Best Practices for Scaling Up SaaS

Guardian Life Insurance isn't about to take big risks when making IT investments, and CIO Frank Wander will be the first to tell you that he doesn't have a cloud computing strategy, per se.

Guardian Life Insurance isn't about to take big risks when making IT investments, and CIO Frank Wander will be the first to tell you that he doesn't have a cloud computing strategy, per se.

But over the past five years, the $10 billion financial services company has moved 18 applications into the cloud. It shut down a compute grid and moved its actuarial modeling application into an Amazon EC2 cloud. And it's now in the process of broadly deploying two major software-as-a-service suites.

One of the two is Workday's human resource management suite. Guardian wasn't ready to reveal the other, but at the Atmosphere conference last fall, Google announced that it had signed Guardian as a Google Apps customer.

There's no cloud agenda at work here, says Wander. Each service has earned its seat at the table by undergoing a rigorous technology acquisition process that has been updated to include considerations unique to SaaS and other cloud services. Each service has also passed through a collaborative review process that involved the legal, security and sourcing groups in addition to IT.

"We don't do anything because it's cloud. But if the financials look right, if the risk profile looks right, if the richness and robustness look right, we go with that solution," says Wander.

Advertisement

The sheer breadth of Guardian's move to the cloud puts the company on the leading edge among Fortune 250 organizations. The extent of its commitment to cloud services is also changing the business's IT infrastructure and redefining roles in the IT organization.

As more corporate infrastructure moves to SaaS, it's important for organizations to build a strong foundation of best practices to manage risks around security, uptime guarantees, compliance, limitations of liability, remedies and other contract details, say Wander and other IT executives. The business must be fully engaged in the technology acquisition process, and the organization must follow best practices that are well thought out -- from the initial request for information to integration, ongoing management and contract renewal.

Computerworld talked with several organizations about the challenges they face in scaling up with SaaS and other cloud services, why the technology still isn't the best fit for some applications or business requirements, and why they decided to sign on -- or walk away.

Leading by Example

Wander "is a real leader," says Robert McNeill, vice president of research at HFS Research. In many organizations, he says, SaaS "happens" to CIOs as business units bypass IT. "What's interesting is that he is using SaaS in IT -- an area that he controls. He is embracing SaaS as a way of changing the business," says McNeill.

Fine Print

Would you sign this contract?

The following terms and conditions have been summarized from actual SaaS vendor agreements. It pays to read the fine print. What's more, users may encounter a "click-wrap agreement" that pops up, even if they have a separate contract. Which agreement takes precedence if a user clicks OK? Make sure your contract spells that out, says Russell Weiss, a partner at Morrison & Foerster.

aC/ The SaaS vendor can suspend your right and license to use services, or terminate the agreement in its entirety, for any reason or no reason, at its discretion at any time, with, at most, 60 days' notice.

aC/ In the event of a suspension of service, the SaaS provider will not intentionally erase your data (but will not represent that it will preserve it) and can condition return of your data upon your compliance with terms and conditions that the SaaS provider may establish in the future.

aC/ Your access to services may be suspended without notice, and the SaaS vendor will have no liability with regard to such downtime.

aC/ You bear sole responsibility for adequate security, protection and backup of your data, even though the other party is hosting it.

aC/ The contract terms can be changed at any time by the SaaS vendor.

aC/ Your company must indemnify the SaaS provider from all claims relating to your use of the vendor's services, with no limitations on liability.

Source: Morrison & Foerster

-- Robert L. Mitchell

But Wander isn't alone in his thinking. The number of SaaS implementations is climbing in other enterprises, says McNeill. He adds, "We're seeing global implementations of cloud services across the very largest of organizations," including even core enterprise applications to some extent. McNeill sees the use of horizontal SaaS applications globally or across large swaths of the corporate user base as a key trend.

That view is backed up by research from Gartner. The overall market for SaaS-delivered enterprise applications will increase from $9.97 billion to $23 billion by 2015, representing a compound annual growth rate of 17.9%, according to a November 2011 Gartner report.

