Professional Documents
Culture Documents
ACKNOWLEDGMENTS
We greatly appreciate the contributions of the following people and companies: Jack D. Bischof, Accenture Fred Broussard, IDC Dennis Drogseth, enterprise Management Associates (eMA) Frederic Drouin, Wood Group Information Solutions Malcolm Fry Jeffrey Gore, Column Technologies Rohit Gupta, BMC Software Bob Johnson, BMC Software Jeffrey Kaplan, THInKstrategies Bill Kirwin, Alinean Robert Mahowald, IDC Tom Pisello, Alinean Mark Settle, BMC Software W. Wyatt Starnes, Harris Corporation Phil Wainewright Steven Woods, eloqua Corporation Editor-in-Chief: elaine Korn Executive Advisor: Roy Ritthaler Senior Editor: lea Anne Bantsari Technical Editors: Andrew Harsch, Chris Rixon Editorial Team: Janice Brown, linda Donovan, Sheila Mangione Creative Design: liora Blum, liora Blum Graphic Design Creative Direction: John Bishop Special Thanks: larry Bandemer, Patty Baumgardner, Kyle Brantley, Kathryn Craig, nori De Jesus, Dennis eaton, Kimberlee ellis, Ali Ghazanfari, Tony Goodwin, Kate Guillot, Chad Haftorson, Daniel Kirkpatrick, James leach, Carolyn lindsey, Stacey nash, Kimberley Roach, Tony Sanders, lilac Schoenbeck, Matthew Selheimer, Jessica Walker, Chris Williams, Michelle Winter
To learn how BMC Software BSM solutions can help your business, call 800-841-2031. BMC soware, the BMC soware logos, and all other BMC soware product or service names are registered trademarks or trademarks of BMC soware, Inc. all other registered trademarks or trademarks belong to their respective companies. Copyright 2011 BMC soware, Inc. all rights reserved.
A message from Rohit Gupta, General Manager, Remedy/SaaS Its all about business innovation
By gaining better insight and assisting the transition to new technologies, CIOs can pave the way for innovation that drives competitive advantage. By Fred Broussard and Robert Mahowald
TABle OF COnTenTS
A global perspective
Cloud computing and SaaS present a variety of benefits and risks for CIOs, IT orga nizations, and lines of business. For a global perspective, Andrew Harsch, senior manager, SaaS Solutions for BMC Software, sat down with Phil Wainewright, notable industry expert, to discuss this topic. Here are some highlights from their conversation. 20 Top 10 reasons SaaS is here to stay The broad and increasing acceptance of SaaS indicates that the approach is not a trend that will fade anytime soon. The benefits tell the story. By Jeffrey Kaplan
management solution
Consider a more complete solution if you need integration, automation, and change/ release management. By Bob Johnson 52 Strategies for success with cloud
and SaaS
The cloud can improve IT service delivery and is causing increased interest in tradi tional ITSM functions. Heres what you need to know. By Dennis Drogseth
76 The truth about ITIL and SaaS As the SaaS model increases in popularity, several misconceptions have arisen regarding ITIl and SaaS. This article dispels some of these rumors. By Malcolm Fry 83 Maximizing your SaaS implementation Understanding the challenges of a hybrid IT environment is a key factor to success with SaaS. Here are five strategies for deli vering maximum value with your SaaS implementation. By Jack D. Bischof 90 A SaaS-first approach to application
TABle OF COnTenTS
2
portfolio management
SaaS is here to stay. As you examine your application portfolio with an eye toward SaaS, keep in mind the benefits as well as the adjustments youll need to make in your IT organization. By Mark Settle
methodology
Youll get the best results from your SaaS solution if you use a structured approach. Here are four guidelines to help you prepare for a smooth deployment. By Jeffrey Gore
SaaS is providing the platform, both in a figurative and literal sense, to deliver on the vision of increased efficiencies and value.
Fred Broussard and Robert Mahowald, IDC
Theres great potential for very exciting business innovation and business process innovation using online capabilities and using the instant productivity that the cloud enables.
Phil Wainewright
SaaS applications are quickly becoming more robust, user friendly, and reliable.
Jeffrey Kaplan, THINKstrategies
The future of SaaS and cloud will involve more complexity but will also provide you with more agility and more capabilities.
Dennis Drogseth, Enterprise Management Associates (EMA)
SaaS will increase agility for both IT organizations and the lines of business they serve.
Steven Woods, Eloqua Corporation
If youve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation.
Jack D. Bischof, Accenture
The on-demand nature of SaaS can offer tremendous agility to IT organizations and business users.
Malcolm Fry
Software as a Service (SaaS) provides op por tunities for IT organizations to increase efficiencies, enhance agility, reduce costs, and, ultimately, maximize the value IT pro vides to the business. And now, more and more IT organizations are exploring ways to use SaaS offerings as part of their overall service portfolio. How can you most effectively leverage SaaS offerings? Where should you start? What are the challenges of managing a hybrid IT environment, and how can you best address them? Can you trust the security in the cloud? Is there a place for IT Infrastructure library (ITIl) best practices in SaaS? This edition of VIEWPOINT, which includes contributions from industry experts, BMC Software customers and partners, and BMC thought leaders, answers these questions and more. each article provides advice and practical guidance to help you successfully move forward with SaaS.
How can you best deliver business value through innovation, while reducing overall costs? To learn how, read the article by Fred Broussard and Robert Mahowald of IDC. next, get a global perspective on SaaS in the interview with Phil Wainewright, an influential industry commentator. SaaS is not a passing trend; its here to stay. And Jeffrey Kaplan of THInKstrategies explains the top ten reasons why. Do you want the facts on return on investment (ROI) and total cost of ownership (TCO) in the cloud? If so, read the mythbusters article by Tom Pisello and Bill Kirwin of the ROI consultancy Alinean. This article lists common myths and then proves them false. The article by W. Wyatt Starnes of Harris Cor poration discusses some considera tions to help you gain trust in your cloud service provider. For guidance on how to achieve success with cloud and SaaS, read
the article by Dennis Drogseth of enterprise Management Associates (eMA). Wood Group Information Solutions leveraged SaaS to start a new line of business. Read how, in the article by Frederic Drouin. And in the article by Malcolm Fry, IT industry luminary and ITIl expert, youll learn why ITIl is just as critical with SaaS as it is with other software implementations. These are just some highlights of the articles you will find in this edition of VIEWPOINT. Whether youre just starting to explore SaaS or already on the SaaS path, we hope you find this publication informative and useful. Best regards, Rohit Gupta
General Manager, Remedy/SaaS BMC Software
uccessful companies are always seeking to innovate. In the 1960s, large enterprises began to use technology for bulk data processing; in the 1970s, com panies introduced computer access to the front office via terminals. The 1980s brought the onset of computers to everyones office, while in the 1990s, businesses began to rely on enterprisewide applications. The early 2000s brought the widescale adoption of mobile devices. How can todays CIOs continue this momentum and assist their businesses with the next breakthrough idea? Whats clear is that todays CIOs are keen to deliver business value through innovation. While cost cutting is still a priority, CIOs are also clearing the way for strategic initiatives that will position their enterprises for growth and success. These CIOs know that the suc cessful companies will be the ones that adapt quickly to changing market conditions and customer expectations. Moreover, the orga nizations that dont embark on the path of innovation and growth now will likely become obsolete in the eyes of their industry peers, customers, and financial stakeholders. Software as a Service (SaaS) is providing the platform, both in a figurative and literal sense, to deliver on this vision of increased efficiencies and value. Recent streamlining and automation initiatives have helped make IT organizations more agile, so they can support their busi nesses needs for flexibility and adaptability. SaaS provides an additional level of agility, enabling IT to spin up new services virtually instantly in support of the business. How ever, leveraging SaaS to promote innovation
requires visibility into business processes, particularly processes that touch the customer. So what do CIOs need to do to pave the way for innovation that drives competitive advantage?
SaaS is providing the platform, both in a figurative and literal sense, to deliver on the vision of increased efficiencies and value.
On the other hand, many organizations because of their industry, vertical, or even regulator y constraints may require onpremise solutions. For example, many
government entities choose onpremise due to extremely tight security control objectives. For many workloads, however, the decision might not be so clear. Its those notsoobvious choices that worry CIOs as they work to build a smart, businessresponsive IT portfolio. If theyre going to make good choices, CIOs need better visibility into business require ments and the true cost of delivering services. To get that visibility, CIOs are strengthening their outreach to business users and launching initiatives around comprehensive IT spend analysis. They are going beyond the cost of servers and software licenses to include the entire people/process/technology equation to determine what kind of changes will yield more value from IT. These initiatives are providing richer insight into key areas, including: The services that businesspeople need The true cost of providing any given service internally An accurate comparison of the cost of an onpremise solution versus an equivalent SaaS solution The timetoimplementation implications of SaaS versus onpremise solutions Visibility into the outside services that business users have contracted for and the risks these hidden assets pose to secu rity and compliance Best practices or capabilities available in SaaS solutions that are not currently lever aged in the organization
The solid, objective data gained from these initiatives can guide CIOs decisions on how to buy, consume, and manage services, and deliver them to the business in ways that enhance productivity and increase profitability. CIOs are bringing IT organizations to a new level of sophistication in which IT defines the services offered along with appropriate service level agreements (SlAs) and then brokers those services within the enterprise. It doesnt mat ter if those brokered services run on internal systems or a public cloud.
their budget allocations and redeploy staff to highvalue, strategic projects. However, most enterprises need to do more to enable people, processes, and technologies to work together more efficiently and effectively. CIOs are also enthusiastic about the potential cost savings they can achieve by moving certain workloads to the cloud. As CIOs outsource to the cloud, however, they arent necessarily reducing headcount. Instead of cutting staff, savvy CIOs are redeploying people to tackle strategic projects that drive business innovation.
For many in IT, the physical presence of the server room is a sense of security. Gaining confidence that workloads are safe on the outside is a major mental hurdle for many IT professionals. CIOs can overcome these concerns by choosing SaaS providers that clearly demonstrate they can provide the required level of security.
CIOs are enthusiastic about the potential cost savings they can achieve by moving certain workloads to the cloud.
The shift to SaaS and cloud computing isnt likely to be as radical as some people predict. IDC expects the shift to be evolutionary, not revolutionary. IDCs forecast window to 2015 estimates that only about 15 percent of overall IT budget will be allocated to cloud. For most companies, cloud might never exceed 50 percent of their total IT portfolio.
Embracing change
The famous visionary W. edwards Deming may have said it best: It is not necessary to change. Survival is not mandatory. Bottom line: IT professionals need to be comfortable accepting the changes that SaaS represents or they will not be able to effectively con tribute to ITs successes. But how can you convince people to accept these changes?
5 Key TaKeaways
about SaaS
Todays CIOs are striving to deliver more business value through innovation. Software as a Service (SaaS) helps IT organizations increase efficiencies and enhance value. SaaS provides additional agility and cost savings. CIOs need to address resistance to change in their organizations. CIOs are focusing on combining internal and external services to enable IT to deliver the right business services at the lowest cost.
10
SaaS will certainly be transformative, but there will continue to be significant on premise assets for many years to come. IT will need to manage not only the internal assets, but also assets in the cloud. Managing the combined private/public cloud environment may present a challenge for IT professionals, who will need to develop new skills for the emerging hybrid world. Some of those skills will be related to technology, but many will involve the ability to engage more closely with business owners as well as becoming more skilled and disciplined in the management and measurement of thirdparty suppliers. Successful CIOs will recognize these changes as opportunities for growth and will promote a sense of excite ment about the challenges ahead.
important role in uncovering the flaws in specific processes because they dont have a stake in those processes.
