The destruction done by Hurricane Sandy is another reminder of the vulnerability of maintaining an on-premise system.  Those businesses that had been running their business “from the cloud” didn’t experience the downtime and potential data loss of those with on-premise IT.

According to Microsoft over 87% of companies between 50 and 250 employees will be using the Cloud by 2015.  Spiceworks, a IT Management community, forecasts an incredible 11% growth of cloud usage by SMBs to 73% just in the first 6 months of 2013.

SpiceWorks –  State of SMB IT Report 2H 2012

While most SMBs (Small to Medium Businesses) use some Cloud Software as a Service, the number of SMBs that are going “all in”, moving almost all their software to the Cloud is exploding.

Factors driving SMBs to a complete adoption of the Cloud

Business continuity after a disaster is just one reason why businesses of all sizes have been moving their IT operations “to the cloud”.  Other factors include:

• The ability to focus on their key business drivers instead of their Information Technology (IT), eliminating tasks such as system upgrades, backups, and IT administration
• The improved business agility by rapidly being able to take advantage of new software capabilities
• The productivity gains of always using the most up-to-date software
• The ability to have world-class Information Technology not previously practical for SMBs without expensive IT staff
• The superior security and availability provided by world-class SaaS vendors
• The “Access Anywhere” cloud capability

The SMB with 50 to 250 employees has complex IT needs, but limited IT resources and Cloud expertise.

The move to the Cloud is usually driven by the operational benefits of Cloud computing, together with new company strategic requirements that can best be met through the use of Cloud Technologies such as supporting mobile devices, social initiatives, Big Data initiatives,  or new regulatory compliance requirements.  These requirements may dictate a rethinking of the company’s Information Technology strategies.  While moving to the Cloud can gives these SMBs the sophisticated tools with far fewer resources required by on-premise solutions, the complexity of the transition may be beyond the capabilities of the SMB.  Additionally, the complexity of meeting these new requirements while reduced with Cloud technology can still be daunting.

The Strategic Cloud Transition Plan

The success of the company’s successful Cloud transition requires  1) ensuring appropriate cloud knowledgeable resources are available, 2) creating a strategic plan for transition to the Cloud while addressing new company strategic requirements, and 3) following the plan with a stage transition – no “big bang” cut-overs.  A piecemeal move to the Cloud adopting one SaaS application at a time without a master plan is folly.  The strategic roadmap will provide guidance to ensure the transition happens smoothly with the maximum business benefits while minimizing the transitional pitfalls.  It will also ensure that company-wide standards such as security and regulatory compliance are addressed comprehensively by all of the IT applications, both Cloud and on-premise.

Steps to a Cloud Success

The company should inventory its software currently used (and not used) by category and identify the new strategic initiatives impacting IT.  Once the current software (the “as-is”)  and new requirements are identified the complete Cloud based IT system requirements (the “to-be”) can formulated.  A major objective of the strategy is to provide the flexibility through agile SaaS software that makes the “to-be” IT resources much more agile to deliver future business value not yet identified — it is the nature of agile implementations that presumes requirements will evolve over time.

It is likely there is significant use of SaaS within most SMBs in areas such as Web Content Management, Social Networks, Payroll, or Email Systems.  These systems will likely be a part of the new Cloud strategy or may be replaced by a Cloud SaaS suite which encompasses many of the required capabilities (such as SaaS suites offered by companies including Salesforce and NetSuite).

While the strategy should encompass the full vision for the Cloud Information Technology, the transition can be incremental as long as it follows the strategic roadmap and addresses the company-wide issues discussed below.

The SMB should start with software where a temporary outage would not be disruptive, does not require a 100% cut-over and is not tightly integrated with existing systems to gain experience with the Cloud transition.  For example, Google Apps for Business or Microsoft Office 365 might be used for a certain set of documents that need to be shared among a number of employees collaboratively which can be adopted for certain projects without requiring a total conversion.  Cloud collaboration tools like Google+ Hangouts can be used for a set of projects while employees become comfortable with the technology.

As the company becomes more comfortable with the Cloud transition, bigger projects such as a hosted VOIP may be a capability contained within a larger SaaS suite.  For example, Microsoft Lync Online is contained as a component within Office 365.

Company-wide issues to be addressed with the Cloud transformation

The Cloud transition strategy must provide a framework adhered to by all Cloud (and other IT) initiatives to meet the company-wide requirements — this is a major component and reason a Cloud transformation strategy is mandatory to provide a minimum set of requirements for each Cloud project to adhere to.  These crucial company-wide IT issues are 1) Security, 2) Regulatory Compliance, 3) Integration between the company’s software/SaaS systems, and 4) Disaster Recovery/Availability.  Additionally, there may be new projects such as Business Analytics or Market Intelligence that are logical to address with Cloud products.  While the details of these projects are beyond the scope of this article, there are a few key considerations for each of these areas.

Security within the  company’s firewall and the mobile/internet access to the company’s data are crucial.  All devices that access the company’s systems should be certain to have update-to-date malware protection and the company’s network must be verified secure.  Products such as those offered nCircle PureCloud, and GFI provide Cloud based threat protection while products such as Microsoft Windows Intune, provide both device management and security.  It is also crucial to have password/identity management or SSO (Single Sign-On) capabilities to protect against authorized access all all the Cloud/SaaS applications.  Privacy issues are related to security, but require more attention with the critical company and customer data between stored in a virtualized Cloud.  Without specific provisions by the Cloud provider (which are rare), the SMB will have little control over the location of their data — this isn’t usually a problem unless there are regulatory issues, or data locality issues dictated by governments (such as EU data location requirements).  Depending on the requirementsof the SMB and the extent of their security concerns, these SMBs may not accept certain data being intermixed with other client data in the same database though the data security of most larger B2B SaaS vendors is very good.  In any case, the Cloud transition strategy should set minimum standards for Cloud security and privacy for Cloud providers.