Cindy McKenzie, senior vice president of enterprise application services at Fox Entertainment Group, has also moved aggressively into the cloud. Transferring 11 shared services applications, ranging from recruiting to tax reporting, over to SaaS providers was "the riskiest business decision I have made in the last 18 months," she says. The global SaaS deployments, which host personally identifiable information and other sensitive data, "pushed information security, audit and legal [departments] past their comfort zones," but allowed the business to get strategic initiatives up and running more quickly and at a lower cost than on-premises alternatives, says McKenzie.

This year, Fox plans to move more corporate applications to the public cloud, including payroll and HR. The new system is easier to use than the existing PeopleSoft application, has passed a five-year total-cost-of-ownership evaluation and can be online in much less time than it takes to upgrade PeopleSoft.

The most critical success factor, McKenzie says, was involving the audit, security and compliance departments from the beginning. "It saved a lot of headaches. If you try to do that work after the fact or when you're signing a contract, you've lost your negotiating power," she says. "The biggest surprise was how immature the governance processes were for some of the smaller SaaS vendors. We ended up pushing a number of vendors to make changes to meet our standards."

Guardian's team follows a well-defined, formalized process from start to finish, says CTO Richard Scott. "Together we evaluate all aspects of technology solutions. It's based on a matrix and scoring and a very pragmatic, objective way of looking at the solutions," he says.

"We have good vendor management processes," which are part of Guardian's governance model, Wander says. Guardian has the same operational processes for SaaS and on-premises software. "We have operational performance management. We check response times just as we would do internally. And we take end-user satisfaction measures over time," he says.

A Disciplined Approach

Start scaling up SaaS with a centralized procurement model, these executives say. Before Guardian developed its federated approach to technology acquisition, its SaaS deployments didn't always go through IT, says Doug Greene, vice president of corporate systems, security, risk and compliance at Guardian. That's a common problem, especially in large companies, according to Robert DeSisto, an analyst at Gartner.

Changes Afoot

How cloud is redefining IT roles

As the number of SaaS and other cloud service deployments continue to increase in the enterprise, IT executives are rethinking IT roles. The demand for new skill sets is leading to new job descriptions, and some traditional functions will eventually fade away.

"There will be a disruption in the IT talent base, and you need to retool and plan for that," says Mark Nathan, head of technology, planning and governance in the Corporate Office of Technology at Guardian. The insurer has 20 SaaS deployments in place or underway and recently turned off a large compute grid that powered its actuarial modeling application and moved it to the cloud. With even more functions likely to move into the cloud, Nathan is already planning for how to prepare the IT team for the transition.

So what's out? Guardian's migration to SaaS has meant fewer "rack and stack" administration jobs and less work for internal software developers. Rather than code changes, IT staff increasingly deals with configuration changes. But the need for integration specialists, contract managers and business transformation experts has increased, as has the need for specialists trained to monitor vendor performance and service level agreements. "Our plan is to retool IT toward these skills over the next five to 10 years," says Nathan.

Fox Entertainment Group has recently both deployed a private cloud and migrated 11 applications to SaaS providers. "With SaaS, our roles have lessened considerably. We have a whole lot fewer software developers assigned to staff and we don't have server admins," says Cindy McKenzie, senior vice president of enterprise application services. But database administrators are still actively involved, and project manager and project analyst roles have increased. It's a big change, she says: "The management oversight is larger, but overall the IT roles are smaller."

The Boeing Co.'s internal private cloud is also bringing changes. "Traditional roles that do a lot of designing and standing up of servers and creating customer solutions are going to go away," says Federico Genoese-Zerbi, former vice president of information technology infrastructure. Instead of building and administering servers, "IT will focus on continuing to upgrade the design patterns of the infrastructure, predicting volumes, and optimizing the way that the multitenant environment gets consumed." In the future, he says, "servers will be self-provisioned and IT will spend more time examining what that service looks like."

Related:
1 2 Page 1
Page 1 of 2
Survey says! Share your insights in our 19th annual State of the CIO study