Moving forward, CIOs will focus on combining internal and external services in a way that allows IT to deliver the right business services in the most economical manner possible.
11
13
VIEWPOINT: Phil, youre in a unique position to provide a 30,000foot view of SaaS [Software as a Service] around the world a global perspective of the unique charac teristics of the various regions. What can you tell us? Phil Wainewright: For starters, the United States is such a huge market that it gives U.S. based providers a big advantage because theres no barrier in terms of the size of the market that they can address at least not until theyve worked through the first 300 million people in the United States. But if youre in any other part of the world, in europe or South America or AsiaPacific, the size of the economy that you can address before you actually start to cross borders into other languages, currencies, legal jurisdictions is much smaller. And that creates a natural obstacle. This is true in any industry, but you feel it particularly strongly if youre operating in the cloud or on the Inter net, because one of the big features of the Web is that its global. There are no borders. For example, I was recently at a cloud confer ence in luxembourg and some French companies discussed how they have been ver y successful with initially pricing in U.S. dollars, even though they were operat ing in France. The idea was that they offer a service in english on the Web, and dollars are seen as the base currency of trading on the Web. But then the question arises, what if people want to trade in euros? Do you add that currency? And do you add British pounds? Immediately you have these issues just as youre getting started issues that a U.S.based company doesnt face.
VIEWPOINT: Are you seeing any regional differences regarding the uptake from the consumer side of the business as a result of cultural issues?
14
market currently, its more of an objection that simply has to be overcome. But in parts of europe, its a real issue. VIEWPOINT: So does that also carry over into the concerns about a startup delivering a solution via SaaS? Do customers worry that the SaaS startup will go bankrupt in three to six months, and their solution will be gone? Phil Wainewright: Well, you must perform the same due diligence as always. And yes, its a concern with the SaaS model, but concerns exist with bigger, established companies as well. You may not worry that the larger providers will disappear, but you still get locked in to that provider. If the pro vider changes its price trend, for example, then thats an issue. The due diligence on a potential provider should ex plore the fol lowing kinds of questions: What is the commitment? What is the longterm strat egy? What is the funding background of this company? How likely is the company to stay around? And its always misleading to make general izations about markets because there are always outliers. We are seeing successful startups in the european markets because early adopters do exist in europe in fact, some of the earliest big enterprise adopters of certain SaaS offerings have been in europe. VIEWPOINT: How does bandwidth play into the SaaS story? Phil Wainewright: Heres an interesting anecdote about the importance of bandwidth. A large enterprise software provider has
been looking to roll out its SaaS offerings in a number of markets. The company is very carefully testing each market to evaluate band width to ensure that ver y specific parameters for response times can be met. And thats very much dictated by the network infrastructure. The company looked closely at China and at the typical response times that users would get in the main metropolitan areas. As a result of this testing, the company is reluctant to offer SaaS in certain areas of China that are lacking in infrastructure. So its quite an important point SaaS is an attractive alternative only if you have good broadband penetration. Similarly, some companies in India complain about the countrys broadband infrastructure and the fact that its holding back adoption of cloud applications. VIEWPOINT: Is anything hindering the adop tion of SaaS? Phil Wainewright: People often talk about this notion of data outside the firewall, as if cloud providers dont have firewalls. The providers do have firewalls, and what people are actually saying is, I dont want to have this data outside of my firewall. Whats really needed is proper accountability and good governance processes and systems between the outside providers and the enterprises. We already have examples of PCIcompliant infrastructure in the cloud and other very challenging compliance needs being met. Some issues still need to be ironed out, particularly around jurisdiction over data privacy and data protection. Theres concern
15
in europe that if data is with a provider based in the U.S., the data may not be held or pro cessed in a way that conforms to european data protection legislation, or might even put the customer at risk of breaking the laws regarding data. The industry and policymakers must come up with solutions that make sense in the cloud environment. VIEWPOINT: So looking globally, are there regional differences as to what people are looking for in SaaS from a B2B [business tobusiness] standpoint? Or are people generally looking for the same capabilities regardless of where they are located? Phil Wainewright: The wave of social media has accelerated a common culture in major metropolitan areas across the globe. And everyone in business is feeling the same imperatives: to be able to compete and connect globally, to be able to work with customers or suppliers globally, to have realtime information, and to be able to get answers to customers on a 24x7 basis. Also, they want to be able to support em ployees who are working on the road using mobile devices, from home, or from cus tomer sites, as well as in the office. All of these factors make cloud applications and cloud resources more attractive and more essential because theyre better adapted as a platform for doing this in a very connected way. VIEWPOINT: So is it fair to say that IT orga nizations around the world basically have
the same requirements and are looking for the same kinds of features and functional ity, even if their customers vary? That is, they may need to be able to adjust their offerings and localize them, or change because of the different types of products or services that theyre delivering. But in es sence, they are managing infrastruc ture, applications, and services and need to provide them on multiple form factors, devices, and so on.
Everyone in business is feeling the same imperatives: to be able to compete and connect globally, to be able to work with customers or suppliers globally, to have real-time information, and to be able to get answers to customers on a 24x7 basis.
Phil Wainewright: Yes. I think everyone is exposed to the same technology accelera tion and drivers. everyone is exposed to the greater connectivity and the customer expectation of uptodate information and instant response. In some industries, that expectation is probably more pressing than it is in other industries. But I think its prob ably equally felt around the world. For example, in Africa, the banking indus try is being revolutionized because people now do their banking on their mobile phones. In countries such as Kenya, people have leapfrogged a whole generation or two of tele communications technology that never was reliable or universal on fixedline telecoms infrastructure. every one is going straight to mobile.
16
now, people in rural areas of Africa are using their mobile phones to check whether theres a spare part they need from the motor dealer in the next village, and it saves them spend ing the day walking there and back to find out. VIEWPOINT: What differences are you seeing in attitudes toward ITspecific applications and services versus applications for HR and sales being delivered via SaaS? Phil Wainewright: People are always saying the holdouts against SaaS are the IT depart ments that IT doesnt like the idea of giving up control of the computing infrastructure to outside providers and its the business people who are adopting SaaS. And while there may be some truth that IT is sometimes an obstacle to SaaS adoption by a line of business, IT itself is a very avid adopter of SaaS applications for IT functions such as malware prevention, various aspects of
email archiving, compliance for websites, testing for help desk, and even across cus tomer assistance management. VIEWPOINT: Can you outline some key suc cess factors for a company moving to using SaaSbased offerings? Phil Wainewright: First, a SaaS strategy is essential. enterprise IT leaders need a way to ensure that the cloud applications are taken on in a consistent way and in a way that can be kept compliant. The IT department needs oversight and governance. They also need an infrastructure for managing provisioning and access and security around all of these different applications. And, of course, an integration framework is critical; otherwise youll have incompatible and often contradictory pools of data. This inte gration framework should be created
5 TIps
17
at the global level in a global organization. This creates certain difficulties because if you want to standardize on a particular SaaS application for a particular function, only a limited number of SaaS providers operate globally today. So, take these factors into account before you even start thinking about the more routine elements of evaluating a SaaS vendor.
running in 45 minutes by using a cloud solu tion. Thats a great example of how rapidly you can implement these solutions. now, in a more traditional enterprise procurement environment, it will take a little bit longer than 45 minutes, but you will still dramati cally decrease the time it takes to get the solution in place perhaps a matter of days or weeks instead of months and years. VIEWPOINT: What is your take on the future of SaaS and cloud computing? Phil Wainewright: This new computing platform has a number of strengths. But Im really most interested in seeing cloud com puting and cloud applications provide a platform for doing business in completely different ways. And theres great potential for very exciting business innovation and busi ness process innovation using these online capabilities and using the instant productivity that the cloud enables. Were also going to start seeing pushback due to concern about the TCO [total cost of ownership] of all of these different applica tions often being added in an uncontrolled way. Finally, SaaS is becoming more main stream and large companies will start running missioncritical processes using cloud applications, or using cloud applica tions for very large parts of their operation. VIEWPOINT: Any closing thoughts? Phil Wainewright: If you are considering moving to a SaaSbased solution, keep in mind some key benefits. Certain things come for free with a cloud application that would
Theres great potential for very exciting business innovation and business process innovation using online capabilities and using the instant productivity that the cloud enables.
VIEWPOINT: Do you have highlevel advice for CIOs thinking about bringing SaaS into their organizations? Phil Wainewright: Well, aside from the due diligence around security and the viability of the vendor which Im sure everyone is going to do anyway CIOs should look at opportunities where SaaS can really open up some breathing space. Right now, a lot of enterprises are adopting SaaS to fill gaps in functionality or where they have very aging, outdated application stacks. And adopting a SaaS application is a very rapid and easy way to nonintrusively introduce a replace ment. Plus, you dont have the technology implementation issues and you dont need to hire new staff. I was talking recently to an innovative call center software provider in the U.K. that actu ally got a replacement call center up and
18
be quite costly if you were building and imple menting the software yourself. For example, take geographical distribution. If you have a lot of mobile users, or a lot of locations such as in the hotel or retail indus try, you would need to build a robust wide area network to connect everyone together. With a cloud application, you get that for free because the cloud provider is already cater ing to a geographically dispersed user base. You also get mobile platform support for free because the provider must keep up to date with market demands for mobile technology and people needing access to the application on smartphones and tablets, and so on. Global consolidation is another factor. For example, if you have a lot of financial data that you need to consolidate across different geographies, and if you use an application provider that concentrates everything into a single application instance, then you again get the consolidation built in for free. Cloud financial applications are seeing a great deal of success in large globally dispersed orga nizations because these applications provide
much better visibility into the realtime finan cial information in the various subsidiaries. And finally, remember disaster recovery. With your own infrastructure, you actually need to replicate it somewhere else. But with a large SaaS provider, this is part of the offering. And my closing thought is this: A lot of the conversation we hear about SaaS and cloud focuses strongly on what could go wrong, but I always prefer to emphasize the business benefits and opportunities. Its only natural for people to be uncertain and distrustful this is a new platform, there are different parame ters for success and failure from what went before, and everyone is feeling their way. But as with any new wave in technology, those who are willing to be the early adopters can reap huge rewards by being the first to dis cover how to prosper from the opportunities that any new platform brings along and I personally believe that cloud is one of the big ones. Its going to really change the way we use IT in the enterprise, and those who learn how to harness its potential can be big winners.
19
20
21
ome technologies fade away, such as VHS tapes, typewriters, and tradition al film cameras. Others have lasting power. Software as a Service (SaaS) is one of them. Clearly, SaaS is here to stay. CIOs are no longer asking what SaaS is and why they should want it. Theyre now asking when, where, and how can they best take advan tage of Webbased, ondemand applications to better achieve business goals.
acquire and utilize business applications and other computing resources, but also how hardware and sof t ware vendors develop, deliver, package, price, sell, and support these solutions. Without question, top vendors are delivering viable alternatives to traditional, onpremise legacy applications. They have proven that they can achieve the reliability and security that enterprises demand. Theyve earned legitimacy by attracting highprofile clients who are now speaking out about their suc cesses and providing proof that the benefits of SaaS are very real.
Independent research shows a high level of satisfaction among enterprises that have deployed SaaS solutions. For example, in a Datamation and THInKstrategies survey: 85 percent of respondents reported that they are very satisfied with their SaaS solutions. 80 percent said they would renew their services. 61 percent said they would expand their use of SaaS. nearly 70 percent said they would recom mend SaaS to others. What factors are driving this broad accep tance of SaaS? Certainly the 2008 economic downturn is one. The weak economy has forced enterprises to consider more cost effective ways to provide the IT services that their businesses require. Another important driving factor is the for ward march of technology. Technology breakthroughs have allowed SaaS vendors to bring their solutions to new levels of maturity. The emergence of cloud compu ting, which encompasses SaaS, is radically changing not only the way enterprises
Technology breakthroughs have allowed SaaS vendors to bring their solutions to new levels of maturity.
