Published on January 2017 | Categories: Documents | Downloads: 34 | Comments: 0 | Views: 690
of 104
Download PDF   Embed   Report



A Compilation of Articles by Industry Experts

Focus on: SaaS

It’s All About Business Innovation
Top 10 Reasons SaaS Is Here to Stay Strategies for Success with Cloud and SaaS Gaining Trust in the Cloud A Structured Approach to SaaS

Published by BMC Software

We greatly appreciate the contributions of the following people and companies: Jack D. Bischof, Accenture Fred Broussard, IDC Dennis Drogseth, enterprise Management Associates (eMA) Frederic Drouin, Wood Group Information Solutions Malcolm Fry Jeffrey Gore, Column Technologies Rohit Gupta, BMC Software Bob Johnson, BMC Software Jeffrey Kaplan, THInKstrategies Bill Kirwin, Alinean Robert Mahowald, IDC Tom Pisello, Alinean Mark Settle, BMC Software W. Wyatt Starnes, Harris Corporation Phil Wainewright Steven Woods, eloqua Corporation Editor-in-Chief: elaine Korn Executive Advisor: Roy Ritthaler Senior Editor: lea Anne Bantsari Technical Editors: Andrew Harsch, Chris Rixon Editorial Team: Janice Brown, linda Donovan, Sheila Mangione Creative Design: liora Blum, liora Blum Graphic Design Creative Direction: John Bishop Special Thanks: larry Bandemer, Patty Baumgardner, Kyle Brantley, Kathryn Craig, nori De Jesus, Dennis eaton, Kimberlee ellis, Ali Ghazanfari, Tony Goodwin, Kate Guillot, Chad Haftorson, Daniel Kirkpatrick, James leach, Carolyn lindsey, Stacey nash, Kimberley Roach, Tony Sanders, lilac Schoenbeck, Matthew Selheimer, Jessica Walker, Chris Williams, Michelle Winter

To learn how BMC Software BSM solutions can help your business, call 800-841-2031. BMC soſtware, the BMC soſtware logos, and all other BMC soſtware product or service names are registered trademarks or trademarks of BMC soſtware, Inc. all other registered trademarks or trademarks belong to their respective companies. Copyright © 2011 BMC soſtware, Inc. all rights reserved.

Focus on: SaaS


A message from Rohit Gupta, General Manager, Remedy/SaaS It’s all about business innovation
By gaining better insight and assisting the transition to new technologies, CIOs can pave the way for innovation that drives competitive advantage. By Fred Broussard and Robert Mahowald

28 9 cloud myth busters:


TCO savings, ROI, and more
Myths abound about cloud technologies. Sort through the hype to reach fact­based assessments and financial analysis. By Tom Pisello and Bill Kirwin 36 Beyond security:


Gaining trust in the cloud
When you use cloud services, you want them to be a trustworthy extension of your data center. But how can you trust that those services will get you to your destina­ tion? Here are some factors to consider. By W. Wyatt Starnes 45 Choosing a SaaS-based IT service

13 Cloud computing and SaaS:

A global perspective
Cloud computing and SaaS present a variety of benefits and risks for CIOs, IT orga nizations, and lines of business. For a global perspective, Andrew Harsch, senior manager, SaaS Solutions for BMC Software, sat down with Phil Wainewright, notable industry expert, to discuss this topic. Here are some highlights from their conversation. 20 Top 10 reasons SaaS is here to stay The broad and increasing acceptance of SaaS indicates that the approach is not a trend that will fade anytime soon. The benefits tell the story. By Jeffrey Kaplan

management solution
Consider a more complete solution if you need integration, automation, and change/ release management. By Bob Johnson 52 Strategies for success with cloud

and SaaS
The cloud can improve IT service delivery and is causing increased interest in tradi­ tional ITSM functions. Here’s what you need to know. By Dennis Drogseth


58 ITSM in the cloud: Springboard

for a new line of business
Wood Group Information Solutions turned to SaaS so the company could offer managed services to a strategic client, opening the door to a new line of business. Read about the company’s step­by­step approach to success with SaaS. By Frederic Drouin 64 The future of SaaS: How to prepare

