS
Productive Applications: Email, Word Processing, Spreadsheets, Presentation Tools
Sales & Marketing Applications: CRM, Marketing Applications
Social Applications: Twitter, Blogging Application, Social Media Compliance
Cloud Examples: Twitter, Instagram, Socialware, Facebook
Financial Applications: Accounting, Invoicing, Ecommerce
Industry Specific Applications: Inventory, Supply Chain, Project Management