So, why is SaaS here to stay and what are the benefits? Here are the top 10.
1. Limited risk
In the past, IT professionals worried that using external providers for business appli cations represented high risk. But for a number of years, the risk associated with SaaS has been kept relatively low due to what I refer to as out-tasking. Outtasking is about incrementally adopting a solution in a relatively isolated fashion, and testing its capabilities and effectiveness either for free or on a limitedfee basis. Most SaaS solutions vendors offer 30day trials. Those that dont are typically willing to negotiate pilot programs so you can confirm that their solutions meet your needs. This
22
ability to try before you buy and investigate at your own pace mitigates risk. Additionally, SaaS vendors have had a num ber of years now to demonstrate not only the reliability and security of their offerings but also to prove their staying power. If you stick with major players in the SaaS market, you wont need to worry that they will go away anytime soon.
SaaS solutions also benefit from crowd sourcing, which leverages the collaboration of an expanding user community to employ solutions in innovative ways, drive enhance ments, and solve problems. The result is that SaaS applications are quickly becoming more robust, user friendly, and reliable. Those characteristics contribute to greater efficiency and lower costs over the long haul.
4. Rapid deployment
SaaS allows a company to deploy an applica tion or service almost instantly. You dont need to wait until youve purchased and deployed servers and hired and trained staff to get a new application up and running. So you save time and money and enjoy faster time to value. This faster rampup means youll begin reap ing the rewards of new applications much more quickly. Depending on the type of appli cation and its importance to your business, the rewards could include higher productivity for the employees who use it and a competitive advantage for your business.
SaaS applications are quickly becoming more robust, user friendly, and reliable.
23
Crowdsourcing comes into play with respect to this benefit as well. Successful SaaS vendors continue to enhance their applica tions on a regular basis and deploy those enhancements across the population of customers. Many of them now actively solicit customer participation to guide them in expanding functionality and refining interfaces. These incremental improve ments help to shave costs by increasing efficiency and reducing training require ments for end users.
programs. Their efforts are paying off. There are far fewer service disruptions or security breaches among SaaS vendors than in tradi tional, onpremise software environments.
Leading SaaS vendors invest heavily in robust service delivery and security technologies as well as rigorous certification programs.
7. Easier integration
SaaS solutions generally rely on a common set of Web service protocols and application programming interfaces (APIs). Those proto cols and APIs make SaaS solutions easier to integrate with your IT infrastructure than traditional applications. Most likely, however, youll still need special ized tools and skills to fully integrate SaaS
24
applications with your legacy applications and data sources. Vendors and customers are working together to ratchet up the level of integration and make it easier to achieve.
The new frontier is employing SaaS appli cations as a catalyst for innovation within specific industries to automate formerly in efficient business processes and thus help firms increase productivity, improve accuracy, and drive up profitability. The SaaS vendor iPipeline, for example, is helping the insurance industry eliminate inefficient paperbased processes by providing Web based forms that can be transmitted quickly between brokers and underwriters.
25
information to create valuable benchmark data, which can provide customers with useful insight into industry best practices and help them optimize their operations.
The subscription pricing model underlying SaaS puts more pressure on the vendor to ensure that customers are satisfied and successful.
Constant Contact, for example, recently introduced a service that allows its custom ers to compare the effectiveness of their email campaigns with those of their peers using such metrics as open rate, click through, and bounceback statistics. This type of information helps businesses fine tune their campaigns to achieve a higher return on investment.
5 Key TaKeaways
about SaaS
Todays Software as a Service (SaaS) solutions are viable alternatives to traditional on-premise applications. Top SaaS vendors have proven their reliability, security, and staying power. Research indicates that 85 percent of SaaS customers are very satisfied. Low risk, low cost, and rapid time to value are among the top benefits. SaaS is an idea whose time has come.
26
SaaS systems, and, ultimately, getting the best performance and return on investment. In making the move to SaaS, IT professionals will need to monitor and manage SaaS services as an integral part of a complex hybrid IT environment that encompasses both onpremise and ondemand solutions. They need to integrate the management of SaaS services into their IT service man agement processes across all areas, including performance management, secu rity management, incident and problem management, change management, and vendor management. By doing so, IT organi zations can begin immediately to enjoy the 10 top benefits of SaaS.
27
28
29
urvey after survey of IT executives indicates that cloud computing ranks as one of the top strategic technolo gies. This prioritization makes it important for IT decision makers to quickly and clearly understand the available cloud solution options, design considerations, deployment requirements, economic impacts, and more. Cloud computing is also one of the mosthyped new technologies, leading to a decided lack of clarity. Certain bold statements making the case for cloud computing, such as The cloud will definitely reduce your IT costs, or making the case against cloud computing, such as The cloud is not secure, should not be taken at face value. like most dramatic statements, these might gain attention even headlines in the media, and then rise to the status of truth. Some facts and more than a fair share of hot air probably are behind these claims. In fact, many of the claims are baseless unless effort is made to create accurate research and economicjustification models, test them in the real world, and prove when they are true and false. A bold, unsubstantiated, and widely publi cized statement is a myth. This article will explore a number of cloud IT myths and shed some light on them.
amortized over a relatively short useful life. And business appetite for IT resources seems insatiable. Yet IT budgets are severely con strained in the current economy. Further, new capital investments beget more labor cost to install, administer, and manage these assets.
30
To make sure that infrastructure costs do not increase overall, IaaS total cost of ownership (TCO) must be carefully assessed to ferret out hidden costs in service fees, service levels, and in tactical events such as data transfers over the planned lifetime for the service.
combined with a TCO assessment. And then organizations can determine how they would fare in the open marketplace of outsourcing and cloud IT services. Myth buster: Chances are that cloud IT service providers will improve service levels and reduce IT management and support costs. Cloud IT service providers compete in an open marketplace and must offer market pricing and service levels that meet or beat your internal costs and the competition. Factors that drive this pricing and service include providers profitfocused, business oriented model; their focus on mature, professional services; and their ability to leverage a large, highvolume market. Cloud IT service providers have the wherewithal to invest in the latest technology, the best talent, and the best practices. They focus on their core competencies and sell to a market larger than the largest internal IT organization. Further, the tools to manage an outsourced or hybrid cloud IT environment are available and adequate. The process of vendor man agement is fairly well understood but may require some restructuring at the customer IT site, which will again require some invest ment to make the IT management cloud ready and cloud capable.
Myth 2: The cloud will cost you more to manage than you think
IT management is a multifaceted term. In one sense, it means systems and technology management. This management is actually a platform or collection of tools and techno logies to tune, maintain, and troubleshoot servers, storage, networks, and software.
Chances are that cloud IT service providers will improve service levels and reduce IT management and support costs.
In another definition, it is the management of IT processes such as service support (incident, change, and problem management, for example), service delivery (capacity, availability, and financial management), security, asset, and others as defined in the IT Infrastructure library (ITIl). A third facet is IT administration where hu man resources (HR), finance, governance, and business relationships are managed. All of these functions represent a set of internal costs and risks. These functions also have a maturity level that drives the cost and risk of delivery. every IT organization should conduct a capability or maturity assessment to determine its performance constraints and objectives. This assessment can then be
Myth 3: The cloud will not work until you have services defined and in place
Many organizations, both on the IT side and the business side, wish that their IT services could be better defined, more predictable, and cost/benefit aligned. This desire has caused some of them to put off deployment
31
of cloud service offerings until they get their act together. This delay may be wise for enterprises that are at the lowest levels of maturity, where outsourcing chaos is not a good plan. But the typical organization that has identified basic IT processes and offers them in a reliable manner should consider a limited deployment of cloud services as a learning experience. Myth buster: The cloud can help you mature to a service orientation. Given that cloud IT is a learning experience, the sourcing decision should focus on wellunderstood, noncritical service offerings. These should run parallel to existing services where possible or be deployed on a pilot basis to a segment of the user population. Costs should be tracked and not passed on if the offering is a parallel offering. every effort should be made to understand the service, service level agree ments (SlAs), and terms and conditions of the contract. A vendor that will provide insight into its operations, processes, and practices will go a long way toward cement ing a longterm relationship and provide a broader array of services in the future.
certainly can be anticipated and planned around. Vendor lockins can occur with in house software and proprietary solutions also. This is a wellunderstood management issue. The risk and cost of vendor lockin for a sourced solution is usually lower than an onpremise solution. The fear of a pricing change is also a noted inhibitor. Again, this risk factor is manage able. The potential for cost overages on inhouse projects is arguably higher. Myth buster: Cloud IT can be rapidly deployed and scaled with less risk than most in-house projects.
Myth 5: The cloud may not meet your service level requirements
A hardware vendors equity is the price/ performance of its equipment. A software vendor bets on feature/function and plat form. Service levels make or break a cloud IT provider. The brand equity of a cloud IT vendor is tied to its service levels. Once the service is determined, the key negoti ating factors are price and service level. Chances are very good that the reputable service provider will meet service levels as contracted. Many leading cloud pro viders transparently publish and promote ser vice availabilit y and per formance statistics online. Myth buster: Cloud IT will typically meet or exceed service level requirements. That
32
said, SlAs are always written to protect the service provider. Service level reporting may be an issue. Just as with any service offering, sourced or inhouse, contingency planning for unplanned outages and refund or exit strategies for poor performance must be part of the plan. Make sure that the vendor SlA is transparent and aligns with the service levels promised for the business needs and expected by end users.
An IT security plan needs to cover all pos sible breach points. Just about every IT infrastructure has network access and thus is vulnerable to network attacks. Cloud IT providers will vary in their ability to ensure security, but there are cloud IT providers that can meet most needs. Most cloud IT pro viders include system and data security as part of their core design, architecture, and implementation. Myth buster: Cloud IT can be as secure as or more secure than on-premise computing.
5 TIps
33
envision huge, multiple, geographically distributed, linked tier 2, 3, or 4 data centers with capabilities for redundancy, mir roring, and backup and restore. The cloud can be a superior platform for disaster mitigation. Indeed, one of the earliest uses for networked computing was for disaster recovery. It was often privately built and always very expen sive. Cloud IT commercializes this capability and leverages multitenancy to make it more feasible and affordable. Myth buster: The cloud can provide a superior as well as a more cost-effective disaster recovery facility.
in cost, functionality, flexibility, and/or agility are compelling, there are fewer and fewer reasons not to consider cloud IT.
Myth 8: You cant meet privacy and compliance requirements in the cloud
If cloud security is adequate to meet your ne e d s, then pr iva c y a nd complia n ce re quirements are additional layers for consideration. In some highly regulated sectors, there may be restrictions on hav ing data off the premises. However, in hybrid cloud IT architectures, even these requirements can be met.
34
The real question is whether the market cost of these services seems realistic to meet your business needs. Most enterprises dont recognize the real costs of IT and never really understand the payback. Often the functional requirements are not in line with the cost of delivering them. Cloud IT pro vides transparency on both the cost and service levels.
Bill Kirwin, board member for Alinean, is the father of TCO at Gartner, developing measurement and benchmark research and tools for the past 30 years. He recently conducted cloud computing research and TCO model development for Alinean. Kirwin is also a contributor to Saugatuck Technology, the leading research advisory services firm on disruptive technologies such as cloud IT. As an independent consultant, he advises technology providers and buyers with strategic planning and program review. Kirwin can be reached at www.linkedin.com/in/billkirwin.