76 The truth about ITIL and SaaS As the SaaS model increases in popularity, several misconceptions have arisen regarding ITIl and SaaS. This article dispels some of these rumors. By Malcolm Fry 83 Maximizing your SaaS implementation Understanding the challenges of a hybrid IT environment is a key factor to success with SaaS. Here are five strategies for deli­ vering maximum value with your SaaS implementation. By Jack D. Bischof 90 A SaaS-first approach to application


for the revolution
enterprises and particularly CFOs are recognizing the advantages of SaaS to satisfy a myriad of business and tech­ ni cal challenges. As you move toward a SaaS environment, here are some things to keep in mind. By Steven Woods 70 Fast-track SaaS with a proven

portfolio management
SaaS is here to stay. As you examine your application portfolio with an eye toward SaaS, keep in mind the benefits as well as the adjustments you’ll need to make in your IT organization. By Mark Settle

You’ll get the best results from your SaaS solution if you use a structured approach. Here are four guidelines to help you prepare for a smooth deployment. By Jeffrey Gore

“SaaS is providing the platform, both in a figurative and literal sense, to deliver on the vision of increased efficiencies and value.”
— Fred Broussard and Robert Mahowald, IDC

“There’s great potential for very exciting business innovation and business process innovation using online capabilities and using the instant productivity that the cloud enables.”
— Phil Wainewright

“SaaS applications are quickly becoming more robust, user friendly, and reliable.”
— Jeffrey Kaplan, THINKstrategies

“The future of SaaS and cloud will involve more complexity but will also provide you with more agility and more capabilities.”
— Dennis Drogseth, Enterprise Management Associates (EMA)

“SaaS will increase agility for both IT organizations and the lines of business they serve.”
— Steven Woods, Eloqua Corporation

“If you’ve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation.”
— Jack D. Bischof, Accenture

“The on-demand nature of SaaS can offer tremendous agility to IT organizations and business users.”
— Malcolm Fry


A message from Rohit Gupta

General Manager, Remedy/SaaS, BMC Software

Software as a Service (SaaS) provides op ­ por tunities for IT organizations to increase efficiencies, enhance agility, reduce costs, and, ultimately, maximize the value IT pro­ vides to the business. And now, more and more IT organizations are exploring ways to use SaaS offerings as part of their overall service portfolio. How can you most effectively leverage SaaS offerings? Where should you start? What are the challenges of managing a hybrid IT environment, and how can you best address them? Can you trust the security in the cloud? Is there a place for IT Infrastructure library® (ITIl®) best practices in SaaS? This edition of VIEWPOINT, which includes contributions from industry experts, BMC Software customers and partners, and BMC thought leaders, answers these questions and more. each article provides advice and practical guidance to help you successfully move forward with SaaS.

How can you best deliver business value through innovation, while reducing overall costs? To learn how, read the article by Fred Broussard and Robert Mahowald of IDC. next, get a global perspective on SaaS in the interview with Phil Wainewright, an influential industry commentator. SaaS is not a passing trend; it’s here to stay. And Jeffrey Kaplan of THInKstrategies explains the top ten reasons why. Do you want the facts on return on investment (ROI) and total cost of ownership (TCO) in the cloud? If so, read the myth­busters article by Tom Pisello and Bill Kirwin of the ROI consultancy Alinean. This article lists common myths and then proves them false. The article by W. Wyatt Starnes of Harris Cor poration discusses some considera­ tions to help you gain trust in your cloud service provider. For guidance on how to achieve success with cloud and SaaS, read


the article by Dennis Drogseth of enterprise Management Associates (eMA). Wood Group Information Solutions leveraged SaaS to start a new line of business. Read how, in the article by Frederic Drouin. And in the article by Malcolm Fry, IT industry luminary and ITIl expert, you’ll learn why ITIl is just as critical with SaaS as it is with other software implementations. These are just some highlights of the articles you will find in this edition of VIEWPOINT. Whether you’re just starting to explore SaaS or already on the SaaS path, we hope you find this publication informative and useful. Best regards, Rohit Gupta
General Manager, Remedy/SaaS BMC Software

About Rohit Gupta
Rohit Gupta is general manager and vice president for the Service Support product line at BMC Software, including IT Service Management/Remedy and SaaS (Remedy OnDemand and RemedyForce). He is re­ sponsible for R&D, product management, strategy, and go­to­market for SaaS deli­ very and operations as well as overall P&l for the Service Support business. Gupta previously was vice president of product management and engineering operations for identity management and security products at Oracle Corporation. Prior to Oracle, Gupta was a senior executive at Sun Microsystems, and he has held engineering and management positions at Sun Microsystems, FAST/nextpage, Oracle, and nCl. Gupta has a Master of Science in computer science from Case Western Reserve University.