Regulatory Compliance is a major growth area, driving additional cost and complexity of many applications.  Like Security is a non-nonnegotiable requirement  that must be addressed at the strategic level setting standards that all Cloud software must abide by.  In certain markets such as medical, financial, or e-Commerce, standards for HIPAA, FINRA, and PCI set minimum requirements potentially impacting any software used by the company.  Minimum Security, Privacy, Accessibility, Data Locality, and Process requirements are set by the standards which will have implications in the SaaS products that are used — some Cloud products do not meet the minimum regulatory requirements and therefore are no suitable as a component in the company’s IT strategy.   In particular, given the virtual nature of the Cloud there are more complex compliance requirements when the computer hardware on which the applications runs are “in the cloud” — most major Cloud companies have provided the foundation to meet most regulatory requirements, but this requires independent research by the SMB to verify the regulatory, privacy, and security requirements are met.  Even for companies in unregulated industries there are regulatory requirements particularly in areas of privacy and social media that must be considered.

Integration between software packages has always been an issue which is exacerbated by the Cloud.  While not ideal, SMBs have used their VARs (Value Added Resellers) to access their on-premise applications’ databases to share data between disparate applications.  This data while generally accessible through APIs to the SaaS vendors software, is complex and expensive to integrate by the SMB if a prepacked integration (such as though included in Saleforce’s AppExchange) is not available for some of the Cloud vendors — particularly if they consider themselves competitors.  For example, there is no off-the-shelf integration to share data between Salesforce’s customer data with NetSuite’s accounting data, or ADP payroll data with NetSuite’s accounting system.  These systems can be integrated with integration packages such as those offered by Dell Boomi, IBM Cast Iron, or Mulesoft, but these packages are more complex and expensive then most SMBs would like.  It is important to determine which Cloud/SaaS packages natively integrate with other Cloud/SaaS packages before a purchase decision is made.

Disaster Recovery/Availability of the vast majority of (paid) Cloud applications is much higher than applications on-premise at the SMB’s locations despite some Cloud outages and the publicity they garnered.  Smaller Cloud providers may not have the track record and resources of larger Cloud vendors and should be checked more carefully.  The SMB should review the SaaS Vendor’s SLA (Service Level Agreements), but frankly most them have extremely weak guarantees that SMBs have little power to dictate reasonable uptime guarantees.  One major SaaS vendor has an uptime guarantee of only 99.5% per quarter which equates to almost 11 hours of downtime.  While there is little negotiating power, most reputable SaaS vendors publish their uptime statistics — the SMB should be certain that the historical uptime record is acceptable to them.  SMBs should also review the backup data availability standards of their Cloud vendor.  The backup should be done at intervals which will ensure no critical company data could be lost, the time to recovery from a data loss should be acceptable, and the SMB needs assurance that all their data is owned and accessible by them if they choose to move to another SaaS provider.

Reporting/Analytics:  Companies should also consider how they can consolidate the data from multiple SaaS applications through Business Intelligence to help them more effectively run and grow their businesses.  Many SaaS applications provide an integrated BI tool or dashboards that are a part of the core SaaS applications such as NetSuite’s SuiteAnalytics.   Alternatively an analytics tool that works across multiple platforms such as GoodData can be used to create a comprehensive set of Business Intelligence insights to better manage the business.

Conclusion

The company needs to tie their cloud strategy together to ensure that their security, disaster recovery, regulatory compliance, and mobile requirements are addressed in the plan.  Finally the plan should include consideration on how all the individual Cloud applications will be integrated to share data to create uniform operations through the business.

There are a great number of benefits to moving IT to the cloud, but it is crucial to plan on a phased transition to achieve the maximum benefits without potential pitfalls of any IT migration.

SMBs will see many benefits to moving their IT operations to the Cloud beyond still having their IT operational after a natural disaster.  This transition by SMBs to the Cloud is providing a great opportunity for ISVs with SaaS offerings and fueling the 17.4% CAGR for SaaS software forecast by Gartner.

IT Categories and Representative SaaS Offerings 

Communications Applications:        Telephony, Phone, Chat, Video Conferencing

Cloud Examples: Ring Central, Microsoft Lync, Google Voice, Google Hangouts, GotoMeeting

Content Management:     Document Management,  Digital Signatures, Website development

Cloud Examples: Sharepoint, Box.com, Docusign, WordPress

Productive Applications:                       Email, Word Processing, Spreadsheets, Presentation Tools

Cloud Examples: Office 365, Google Docs and Mail, Evernote      

 Sales & Marketing Applications:        CRM, Marketing Applications

Cloud Examples: Salesforce, Sugar CRM, HubSpot, Marketo

Social Applications:       Twitter, Blogging Application, Social Media Compliance 

Cloud Examples: TweetDeck, Instagram, WordPress, Socialware, Facebook

Financial Applications:                                  Accounting, Invoicing, Ecommerce

Cloud Examples: Sage One, Epicor Express, NetSuite, QuickBooks Online, FreshBooks, Xero

 Industry Specific Applications:           Inventory,  Supply Chain, Project Management, Reservations Systems