35
36
37
eres a riddle: Whats the difference between a 747 jetliner and 6 million parts flying in formation and in uni son? The answer is that the 747 is a closedloop, fully automated, and highly capable system. A 747 is, in fact, made of up 6 million separate parts, including complex automatic flight control systems (also known as autopilots) that perform the same duties as a highly trained pilot. For some inflight routines and procedures, autopilots are actually more effective and reliable than a person. Autopilots not only make your flight smooth er, but they also ensure that your flight is safer and more efficient. The sophisticated closedloop system with monitoring and other checks and balances guarantees that all the critical pieces are working togeth er, so you can trust with confidence that you will safely reach your destination.
Compare this scenario to a cloud computing environment. like a modern jetliner, a cloud is highly complex. It comprises thousands of hardware components and perhaps millions of lines of software code. But how can you trust with confidence that your cloud is ready to take off, run, and land? After all, if you plan to use external resources from a third party, this public cloud or hosted private cloud, in which your company has an isolated set of resources should be a trustworthy extension of your data center. The cloud must be as trustworthy as a 747. To be trusted, the cloud environment has to be more than secure. It must be a trusted environment to which enterprises can con fidently shift businesscritical ser vices without sacrificing security, service quality, or management control. Figure 1 shows that as computing deployment models shift from traditional monolithic models to the
Public multi-tenant
Cloud
Privacy & separation
Private multi-tenant
Virtualized
Single tenant
Monolithic Secured
Trusted
38
cloud, a number of important implementa tion para meters come into consideration. Here are some factors to consider when using a cloud offering.
each other. The following section des cribes this issue in more detail. Cloud providers devote a lot of resources to ensuring strong security and isolation.
Cloud providers have to deliver a trusted environment that offers security as a baseline but that also offers availability and performance.
In addition to reducing performance and availability risks, providers need to continu ously monitor their systems to quickly identify and respond to cyber attacks. The advanced persistent threats (APTs) that have been regularly launched against major enterprises and government entities in the past year represent just one example. Some of these APTs involve email messages that appear to be legitimate. The messages entice recipients to click on links that download and install software that opens the door for hack ers to access confidential systems and data. Security is essential, but not sufficient. Cloud providers have to deliver a trusted environ ment that offers security as a baseline but that also offers availability and performance.
Tenant isolation
One fundamental source of value in a cloud environment is the use of an underlying shared infrastructure, ensuring that capacity is better utilized. The result is lower costs for all users. However, sharing infrastructure is similar to sharing a common building, such as neighbors in an apartment complex. In any given apartment complex, some neighbors are great, but you may also have a
39
neighbor who tries to tap into your wireless network without your permission. Similarly, if neighbors on the same shared cloud infra structure are able to see or tamper with each others workloads, that presents a fundamen tal security gap in the cloud architecture. Public cloud providers, therefore, need to ensure that the neighbors sharing infrastruc ture are properly shielded from intrusion from each other. Commonly known as tenant isolation, creating virtual software or network based barriers between tenants is critical to the viability of a public cloud service. This is complicated by the potential for a single tenant to have workloads that must interact across multiple pieces of hardware and still be isolated from any neighbors in the infrastructure. In addition to ensuring the isolation of tenants for security purposes, the provider must ensure that one tenant cannot use all the resources and cause a perfor mance hit on other tenants. Bottom line: Consumers of public cloud offer ings need to ensure that their requirements for isolation are met by the public cloud providers.
like all manufacturers, IT hardware manu facturers use a billofmaterials approach to ensure that their systems are built cost effectively and with high quality. This precise manifest of what goes into each item ensures consistency and quality. With respect to provisioning software, however, IT hasnt done as good a job as hardware manufactur ers. Many IT organizations employ manual, openloop software deployment processes that are not only costly but also prone to error.
Public cloud providers need to ensure that the neighbors sharing infrastructure are properly shielded from intrusion from each other.
Trusted cloud computing requires uniformity and accuracy in the deployment of software. You should put mechanisms in place that consistently deploy the right software on the right systems. To help get the right software out at the time of deployment, you might want to consider using a comprehensive database of vendorsupplied firmware and software reference images. You also need to close the loop by verifying that the software you pushed out has indeed been deployed completely and correctly. lets go back to the 747 analogy. One way airplanes ensure safety is through extensive monitor ing and feedback. For example, when a pilot issues a command to deploy the landing gear, hes not going to land the plane until he gets confirmation that the landing gear is indeed down and locked. IT should run the same way with respect to software. Assume that you deploy a mandatory
40
software update to a hundred servers. If you dont close the loop with feedback, there are many reasons why all systems might not get the patch. Some might be down at that moment. Others might have failed the installation. Consequently, you may end up with a certain number of servers that are no longer in compliance. That introduces risk.
monitoring to detect changes that result in nonstandard configurations. These changes should trigger an alert for human inter ven tion or trigger automated action that brings the device back into compliance. One way to monitor configurations is through auto matic discovery that continually scans the infrastructure environment, compares the discovered configurations to standards, and reports discrepancies. Monitoring also detects the addition of the download of an APT as a deviation from a standard configuration. Your remediation process could include alerts that systems have potentially been compromised and trigger automatic removal of the malicious software. The response would be imme di ate, dramatically reducing risk.
Managing IT change
You will likely make continual, intentional changes to your cloud infrastructure over time. These changes are driven by many fac tors, ranging from adding new application
5 ways
41
functionality to meet changing business con ditions to keeping up with a steady flow of software patches and updates. not only will you have your own changes, but the cloud provider will also make changes in the infrastructure, make patches available, or upgrade the infrastructure. The changes made by the cloud provider should be seam less to you unless you have a need to know.
if a software update must be rolled out to a server, the operations staff will be informed in advance of the change. The staff can then move services to another server during main tenance to avoid service interruptions. Once the change has been successfully completed, the operations staff is notified and can move the services back to the original server. Truly effective change management requires visibility into the components that make up the infrastructure, how they relate to each other both physically and logically, and which ser vices they support. With this visibility, IT can assess the full impact of changes, including the business impact, and act accordingly.
One of the critical success factors for cloud computing is an intense focus on managing IT change.
In making changes, you must maintain the continuing integrity of the infra structure by carefully controlling every change. like air line maintenance personnel, you have to ensure that every change is properly autho rized, that it is made only by authorized personnel, and that it is made with standard parts using standard processes. Consequently, one of the critical success factors for cloud computing is an intense focus on managing IT change. effective change management requires automated processes and workflows for creating change requests, getting them approved, informing the right people that a change is coming, deploying the change according to schedule, closing out the request after validating that the job has been complet ed, and maintaining an audit trail of all change activities. endtoend change management helps en sure high availability by keeping all pertinent parties in the loop. For example,
Maintaining compliance
like airline maintenance personnel, you must document all changes you make to your IT infrastructure to maintain compliance with industry standards and government regulations. examples include the Health Insurance Portability and Accountability Act (HIPAA) for health care organizations, Federal Information Security Management Act (FISMA) for government entities, and Payment Card Industry Data Security Stan dard (PCI DSS) for retailers. Compliance requirements vary from industry to industry; some are more stringent than others. With a cloud environment, the provider should address the compliance needs of diverse clients in many industries. This can range from agreeing to an automated audit, submitting proof of certain configurations and controls, or even allowing an inspector to walk the data center checking for specific details of the physical environment. Many
42
public cloud vendors are reluctant to comply with these requirements, and thus are not able to support the compliance needs of certain customer groups. But even private clouds in many enterprises typically must deal with diversity to support multiple busi ness units. Diversity requires the ability to support multiple compliance templates.
but also helps reduce the number of people required per cloud cycle delivered. The re sulting lower costs allow cloud providers to offer competitive pricing.
Continuous monitoring and reporting ensure ongoing availability of compliance data, which enables continuous compliance.
Some organizations treat compliance as an activity to be done periodically maybe monthly or quarterly. Continuous compliance is possible only when compliance becomes an integral part of processes, instead of an extra step. Continuous monitoring and report ing ensure ongoing availability of compliance data, which enables continuous compliance.
43
trust, providers will need to go well beyond delivering the highest levels of security. enterprises will be looking for a trusted environment that offers security as a base line but that also provides assurance of stability, availability, and performance.
In the trusted environment, people have confidence that service quality, compliance, and management control will never be compromised. Security is the baseline, but trust is what enterprises need before they can embrace the cloud.
44
45
he choice on how best to consume software whether onpremise or through a Software as a Service (SaaS) model is based on your specific require ments at different points in your business and organizational lifecycles. each model presents benefits that take into consideration the IT skills within your organization and your budget for capital versus operational expenses. When you look at each model, its also important to consider the potential for growth in your IT infrastructure and the level of customization and integration required.1
determine not only your IT costs, but also your business agility for years to come. Here are the criteria that have helped IT organizations like yours choose the right level of a SaaS based IT service management platform.
Key criteria
The size of your user base, along with your staff size and associated skill levels, can provide important clues about the range and complexity of your environment. Weve found that IT organizations generally employ one help desk professional for every 100 users, and that those organizations with a maximum of 35 help desk professionals are generally can didates for a smaller, slimmeddown offering. Firms with more than 35 help desk professionals, on the other hand, tend to have more demanding requirements that call for higherend IT service management systems, as well as a skilled staff to imple ment them effectively.
Choosing the right IT service management approach is critical because it will help determine not only your IT costs, but also your business agility for years to come.
Other considerations might be more impor tant than size, however. One is the current and future complexity of your application environment and the IT infrastructure that supports it. If your applications as well as the servers, storage, and networks that support them are reasonably simple and static, you could consider a more basic solution to hold down cost and complexity.
1 Paul Avenant, Top Considerations for Moving to a SaaS Delivery Model for IT Service Management, BMC Software, 2010.
46
The greater the complexity, the more you should consider a comprehensive solution. One useful indicator of complexity is the number of changes executed per month, as well as the effect each change has on a service and its related components. The more potential for downtime or security risks each change poses throughout your infra structure, the more robust a change release system you should consider.
If your environment is less complex, a basic solution may be a better way to get that agility and savings. You should also ask yourself whether the managers of your business are moving from a view of IT as a tactical cost of doing busi ness to seeing IT as a critical business enabler. The more this shift in perspective takes place, the more you should consider a fuller solution that takes a servicecentric rather than a trouble ticket or reactive view. A comprehensive IT service manage ment solution provides more information and enables more processes. The current and future complexity of your business processes is also important. The more variety in the types of users you have, and the more information they need from more sources, the harder it is to track the underlying IT assets and ensure service levels. If you anticipate a lot of complexity in the future, consider a more fullservice solution for the wealth of information and bestprocess workflows it can deliver. If you dont anticipate greater complexity, then a basic solution could be more costeffective. As business managers demand better mea surement of the services you provide, it becomes more important to consider a more complete IT service management platform. The measurement and reporting capabilities found in more extensive platforms will help you report on business metrics (such as whether you are delivering services on time and within budget) as opposed to IT centric measurements (such as the cost per asset delivered via a service request).
A comprehensive IT service management solution provides more information and enables more processes.
You should also take into consideration what percentage of changes are normal or standard changes, rather than emergency modifica tions. Thats because emergencies give you less time to simulate the effect of the change on other components in your environment. The more effort it takes to make changes and to anticipate and mitigate the effects of those changes the more you should consi der a comprehensive IT service management solution. It provides the deeper insights into your environment that could save significant effort, money, and risk in the future. Another factor to consider is how the solution will help you deliver IT services more quickly and at lower cost. If you have a very complex environment, the automation and manage ment provided by a comprehensive solution might actually reduce the cost and time required to provide such services, even though the solution may appear to be more expensive than a more basic alternative.