It’s all about business innovation


It’s all about business innovation
By gaining better insight and assisting the transition to new technologies, CIOs can pave the way for innovation that drives competitive advantage.
By Fred Broussard and Robert Mahowald



uccessful companies are always seeking to innovate. In the 1960s, large enterprises began to use technology for bulk data processing; in the 1970s, com­ panies introduced computer access to the front office via terminals. The 1980s brought the onset of computers to everyone’s office, while in the 1990s, businesses began to rely on enterprise­wide applications. The early 2000s brought the wide­scale adoption of mobile devices. How can today’s CIOs continue this momentum and assist their businesses with the next breakthrough idea? What’s clear is that today’s CIOs are keen to deliver business value through innovation. While cost cutting is still a priority, CIOs are also clearing the way for strategic initiatives that will position their enterprises for growth and success. These CIOs know that the suc­ cessful companies will be the ones that adapt quickly to changing market conditions and customer expectations. Moreover, the orga­ nizations that don’t embark on the path of innovation and growth now will likely become obsolete in the eyes of their industry peers, customers, and financial stakeholders. Software as a Service (SaaS) is providing the platform, both in a figurative and literal sense, to deliver on this vision of increased efficiencies and value. Recent streamlining and automation initiatives have helped make IT organizations more agile, so they can support their busi­ nesses’ needs for flexibility and adaptability. SaaS provides an additional level of agility, enabling IT to spin up new services virtually instantly in support of the business. How­ ever, leveraging SaaS to promote innovation

requires visibility into business processes, particularly processes that touch the customer. So what do CIOs need to do to pave the way for innovation that drives competitive advantage?

It’s all about business innovation

Better insight = increased value creation
SaaS and cloud computing give CIOs more options. More options, however, can compli­ cate decision making. CIOs and their teams must determine which workloads are suit­ able SaaS candidates and which are not. In some cases, the decision to go to SaaS may be obvious. For example, a number of enterprises that were struggling with out­ dated sales force automation (SFA) systems found that switching to SaaS solutions from or other companies made more business sense than having the IT staff define business requirements; evaluate solu­ tions; conduct a pilot; acquire and deploy hardware, software, and other components; and manage the on­premise solution. The cost advantages of SaaS were too compelling to pass up, and the almost instant onboard­ ing meant the enterprise could start reaping SFA benefits immediately instead of some­ time down the road.

SaaS is providing the platform, both in a figurative and literal sense, to deliver on the vision of increased efficiencies and value.
On the other hand, many organizations — because of their industry, vertical, or even regulator y constraints — may require on­premise solutions. For example, many


government entities choose on­premise due to extremely tight security control objectives. For many workloads, however, the decision might not be so clear. It’s those not­so­obvious choices that worry CIOs as they work to build a smart, business­responsive IT portfolio. If they’re going to make good choices, CIOs need better visibility into business require­ ments and the true cost of delivering services. To get that visibility, CIOs are strengthening their outreach to business users and launching initiatives around comprehensive IT spend analysis. They are going beyond the cost of servers and software licenses to include the entire people/process/technology equation to determine what kind of changes will yield more value from IT. These initiatives are providing richer insight into key areas, including: » The services that businesspeople need » The true cost of providing any given service internally » An accurate comparison of the cost of an on­premise solution versus an equivalent SaaS solution » The time­to­implementation implications of SaaS versus on­premise solutions » Visibility into the outside services that business users have contracted for and the risks these “hidden assets” pose to secu­ rity and compliance » Best practices or capabilities available in SaaS solutions that are not currently lever­ aged in the organization

The solid, objective data gained from these initiatives can guide CIOs’ decisions on how to buy, consume, and manage services, and deliver them to the business in ways that enhance productivity and increase profitability. CIOs are bringing IT organizations to a new level of sophistication in which IT defines the services offered along with appropriate service level agreements (SlAs) and then brokers those services within the enterprise. It doesn’t mat­ ter if those brokered services run on internal systems or a public cloud.

