Navigating the Complexities of Cloud within your IT Portfolio
Managing an environment comprised of on premise ERP-type platforms and cloud SaaS solutions is an easy task, right? Over the past five years, every CIO has been impacted by pervasiveness of cloud. We have heard that these solutions can be implemented in hours and don’t even require the assistance of IT departments, but reality is unless the SaaS offering is intended to be a stand-alone system containing non-critical data, there is much more to it!
"Although operating SaaS solutions within your portfolio creates significant challenges, we must recognize this is a part of the new norm"
During the early years of Mosaic, we were able to implement common platforms, such as SAP and Maximo, which put us in an enviable position of establishing tightly integrated on-premise systems. Since that time, the shape of our solution portfolio has evolved to include many SaaS solutions. After all, what business will resist the opportunity to deliver solutions rapidly through the use of SaaS solutions! We have realized 50-75 percent reduction in the duration of our implementations by leveraging their standard out of the box templates and configurations.
For the first handful of SaaS solutions pursued, the process to complete contracting and implementation were slower than desired. For example, our contracting approach was to use the vendor’s boilerplate contract as the starting point. This tactic resulted in an excessive number of contract discussions and redlines, resulting in several weeks to finalize each contract. As it became abundantly clear SaaS solutions would be routinely added to our portfolio, addressing the challenges associated with acquiring, implementing and operating these solutions became an imperative. Security, interoperability and developing team skills were the primary challenges tackled.
The most mentioned issue associated with SaaS solutions tends to be security. The perception of multitenant environments with intermingled client data is a scary prospect for most. Other commonly highlighted security-related challenges are:
1) Assurance the provider will secure my data from outsiders,
2) Ensuring my organization is notified of breaches,
3) Obtaining commitment of where my data will reside.
Our approach has been to employ standard contractual language to enforce the service provider’s commitment to best practice security principles, retaining annual security certifications, providing notification of cyber events and explicitly designating regions of data storage. By using our standard language, the contracting process was accelerated by focusing on those critical protections required. To address the intermingled data, in-depth discussions with each provider are conducted to verify the appropriate architecture is in place such as user partitioning, data partitioning and multilayer encryption to appropriately address the risk.
Despite all of the concerns on security, I believe interoperability is rapidly becoming the biggest challenge. As disparate solutions such as SaaS are introduced into your solution landscape, the propagation of duplicative data across the enterprise typically follows, generating a huge risk of in accuracy. The ease of integrating SaaS solutions with other systems is a critical success factor to address this risk. Some providers embrace open source or standard EAI tools for integration, while others will force the use of proprietary embedded integration tools. The embedded tools are promoted as having standard system adapters which can be appealing, but often the tools lack the maturity of monitoring, management and flexibility. Ideally each data object will reside in one primary system and be accessed from other systems as required, but the likelihood of achieving this nirvana is slim. To aggregate data from multiple sources for reporting or to enable transaction processing across disparate systems, either robust integration or data replication will be required. If you choose to replicate data in SaaS solution, what is your risk? If you require real time integration to your ERP, do you have integration capabilities to accomplish? To address this challenge, integration has become a key factor in solution selection with a bias to solutions supporting the use of our EAI tool. Additionally, data replication is undertaken as a last resort only.
The third challenge is developing skills to implement and operate SaaS solutions effectively. Architecture is a critical discipline to leverage for success, however, the skills of integration and solution development must adapt to embrace cloud practices. A mindset shift is required to aggregating and integrating, versus building. Integration teams must be trained on any new proprietary tools, plus enhance their skills to effectively manage a highly complex web of integrations. Developers must be able to deliver solutions rapidly, using techniques such as prototyping and iterative development, which will be a big shift from traditional waterfall-type development. Acknowledging these skill gaps and addressing directly with your team provides the best chance of success.
Although operating SaaS solutions within your portfolio creates significant challenges, we must recognize this is a part of the new norm. The best strategy is to proactively plan for implementing these solutions rapidly and securely, creating that “seamless” platform for your business. Master this model and great things can happen.