47
If managing what you do is becoming as important, or more important, than what you have, you should also consider a compre hensive IT service management platform. Basic systems usually provide only an asset inventory application, rather than an asset management system that uses a configu ration management database (CMDB) to catalog information about your IT assets. The CMDB found in comprehensive systems not only stores asset data, but also normal izes and shares it with an entire range of IT service management tools. An enterprise scale CMDB improves the speed and accuracy of help desk services, while also supporting more mature, enterprisewide change and release processes. In addition, an enterpriselevel CMDB eases asset and software license management activities, ranging from providing software to users to retiring unneeded software.
Integration
The ability to integrate other systems such as infrastructure discovery, event manage ment, or business applications into your IT service management platform is usually found only in more comprehensive solutions. While most basic systems ship with inte gration to authentication mechanisms, such as lightweight Directory Access Protocol (lDAP), you should consider a broader solution if you need integration with infra structure discovery, event management, or such business applications as enterprise resource planning (eRP) or customer rela tionship management (CRM) systems. With the need for broad integration comes the requirement for infrastructure discovery tools that enable the tracking of IT compo nents, such as servers, network switches, and storage arrays, through their service life cycles. By tracking the IT service components
5 ReasONs
48
that provide critical business ser vices, you are better able to make the decisions required to resolve service slowdowns or interruptions, or to meet industry, corporate, or legally mandated compliance and gov ernance standards.
more complete tool would speed problem resolution and aid service monitoring by allowing service desk employees to share information about system uptime and performance with widely used enterprise applications, such as eRP or CRM.
An enterprise-scale CMDB improves the speed and accuracy of help desk services.
Youre more likely to need integration with event management systems to the extent that: Users or customers often discover service slowdowns or interruptions before IT Users complain about the time or cost involved in solving problems You have trouble maintaining uninter rupted operations across an increasingly large and demanding environment Youre having trouble sifting through false alarms or multiple warnings about the same issue The integration capabilities found in more complete solutions might be a requirement if, for example, your service desk needs to be notified about, or make changes through, such devices as smartphones, or to share information with industryspecific provision ing systems, such as those used in the telecommunications industry. Those inte gra tion capabilities may also be required if your IT service management system needs to share information with diagnostic tools, such as remote access, or software that allows a service to repeat the sequence of events that caused an error. Finally, con sider whether the integration provided by a
49
processes might also help you reduce costs and errors by grouping configuration changes or by changing the order in which they are done. Whats more, change management is worth considering if the business wants to significantly improve compliance with industrystandard best practices, such as the IT Infrastructure library (ITIl), and if your current change or release manage ment processes make it difficult to ensure compliance with corporate, industry, or gov ernment regulations. Service level management capabilities found in comprehensive IT service management solutions may be worthwhile if your business requires interactions among multiple appli cations and IT infrastructure components, or if you need to provide different levels of service to various classes of users. Other consi derations include whether you must meet specific ser vice level agreements (SlAs) for users in different business units or divisions, and whether the business measures IT on its ability to provide business services (such as decision support for a manufactur ing system or policy underwriting) rather than just applications and network uptime. You should also consider a comprehensive solution if you need to improve in a con sistent and measurable way the efficiency, effectiveness, or accuracy of such disciplines as change management, service level man agement, or release management. A more complete solution is also worth considering if a holistic (versus siloed) view of how your IT infrastructure and core business affect each other would help reduce costs and/or provide better service to users, business
partners, or customers. Finally, consider an extensive service level management option if you are under pressure to better align IT with the business or to make IT a business enabler rather than just a support function.
Consider a comprehensive solution if you need to improve in a consistent and measurable way the efficiency, effectiveness, or accuracy of such disciplines as change management, service level management, or release management.
Youre less likely to need as many service level management capabilities (and thus should consider a slimmeddown IT service manage ment solution) if you only need a help desk to solve specific problems and perform individual tasks, such as upgrading a users machine. Consider a less sophisticated system if business managers mostly view IT as a cost of doing business and necessary to maintain ing daily operations, as opposed to helping the business grow and enter new markets.
50
IT service management tool can help free your IT staff from routine work to develop new missioncritical applications or services. Data center automation may be a requirement if your internal IT group is having trouble matching the prices that cloud service pro viders are quoting for IT services. It may also be a requirement if your IT staff is being pulled away from strategic, businesscritical projects to keep the lights on or deal with operational emergencies. Finally, this may also be a require ment if management is considering outsourcing part or all of your IT operation to save money.
Onpremise deployment may be a better fit the more you need to customize the code (as opposed to just reconfiguring the system settings) or integrate it with locally hosted applications. You should give more consider ation to onpremise deployment if you have significant concerns about the reliability or speed of the Internet access available to your enterprise.
Future needs
As you weigh these criteria, consider your current and future needs. For example, is the size or complexity of your organization growing? Is IT emerging from its current tactical role to become a more strategic enabler of business services? Will higher maturity levels in such areas as configura tion and release management hold down costs or boost customer satisfaction as you move to serve new markets and new customers? While you want to ensure a healthy return from your investment, consider whether comprehensive IT service management capabilities might not only save money in the long run, but also position your enter prise to outperform the competition.
51
52
53
ts all about the cloud these days, and its no wonder. Cloud can improve IT service delivery in ways not before possible, and the approach is causing a resurgence of interest in IT service management (ITSM) functions. The bottom line is that Software as a Service (SaaS) and the cloud will make IT more agile, more capable, and more innova tive. Whats not to like?
Cloud technologies require visibility across both cloudrelated and noncloudspecific services as well as increased crossdomain awareness and higher levels of automation. Core service management disciplines ac celerate a more successful adoption of cloud.
5 key strategies
You can learn from the experience of IT organizations that are effectively managing cloud and SaaS. This section describes five strategies for success in moving forward with cloud and SaaS in your IT organization. By following these strategies, you will save time and effort, avoid political delays, and keep your cloud/SaaS project on track.
1 This data appears in the February 2011 research report, Operationalizing Cloud: The Move Towards a Cross-Domain Service Management Strategy, from enterprise Management Associates (eMA). eMA studied 155 IT organizations that were seeking a more cohesive cloud strategy.
54
a particular application inhouse for greater flexibility and control. Remember, cloud is a means to an end, not an end in itself.
For example, in many cases, the group evolved from an infrastructure and archi tecture services group or a DevOps group. A crossdomain service management group might comprise network systems, application storage, and related systems. Whats relevant is the dynamic nature of the environment. Crossdomain service management groups are proving highly effective for strategy, com munications, and planning with respect to cloud and SaaS. Such groups should ideally include the czar and a cloud architect or vir tualization architect. If an IT organization has a good crossdomain group in place, and the group has Clevel commitment to support its efforts, then IT can more easily build processes and optimize the storage and the network to facilitate a cloud initiative and a virtualization initiative. The group should understand where cloud can help IT the most, and how. Based on this information, the group can creatively build a stepbystep plan that includes defined goals for each step. The approach is similar to the traditional approach to a configuration management database (CMDB) or any other kind of initiative.
Cross-domain service management groups are proving highly effective for strategy, communications, and planning with respect to cloud and SaaS. Strategy 5: Ensure your ITSM infrastructure can support your SaaS strategy
So you have taken charge of the cloud, obtained management buyin, appointed
55
a cloud czar, and built a crossdomain group. now, make sure that your ITSM infrastruc ture can meet the needs. A good ITSM team, processes, and the right infrastructure can enable you to most effec tively cope with the dynamic nature of cloud. Things change or are moved, and someone else owns it. Your established processes need to take these variables into account, whatever ITSM solution you choose. The ability to start to automate and build from welldefined IT Infrastructure library (ITIl) or similar bestpractice processes or workflows is very beneficial. Take advantage of best practices, strong processes, and an ITIlaligned platform that has strong support for automation.
leveraging infrastructure more economi cally, efficiently, and dynamically in support of service delivery Provisioning services faster and more effectively evolving ITs role from a service facilitator to a service broker Tying IT more closely to the business than ever Cloud offers several technologies to help achieve these goals. As senior IT managers consider employing new infrastructure op tions such as virtualization and SaaS, they are thinking in a more crossdomain mind set within IT. This mindset is something eMA has championed for years. The not so good is that senior management may put pressure on IT to adopt cloud, before IT is comfortable with moving to a cloud environment. IT organizations are being forced to respond faster to the needs of the business, and senior management is usually
5 BeNefITs
of cloud and SaaS
Cloud and Software as a Service (SaaS) can make IT more agile, capable, and innovative. Cloud presents an opportunity to raise the stature of the IT organization. Implementing virtualization and SaaS fosters a cross-domain mindset within IT. The use of cloud technologies can tie IT more closely to the business. The lower cost of deployment and management of SaaS allows organizations to redirect funds toward growth and innovation.
56
aware that cloud and SaaS can help. But extra attention from senior management can also create strain for some in IT. And the ugly? The ugliest potential outcome for cloud deployments is chaos: degraded service performance, security breaches, and a general loss of control in which business and IT stakeholders and owners remain fragmented and ungoverned, and service provider relationships are haphazard and sometimes at odds with each other.
eastwood as long as the executive IT sheriff and his crossdomain posse remain vigilant and engaged.
The future of SaaS and cloud will involve more complexity but will also provide you with more agility and more capabilities.
Its something like making cars for a super highway system where every windshield is covered with soot. This outcome, however, is ver y avoidable even without Clint
57
58
59
It
was an interesting request one that created quite the challenge for our external IT consulting business unit, Wood Group Information Solutions (WGIS). A client asked us to take on the management and operation of its IT service desk and infrastructure and wanted the new service desk to be operational in a very short period of time. But managed services was not one of our firms existing offerings. Whats more, I wasnt considering expanding our business in that direction. But this was a very strategic client a client that was depending on WGIS to help make its IT operations more efficient and to help it achieve greater business success. So we decided to take on the challenge. The result: Today, WGIS has a new line of business that is expanding rapidly, generating addi tional revenues, and contributing to business growth and profitability. How were we able to launch a new service offering, quickly and effectively? The answer is Software as a Service (SaaS). The avail ability of a robust IT service management (ITSM) solution in the cloud gave WGIS the agility and flexibility to seize this opportu nity. The new managed services offering has become a key component of our busi ness, and it is proving to be a differentiator that helps WGIS attract and retain clients.
rapid time to implementation, which was vital to addressing this clients needs. Traditional approaches would have required a significant investment in hardware and software plus the need to hire resources to deploy and manage the environment. Additionally, the staff would have faced diffi cult decisions about how much to invest in infrastructure. An inadequate investment in hardware and software might have resulted in a poorly performing system that could damage the customer relationship. Buying too much, however, would have cut into profitability and possibly made the managed services offering a losing proposition.
The pay-as-you-go pricing model allowed us to acquire service desk functionality without a hefty capital investment.
SaaS eliminated these barriers to entry. The payasyougo pricing model allowed us to acquire service desk functionality for this client without a hefty capital investment. The SaaS provider maintains an infrastructure that is ready and able to scale. As a result, we can take on new clients with confidence. A streamlined and rapid onboarding process gets clients up and running almost instantly. With SaaS, we were able to get the clients new service desk operating successfully in just two months. SaaS also positioned WGIS to quickly expand the scope of our offerings. Additional ITSM modules are available from the SaaS provider, including asset, change, release, service request, and service level management. We plan to
60
expand our managed services offering with additional modules in the coming months.
A solution built on ITIL best practices allowed for rapid implementation using proven processes.
While we acted swiftly to meet the clients deadline, we simultaneously applied due diligence at every step to ensure quality. The road map included the following steps.
61
on IT Infra structure library (ITIl) best practices allowed for rapid implementation using proven processes.
acquire comprehensive knowledge before rolling out the service to the client. The side benefit of this step has been improved incident management for WGIS. We replaced a patch work of spreadsheets and tools with rigorous service desk processes that have improved service desk efficiency by 15 to 20 percent.
5 TIps
62
and rapid onboarding enabled us to meet their needs, bringing the number of man aged services customers to four in just three months.
Rapid return
Our clients are pleased with the managed services offering, which enables them to concentrate on their core competencies and strategic growth. WGIS offers them predict able pricing and visibility of services. The service desk staff is responsive to client needs and reliably meets the agreed perfor mance targets. Based on initial estimates, we expected to achieve return on investment (ROI) within 18 months. But the payback for this new venture is happening much faster than anticipated, and we now expect a 9 to 12month ROI. Bottom line: SaaS offers exciting and com pelling cost benefits. But for WGIS, the real value lies in the agility SaaS provides to respond swiftly to customer demands even when that means venturing into a brand new line of business.
63
64
65
he SaaS revolution is coming to enter prise IT, whether IT is ready or not. SaaS applications are moving from single department implementations to top down enterprise strategy. SaaS applications are becoming integral to companies busi ness strategies and longterm growth. And companies appreciate that SaaS vendors take responsibility for their customers suc cess. Companies will be looking for deep IT engagement with SaaS vendors and custom ization to the business. So what can IT do to prepare for the SaaS revolution? Here are five key areas for IT to focus on.
months) growth constructs of flexibility, scal ability, security risk, manageability, and customizability. Therefore, IT organizations need to get more deeply involved with the lines of business and help each line of business think through these longerterm decisions. IT becomes an advocate for the business needs; it does not necessarily have to focus on the infra structure, because that is the concern of the SaaS vendor. The longerterm challenges of flexibility, scalability, growth, and manageability are just as real whether the software is delivered in the SaaS model or in the onpremise model. So its crucial to redefine ITs role as truly understanding the longterm business need.
2. Be proactive
The IT organizations that are really succeed ing with SaaS are the ones that are taking a proactive approach to embedding skilled IT professionals within the lines of business and understanding the business, all the way to 36 months out and beyond. These organizations are the pioneers of a new way of life for IT.
The longer-term challenges of flexibility, scalability, growth, and manageability are just as real whether the software is delivered in the SaaS model or in the on-premise model.
Take eloqua Corporation as an example. eloqua provides SaaSbased marketing software. We constantly ask ourselves questions such as: How do our customers generate revenue? What do we have for
66
data? How do we understand the buyers? What are the systems? What are the systems likely to be in 12 and 24 months? What will our customers priorities be in 12, 24, and 36 months? Our customers IT organizations are valuable guides and participants in answering these questions.
initial requirements while being scalable, extensible, and flexible enough to meet future requirements. IT will also need to focus on matching business requirements to the platform and fully understanding what the platform can do versus building and deploy ing these capabilities inhouse. They also need the ability to assess the vendor itself especially the vendors willingness and ability to provide backend support equal to or better than the support IT has been providing. Making these assessments against busi ness needs is not a trivial task. With SaaS applications, you cannot perform the same types of technical testing that you might with onpremise software. There will be a greater need to understand the business needs, and to understand the business processes and how they generate revenue and now IT will finally have the time to do it.
SaaS will increase agility for both IT organizations and the lines of business they serve.
In the near future, SaaS may prove to be the biggest boost ever in ITs quest to become more proactive versus reactive and to achieve greater efficiencies in IT service management. The reason is simple: SaaS offloads IT from worrying about current application problems; as a result, many IT people will be able to spend almost 100 per cent of their time helping the business focus on longerterm needs.
67
more agile. It will have the systems to support quick, nimble business moves.
this system and where are we trying to go? How do we get there? Can the system provide what we need? Do we need help from the vendor?
5 BeNefITs
of SaaS
Vendor responsibility for success Innovations through integration Cross-company benchmarking Agility and flexibility Quick wins
68
As a result, SaaS leverages new ways to integrate systems such as several integra tion clouds where multiple vendors work to develop and maintain connections between the most popular cloud and SaaS applica tions. These integration clouds are based upon standard connectors and vendors working in concert on interoperability. This activity will allow enterprises to continue to deploy and enhance their existing applica tions and services while at the same time introducing new innovative applications.
IT professionals aware of the ease of integration now possible, and familiar with the corporate benefits that seamless integra tion provides can now be more proactive in suggesting ways to create more value from existing or new SaaS systems. The SaaS revolution will benefit vendors and their customers in many ways some known and some not yet discovered. Are you ready?
69
70
71
aster. Better. More agile. Almost sounds like the latest new superhero. But these terms are actually often used to describe Software as a Service (SaaS) implementations. Its true that implementing SaaS solutions is faster and easier than traditional deploy ments, because SaaS eliminates the lengthy acquisition and deployment cycles of on premise solutions. Whats more, the SaaS provider takes responsibility for infrastruc ture, security, performance, and upgrades. But how do you realize the full potential of SaaS? The truth is, you have to do some impor tant groundwork before deployment. Collaboration with the provider during de ploy ment is essential to configure the solution for your business needs. Following a structured methodology as de scribed in the sections below can speed your rampup time and facilitate adoption. You can adapt the methodology to standardize your own SaaS deployment, decrease timelines, and ensure a highquality SaaS solution that delivers business value right from the start.
terminology, and other changes that come with the solution will help them to more read ily embrace it. If you can provide realworld examples of how other organizations have approached onboarding, you will promote understanding and speed deployment. In addition, as you would with any new initiative, be sure you have an executive sponsor who adamantly supports the project and com municates to everyone how important it is.
Be sure you understand the profound effect a SaaS solution can have on your organization.
And, like other technology deployments, a SaaS solution can bring greater success when you have a clear picture of your orga nization. To get that clarity, answer such questions as: Who are the process and application owners? Who are the key players across critical processes the incident manager, change manager, configuration mana ger, and so forth? What foundation data is unique and vital to the business, including locations, individuals, teams, and responsibilities? What do your customers expect? What are key metrics that need to be mea sured and what are the baselines today? Tap into your SaaS provider and outside consultants, if necessary, to get insight into the roles youll need to create and the type of configuration data youll need to provide. Then be sure to define roles and responsibi lities and assign the right people to make the
72
solution a success. Your administrators need to be closely aligned to the business and must be able to translate your unique busi ness requirements into configuration settings within the solution. And finally, ensure that staff members are fully trained and that they are empowered to make decisions.
appropriate starting point for implementation and develop a clear road map that will deliver the biggest return on your investment. A key goal of the assessment is to gain buy in for the project and commitment of the resources required to achieve success. The business case is one way to achieve that goal. An effective business case includes a thorough analysis of all costs associated with SaaS adoption not only the monthly sub scription fee, but also the cost of preparation, training, and so forth.
A key goal of the assessment is to gain buy-in for the project and commitment of the resources required to achieve success.
An important outcome of the assessment is heightened awareness of the effort involved to make the SaaS implementation a success. The assessment activities should guide management in identifying and assigning key people to examine current processes for inefficiencies and in uncovering areas of improvement the new solution should address. The insight gained through these efforts allows IT to determine the most
73
data includes location structure, overall organization, user groups and individual group members, and categorizations. Then, youll want to focus on fleshing out the requirements and reaching agreement on an appropriate design. If your solution includes a bestpractice model, then imple ment it without significant customization wherever possible. The goal is to tweak the environment, not redo it completely.
Organizations that use the out-of-the-box processes and workflows enjoy faster adoption and better success.
Most organizations like this approach. Many are looking for a fast path to ITIl or other bestpractice framework. They are eager to benefit from proven processes and technologies that thousands of other enterprises are using successfully around
5 TIps
74
the world. Organizations that use the outof thebox processes and workflows enjoy faster adoption and better success. Some organizations, however, encounter cultural and political challenges in this area. And these organizations that insist on keep ing their familiar terminology, data, and work flows lose time customizing the tool in ways that dont always deliver real busi ness value. For example, if your service desk uses the term case and the solution uses the term incident, it would be wiser to switch your terminology than to modify the tool. If you face these political and cultural issues, be persuasive so people understand the value of aligning with the solution and mini mizing alterations.
75
76
77
he sky is the limit, or so the saying goes. Open skies policies have broad ened the competitive landscape and consumer choices for air travel. Similarly, the Software as a Service (SaaS) model of delivering applications increases competition among software suppliers by giving business customers more options. With the increasing availability of ondemand technologies, local managers within a com pany can very quickly and directly get appli cations delivered through SaaS. But with its vast knowledge base, IT should be involved to make sure that customers get the best possible service. The flexibility of SaaS works if participants have rules to play by. Many IT organizations already have adopted bestpractice pro cesses, such as those defined in the IT Infrastructure library (ITIl), to manage the IT services they provide. now those pro cesses can provide some rules and control for managing SaaS. But with new approaches come misconcep tions about technologies and best practices. The sections that follow will dispel some common misconceptions about combining SaaS and ITIl.
As todays SaaS becomes more widely used, the ITIl processes still apply. However, organizations must apply them a bit differ ently. To manage SaaS, the IT organization needs feedback from those using SaaS applications. In the past, IT provided the technology for the customers use, and IT recorded details about every incident, who called to report it, when they called, and what they did. With SaaS, IT doesnt always know the details. now, business managers can easily opt for their own SaaS solutions, but IT still needs to be involved in supporting, inte grating, and managing those solutions.
All the basic tenets of IT service management and ITIL still exist today with SaaS.
Take, for example, a SaaS consumer who repeatedly encounters a problem when using a sales force automation tool that integrates with internal systems. each incident will be logged, and the root cause can be identified and eliminated using problem management. However, if these incidents are logged by the SaaS supplier, the IT organization will not be able to perform proactive problem management itself unless the SaaS sup plier collects the correct data and makes that data available. All the basic tenets of IT service management and ITIl still exist today with SaaS, but the form of communication with the supplier is different. The compatibility of information between SaaS suppliers and consumers must be absolutely precise, so that both sides know what the other is doing. If both the IT organization and the SaaS supplier are using ITIl terminology and processes, then both
78
are speaking the same language and will better understand each other. For example, if the language and processes are compatible, then the IT service desk can share resources, data, and knowledge with the SaaS supplier. Support can be maintained regardless of where an incident originated. In other words, if the original point of contact for the con sumer is the SaaS supplier, the incident can be escalated to internal support automati cally and seamlessly without the need to reenter data or other information. Conclusion: SaaS and ITIl are compatible. They go together like James Bond and fast cars.
ITIl focused. When putting together a service portfolio, clearly describe the services and the rules that must be followed. even if the SaaS supplier is not ITIl focused, your IT organization should be. Follow good ITIl processes; youll still need to implement changes and adhere to processes, and youll need to make sure you impose the right regulations from your end. Conclusion: Just as it is critical for an air plane pilot to complete a checklist before takeoff, following ITIl processes is critical to success with SaaS.
Misconception 3: SaaS should not affect how you manage ITIL processes.
Its tempting to think that if you use SaaS, you will not need to adjust how you manage ITIl processes. But you do. For example, with SaaS, who will be in charge of the ITIl pro cess of change management? If the SaaS supplier must make a change, how does the customer get involved in change manage ment? In those circumstances, you cant have the same kind of change advisory board (CAB) that ITIl recommends. When incidents, problems, and changes occur to a SaaS application, IT needs to know that the SaaS supplier will resolve problems and implement changes. Ask the supplier questions such as: How do you manage your changes? How do I know your changes are going to be successful? Whats the process if the change fails? How will you notify us of proposed changes? How do you manage incidents?
Even if the SaaS supplier is not ITIL focused, your IT organization should be.
For a service management tool, look for a solution with builtin ITIlbased best prac tices and an embedded crossfunction process model. If the SaaS supplier is provid ing another type of business tool, then be sure that the supplier is prepared to work with you even if the tool and supplier are not
79
The answers to these questions will differen tiate SaaS suppliers. If SaaS suppliers dont have good service management processes behind their applications, then this is cause for concern. Clear lines of responsibility and stringent controls will help you know exactly what is happening and where. Bottom line: IT is no longer the owner of changes. So, in addition to rethinking the way it handles change management with a SaaS supplier, IT might include something about change management in the service contract. Conclusion: Clarify how SaaS suppliers follow ITIl processes and how their own processes integrate with yours. You may also need to evaluate your processes to ensure they are effective in a SaaS environment.
and take a turn at a faster speed. In many cases, having established processes will actually streamline the accomplishment of your goals. ITIl brings the discipline. It will tell you where to set your parameters, how to manage those parameters, and so on. Its about having the right agility in the right place. Controlling the agility in all directions is important. IT profes sionals know that doing things quickly without proper planning and without proper notifica tion is a road to disaster. Conclusion: Following ITIl best practices actually will increase agility.
The on-demand nature of SaaS can offer tremendous agility to IT organizations and business users.
You can compare ITIl processes to the high performance brakes on a sports car; those brakes give you the confidence to be more agile
80
infrastructure. Therefore, business managers should be required to always consult IT before entering into contracts with SaaS suppliers. IT organizations will need to be much more vigilant about what is running on their systems and whats allowed on their systems. The opera tional and transitional ITIl processes can help you determine whether activities are occurring as expected and whether you have control. In addition to the ITIl/SaaS coordinator, iden tify a sponsor within your IT organization. The more senior the sponsor, the more effective the overall efforts. The CIO is the ideal sponsor for this sort of project. Conclusion: As in any relationship, commu nication is key between the IT organization and the SaaS supplier especially in regard to ITIl.
One of the biggest challenges is getting the business customers to tell you theyve purchased a SaaS product.
Typically, the ITIl components will include the following management disciplines: change, incident, problem, asset, configu ration, capacity, availability, and all of the service management components. To help ensure an ongoing relationship, establish regular communications between the SaaS/ ITIl counterparts. One of the biggest challenges is getting the business customers to tell you theyve pur chased a SaaS product. In many organizations, the SaaS products will need to integrate with other internal IT solutions through the existing
5 pOINTs
81
Ideally, the target performance level should be 100 percent, not 99.9999 percent. Keep in mind that 99.9999 percent is the lowest possible failure rate. Its not a success rate. If the per formance is not 100 percent, then clarify the penalty that the supplier will pay if perfor mance falls below the agreedupon service levels. The SaaS supplier should have a goal of perfect performance; a failure of cloud services can have a serious effect on an organization. Conclusion: If the supplier doesnt enable you to play, then the supplier needs to pay.
82
83
oftware as a Service (SaaS) offers a number of highpotential advantages for organizations thinking of adopting the model: substantial savings in capital out lay for software and environments; reduced operating expenditures for maintenance and support; elimination of software upgrade investments; and so on. SaaS also enables rapid implementation of services and capa bilities at a speed that has never before been possible and, as a result, creates the poten tial for rapid and continuous innovation. But along with these benefits comes the need for IT to build and manage a hybrid operating environment that combines internal IT ser vices with those provided by outside sources. To ensure that the new environment delivers maximum value to the enterprise, follow the five strategies outlined here.
Accenture research shows that highperforming organizations are keenly aware of truncating innovation cycles, and they find ways to con tinually invest incrementally during good and poor economic environments, while turning the faster pace to their advantage. As part of their innovative transformation, highperforming organizations seek to establish a virtuous cycle where the enterprise frees up scarce resources on an ongoing basis skills, budget, time, facilities, and so forth and reallocates them to highervalue activities with greater potential for competitive advantage.
If youve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation.
1. Focus on innovation
Its shortsighted to focus solely on the econo mics of SaaS. So if youve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation. SaaS fasttracks numerous aspects of common deployments, and instead of traditional one to threeyear upgrade cycles, SaaS solutions may go through four, six, or even more revi sions within a 12 to 18month period. With limited or zero technical intervention by cus tomers, this allows for short and continual bursts of innovation through reallocation of resources, and through increasing focus on core strategy execution.
An Accenture client in the health care indus try illustrates the wisdom of this approach. The firms growth strategy required that it become far more efficient in commodity operations services (such as IT service desk and IT request management) while achieving critical innovation milestones. The time and resources saved through the adoption of SaaS were applied to highimpact projects such as electronic records management and ehealth solutions, yielding cost savings as well as greater efficiency and higherquality medical care. Such innovation enables companies to dis tinguish themselves and gain a competitive advantage through differentiated services. But rapid innovation can be disruptive. In the past, innovation occurred at a slower
84
pace because of the lengthy development and deployment cycles required for new applications. The longer cycles, however, gave enter prises time to absorb new capa bilities and new processes. SaaS gives enterprises far greater agility in adapting to market changes and new cus tomer expectations. Problems occur when people are overwhelmed by such rapid change. The longterm success of your hybrid environment will depend on how well you manage the faster pace of innovation and prepare people to adapt to it.
Both cloud sprawl and shadow IT drive up IT costs instead of reducing them. Moreover, shadow IT can introduce security risks. To avoid both, youll need to establish strong governance that focuses on policy, proce dures, financial controls, and supplier management. By bringing visibility into these areas, you can bring rogue deployments into compliance with security requirements and policy. You can also identify and shut down underutilized resources to keep costs in check, as part of a standard portfolio man agement capability.
2. Establish controls
Youll want to develop updated governance models that enable IT to manage and/or have visibility into all services uniformly, whether the services are delivered internally or by a thirdparty provider. Heres why: With SaaS, spinning up new services is easier than ever. Unfortunately, those services can circumvent IT, or can be a duplication of existing services already in use elsewhere and can stay run ning long after people stop using them. This cloud sprawl is similar to the container sprawl that so many enterprises experience as they virtualize ser vers and other IT re sources. Additionally, business users continue to be very creative in getting what they want without going through IT. Many business units have discovered they can tap into Amazon.com or salesforce.com to quickly acquire services they want. So shadow IT is cropping up in many enterprises at a more rapid pace.
SaaS gives enterprises far greater agility in adapting to market changes and new customer expectations.
But establishing visibility and control of SaaS services can be tough. Many of these ser vices are like black boxes and provide little or no transparency in terms of how, and from where, services are provisioned, maintained, stored, and secured. A consortium of leading IT providers has joined forces with the World economic Forum to create recommendations encouraging service providers and govern ments to improve transparency, facilitate interoperability and data portability, and provide cloud users with enhanced visibility to improve governance.1 SaaS providers are progressing in these areas, but there will continue to be variations in the level of transparency because not all providers are at the same level of maturity. Dont wait for providers to address the gover nance challenge for you. Take steps yourself
1 Advancing Cloud Computing: What to Do now? World economic Forum in partnership with Accenture, 2011.
85
to ensure proper control over all the resources you use internal and external. Shift your mindset away from traditional service delivery and management skills, and start emphasizing service outcomes. Develop use cases and governance pro cesses that you can apply broadly across a large and diverse portfolio of cloud offer ings and providers.
Be sure you have the right solutions in place for your new hybrid environment.
Most likely you have solutions for at least some ITSM disciplines. Those solutions may or may not be effective for the hybrid environ ment. The cloud places more stringent requirements on ITSM than does the tradi tional environment. For example, change management solutions designed for static IT environments dont always work well in the dynamic cloud environment. Be sure you have the right solutions in place for your new hybrid environment. If you havent already done so, youll need to evolve your service management approach
3. Ensure you have the right solutions and tools for management
Once you have strong policies, processes, and controls in place for management and governance, you need IT service management (ITSM) solutions to operate and enforce them. Those solutions must span a broad range of disciplines, including performance manage ment, change and configuration management,
86
from an infrastructurecentric model to a serviceoriented approach. The ability to track and manage the performance of internally supplied services and cloud services against established service level agreements (SlAs) is vital. Keep in mind that, with respect to SaaS providers, SlAs manifest within underpinning contracts, complete with financial penalties if the provider fails to meet commitments.
consumption model, and the technology model. This comprehensive transformation requires a corresponding shift in the culture and organizational structure of IT and per haps the enterprise as a whole. In response to the changing model, IT organi zations in large, global enterprises are increasingly centralizing ownership of the service portfolio into an entity, often called a service management office (SMO). Irrespec tive of the name, the SMO establishes and maintains the policy, control, and visibility of IT services their cost, performance, utilization, and emerging demand and is responsible for driving the portfolio manage ment lifecycle. This transition to centralized service manage ment requires the application of some newer
87
roles and responsibilities within the IT orga nization, that of service manager or business relationship manager. The service manager takes full ownership of the services under his or her jurisdiction, including such responsibili ties as specifying functionality, defining quality requirements, and setting pricing. A key function of the SMO is to provide finan cial and performance visibility into services. This visibility should not be an impediment to cloud service consumption but, instead, offer guidance in the use of a service. By under standing the costs as well as the benefits and performance of services, consumers can make betterinformed choices.
Arguably, the highestpriority criteria revolve around data. Specifically, the security, transmission, por tability, continuity, and related legislation of data have become a global concern for pro viders, consumers, and governments. Carefully assess the data in question, and ask yourself some important questions: How critical is this data to my business? What would happen if we did not have access to it for a few hours, or a few days? What conse quences might result from unauthorized access to it, or crossborder transmission (for instance, many governments forbid personal data to leave the country)? If moving a particular application to a tier 1 out sourcer would pose a substantial risk to the enterprise, that risk may be magnified by a SaaS consumption model, or in other cases may actually improve. Make sure you have done your due diligence and are comfortable with the answers prior to taking a leap of faith.
5 INsIGHTs
for hybrid environments
Focus more on innovation. Avoid cloud sprawl and shadow IT with strong controls. Evolve IT management solutions for the hybrid environment. Prepare for organizational change. Consider security, transparency, and core competencies when moving to Software as a Service (SaaS).
88
Other important considerations fall under the category of transparency. Organizations need to understand the levels of service available to them (and the corresponding implications, both financial and operational), precisely who will be providing those services, as well as how those services will be provided, and from where. Keep in mind that the SaaS market is still evolving, and transparency can vary wildly from one provider to the next. Your choice of provider, and the related contract ing, can have a significant impact on your satisfaction, risk, and compliance.
tremendous agility, visibility, and focus into IT, capitalizing on areas of specialization across both internal and external providers. The key is in shining a light on cost, performance, and innovation across the multivendor landscape of sourced services. Management at one products company expects the visibility and clarity it is gaining around the cost and performance of its vendors will deliver gratifying results. The company expects to achieve significant cost gains going forward, shaving 15 percent or more off its sourced services portfolio, while increasing focus on innovation programs that will enable it to speed new services to market. Moreover, SaaS will rapidly enable a more uniform operating model that accommodates varying opera tional maturity levels across geographies.
The goal is to not only eliminate unnecessary costs, but also strengthen business agility.
Finally, core competencies are another important consideration. Truthfully consider whether you possess the requisite skills, policy, solutions, and processes to deploy and manage SaaS or other cloudbased services in a scaled hybrid environment. If the answer is not yet, starting small is always a good idea and will give you time to work out the bugs.
89
SaaS is here to stay. As you examine your application portfolio with an eye toward SaaS, keep in mind the benefits as well as the adjustments youll need to make in your IT organization.
By Mark Settle
90
91
was a watershed year in the evolution of the Software as a Service (SaaS) industry. Worldwide sales of SaaS tools within the enterprise application software market exceeded $9 billion.1 The industry bellwether salesforce.com continued to grow its revenue dramatically. A variety of IT research organizations pre dicted that by 2014 SaaS products would account for more than 40 percent of all new software sales. By any reasonable measure, SaaS is now considered to be an acceptable and, in some cases, a desirable means of sup porting a companys business operations.
2010
SaaS capabilities have even crept into the IT function. Several companies, including BMC Software, offer tools for service desk opera tions, project portfolio management, vendor contract management, budgeting and fore casting, and compliance administration that are specifically designed for IT organizations.
The more significant benefits of SaaS adoption have been an accelerated time to market of new IT capabilities and an improved return on software investments.
Why SaaS?
BMCs IT organization has implemented at least one new SaaS application per quarter since the first calendar quarter of 2009. We have realized several benefits through large scale adoption of SaaS tools. The hard benefits associated with SaaS are well known to all IT professionals. SaaS products are built, hosted, maintained, and operated by the SaaS vendor. This approach can absolve IT of responsibilities for hard ware procurement and installation, availability and disaster recovery management, and application maintenance and development. This transfer of responsibilities has enabled us to reduce the size of our data center and achieve savings in hardware depreciation and maintenance, cooling requirements, power consumption, and operator support. In addition, we have been able to redirect
1 Gartner, Gartner Says SaaS Revenue Within the enterprise Application Software Market to Total $9.2 Billion in 2010, press release, December 14, 2010.
92
several members of our applications teams into business systems analyst roles since their former responsibilities for software coding and testing are now being performed by the SaaS vendors. The more significant benefits of SaaS adop tion have been an accelerated time to market of new IT capabilities and an improved return on our software investments. Through practice, we have developed the ability to implement new SaaS applications in roughly three to four months. This is in marked contrast to the time typically required to implement licensed software applications. like most IT shops, we would likely need six to nine months to put a licensed software application into production. This time would be needed to design an appropriate hardware environment to host the application, procure and install the needed equipment, license the database software and additional utilities required to support the application, custom ize the application to support our users requirements, and perform extensive testing in collaboration with our users prior to the golive date. The business sponsors of IT projects tend to have changing priorities and short attention spans. One of the notsoobvious benefits of SaaS applications is that their original spon sors are much more likely to be present to drive adoption and realize forecasted business benefits, simply because SaaS implementa tion timetables are so much shorter than conventional application projects.
The second, less obvious benefit of SaaS products is the true return achieved on a companys software investment. Simplistic financial comparisons of SaaS subscription fees versus the cost s of conventional licensed software typically fail to capture all of the tradeoffs involved. A simplistic analysis of the cost of a licensed application will combine the costs of depre ciation and maintenance of the software and hardware that is initially procured. It will also include the professional service fees of any external consultants required to configure the application and the labor costs of the internal staff required to maintain the soft ware and operate the system.
One of the not-so-obvious benefits of SaaS applications is that their original sponsors are much more likely to be present to drive adoption and realize forecasted business benefits.
This total cost of ownership will be compared to the subscription fees of a competing SaaS solution over a multiyear period, typically three years. Whichever procurement approach results in the lower multiyear cost would appear to be the preferred strategy (assuming that Capex and Opex funds are equally available). What this type of analysis fails to capture is the benefit being realized on the maintenance fees for licensed sof tware versus the subscription fees for SaaS software. Many companies heavily customize licensed
93
software applications that have been imple mented internally. In principle, they are paying maintenance fees on the licensed software to preserve their ability to leverage the functional enhance ments in subsequent product releases. In practice, however, they become mired in customizations that make it difficult, if not impossible, to move to the latest version of the licensed product.
achieve business benefits if the original busi ness sponsors of a new application are available and enthusiastic at the time of go live. This is much more likely to be the case for the introduction of a new SaaS product. Furthermore, SaaS subscription fees allow you to offer your users functional enhance ments on a much more frequent basis and avoid maintenance fees for which you are receiving no immediate benefit. These qua li tative benefits are rarely captured in simplistic comparisons of SaaS and licensed software costs.
A SaaS-first application strategy will enable any IT organization to reduce hardware and data center expenses.
In contrast, enhancements in the functional ity of SaaS products are typically delivered in an incre mental fashion over much shorter intervals (four to six months). Incremental upgrades are much more likely to be adopted immediately, producing a return on the invest ment in SaaS subscription fees that is not typically realized on the maintenance fees for licensed software. The less obvious benefits of SaaS adoption significantly outweigh the hard benefits de scribed in this article. A SaaSfirst application strategy will enable any IT orga nization to reduce hardware and data center expenses, as well as repurpose application developers into analyst roles that produce more inherent business value. Far more significant is the ability to drive adoption of new IT capabilities and ensure that the business benefits of a new application are achieved. It is easier to drive adoption and
From your users perspective, you are still responsible for application performance
The employees who depend upon business applications to perform their daily jobs frankly dont care whether an application is developed or hosted internally or developed and delivered by a SaaS vendor. They still hold IT accountable for the availability and performance of all business applications. Many IT shops have deployed an insideout monitoring strategy to assess the health of their business applications. This strategy employs tools to monitor the heartbeat of all the IT components that support individual
94
business applications. This strategy is based upon the presumption that if all IT components are up and running, then the application must be available and healthy. largescale adoption of SaaS products will force your IT organization to become much more aggressive in complementing your existing insideout monitoring strategy with an outsidein strategy that proactively moni tors the application experience of your end users. As SaaS tools become more pervasive, it will be essential to proactively assess application availability, response times, and integrity from all worldwide locations in which you have employees and customers. Similarly, IT organizations cannot abdicate their respon sibilities for disaster recovery (DR) planning simply because a subset of their application portfolio is now being hosted and operated by SaaS vendors. SaaS
products typically have multiple integration points with other applications, databases, and utilities within IT. The interfaces required to authenticate user access to SaaS applications, supply or extract data to/from SaaS applications for reporting purposes, and synchronize data in SaaS applications with other databases and appli cations need to be explicitly defined and tested during DR exercises. Although IT is no longer responsible for the hardware and soft ware components of individual SaaS applications, IT remains responsible for the rollover and recovery of all of the interfaces that ensure the business integrity of SaaS tools.
5 TIps
95
some element of functionality critical to your company that needs to be incorpo rated into a SaaS application. Your ability to influence the prioritization of such enhancements may be limited. This can become particularly frustrating when the enhancements are small and could have been readily achieved if the application were being maintained internally.
restrictions on the movement of certain types of data across national boundaries, and other restrictions have been imposed on the man agement of health care records and other forms of personal data, very sophisticated encryption and aliasing technologies are available to protect sensitive information.
You must retire legacy applications to achieve the true financial benefits of SaaS
A SaaS product rarely provides wholly new functionality that is not already being delivered by one or more existing onpremise applica tions. To achieve the full financial benefits of a SaaSfirst strategy, IT organizations need to redouble their efforts to retire legacy appli cations possessing duplicative capabilities. As a bestpractice suggestion, I would encour age all IT organizations to establish a sunset architect within their enterprise architecture team whose sole job is to establish and enforce a retirement timetable for legacy applications whose functional capa bil ities have been largely replaced by new SaaS tools. There is no true cost advantage to in cor porating new SaaSbased capabilities in your application portfolio if you are forced to maintain legacy applications with duplicative capabilities.
To achieve the full financial benefits of a SaaSfirst strategy, IT organizations need to redouble their efforts to retire legacy applications possessing duplicative capabilities.
Much of the current debate regarding infor mation security is legal and contractual in nature and focuses on who will bear the financial responsibility for business damages triggered by the inadvertent loss of sensitive information. Currently, businesses are largely selfindemnified if such losses occur from any of their onpremise systems. They will likely remain selfindemnified if similar losses are incurred by any of their SaaS providers. I strongly suspect that, over the next five years, our industry will overcome many of the pho bias that currently exist regarding the security of data being managed by SaaS providers.
96
applications are being considered, the reli ability of the SaaS alternative is rarely, if ever, discussed relative to the current reliability of a companys onpremise application suite. Similarly, prospective SaaS customers screening the security architectures and procedures of SaaS vendors rarely initiate such investigations by exposing the security lapses they have experienced over the past 12 to 18 months. SaaS vendors are not screened to determine the relative improvements in data security they can provide. They are screened to determine the likelihood that any security lapses might occur in the future. SaaS vendors are typically asked to guaran tee the availability and security of their services in an absolute sense with zero toler ance for service disruptions or data loss. They are not asked to compare their levels of reliability and data security to the current performance of the IT organizations procur ing their services.
SaaS capabilities are appearing in unlikely places. A companys data center once known as the glass house was conventionally considered to be the most highly restricted inner sanctum of the IT empire. The idea that SaaS tools could be used to perform external discovery of data center resources, monitor availability, assess capacity utilization, and so on, would have been abhorrent ten years ago. no selfrespecting data center manager would have ever let a third party come through the firewall and interrogate their devices or access in situ agents. Those phobias are increasingly giving way as technology becomes more complex, the IT talent pool contracts, and the speed of the business accelerates. Its ironic that SaaS capabilities have even found their way into ITs core functions.
SaaS products make increasing sense in a business marketplace that prizes agility over customization and in an IT industry that prefers buy solutions over build solutions in responding to business needs.
enlightened IT organizations will form SaaS implementation teams that can be reformed as needed to support the implementation of new SaaS capabilities in any functional domain. Most IT groups have mergerand acquisition tiger teams, consisting of a set of people who are routinely pulled away from their normal responsibilities to support the assimilation of newly acquired companies. Similar teams should be established for SaaS implementations.
97
The two biggest technical issues in imple menting any SaaS tool are user access and integration. Access procedures need to be orchestrated within the singlesignon security procedures that have been established for all other business applications. Interfaces between the new SaaS tool and preexisting applications and databases need to be defined and implemented. Rather than letting individual application teams discover and resolve these issues on a casebycase basis, enlightened IT groups will form specialized teams that can leverage past experience to accelerate the implementa tion of SaaSenabled business capabilities.
SaaS tools are just one element albeit an important one of the cloud computing transformation that is sweeping across the IT industry. As part of this transformation, IT executives are abandoning the own and operate management paradigm that has dominated our industry for the past 50 years and are moving toward a new management framework built around brokering and inte grating services. SaaS capabilities are a critical and essential element of this new framework. early SaaS adopters will be a step ahead of their compe titors in realizing the full benefits of cloud computing as this transformation continues.
98
Business Runs on IT. IT Runs on BMC Software. Business thrives when IT runs smarter, faster and stronger. Thats why the most demanding IT organizations in the world rely on BMC Software across distributed, mainframe, virtual and cloud environments. Recognized as the leader in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT organiza tions cut cost, reduce risk and drive business profit. For the four fiscal quarters ended June 30, 2011, BMC revenue was approximately $2.1 billion. Visit www.bmc.com for more information.
*216319*
Business Runs on IT. IT Runs on BMC Software. Business thrives when IT runs smarter, faster and stronger. Thats why the most demanding IT organizations in the world rely on BMC Software across distributed, mainframe, virtual and cloud environments. Recognized as the leader in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT organiza tions cut cost, reduce risk and drive business profit. For the four fiscal quarters ended June 30, 2011, BMC revenue was approximately $2.1 billion. Visit www.bmc.com for more information.
*216319*