Achieving quick wins
Finding a balance between serving customers with innovative new solutions and keeping the lights on in the data center continues to weigh on the minds of CIOs. In recent years, a strong convergence has occurred between the requirements of the end­user customer and an increased desire to leverage familiar technologies (such as Web portals). Referred to as the consumerization of IT, this type of shift can have an immediate and dramatic effect on the volume of calls to IT support organizations, how these incidents are tracked, and mean time to recovery (MTTR).

CIOs are bringing IT organizations to a new level of sophistication.
Gathering as much information as possible — with a trackable way for end users to view progress (as opposed to constantly calling to follow up), prioritization, and routing — can allow IT support organizations to handle a much higher volume while increasing the speed at which they respond. As a result of these enhanced IT support capabilities, IT organizations have been able to free up


their budget allocations and redeploy staff to high­value, strategic projects. However, most enterprises need to do more to enable people, processes, and technologies to work together more efficiently and effectively. CIOs are also enthusiastic about the potential cost savings they can achieve by moving certain workloads to the cloud. As CIOs outsource to the cloud, however, they aren’t necessarily reducing headcount. Instead of cutting staff, savvy CIOs are redeploying people to tackle strategic projects that drive business innovation.

For many in IT, the physical presence of the server room is a sense of security. Gaining confidence that workloads are safe on the “outside” is a major mental hurdle for many IT professionals. CIOs can overcome these concerns by choosing SaaS providers that clearly demonstrate they can provide the required level of security.

It’s all about business innovation

CIOs are enthusiastic about the potential cost savings they can achieve by moving certain workloads to the cloud.
The shift to SaaS and cloud computing isn’t likely to be as radical as some people predict. IDC expects the shift to be evolutionary, not revolutionary. IDC’s forecast window to 2015 estimates that only about 15 percent of overall IT budget will be allocated to cloud. For most companies, cloud might never exceed 50 percent of their total IT portfolio.

Embracing change
The famous visionary W. edwards Deming may have said it best: “It is not necessary to change. Survival is not mandatory.” Bottom line: IT professionals need to be comfortable accepting the changes that SaaS represents or they will not be able to effectively con­ tribute to IT’s successes. But how can you convince people to accept these changes?

5 Key TaKeaways
about SaaS
» Today’s CIOs are striving to deliver more business value through innovation. » Software as a Service (SaaS) helps IT organizations increase efficiencies and enhance value. » SaaS provides additional agility and cost savings. » CIOs need to address resistance to change in their organizations. » CIOs are focusing on combining internal and external services to enable IT to deliver the right business services at the lowest cost.


SaaS will certainly be transformative, but there will continue to be significant on­ premise assets for many years to come. IT will need to manage not only the internal assets, but also assets in the cloud. Managing the combined private/public cloud environment may present a challenge for IT professionals, who will need to develop new skills for the emerging hybrid world. Some of those skills will be related to technology, but many will involve the ability to engage more closely with business owners as well as becoming more skilled and disciplined in the management and measurement of third­party suppliers. Successful CIOs will recognize these changes as opportunities for growth and will promote a sense of excite­ ment about the challenges ahead.

important role in uncovering the flaws in specific processes because they don’t have a stake in those processes.

Capitalizing on the cloud
Few IT organizations, if any, have reached a level of sophistication where they’ve taken all the excess cost out of the infrastructure. So, in the near future at least, CIOs will continue to look for cost savings. Moving forward, however, CIOs will also focus on combining internal and external services in a way that allows IT to deliver the right business services in the most economical manner possible. SaaS and cloud computing can help them achieve cost containment and innovation goals by eliminating capital expenditures and enabling IT to deliver ser­ vices sooner rather than later. The more mature IT organizations are closer to having full visibility and, therefore, are better positioned to capitalize on moving to the cloud and realizing value through higher revenue, lower costs, and greater efficiency. ●

Moving forward, CIOs will focus on combining internal and external services in a way that allows IT to deliver the right business services in the most economical manner possible.

Enabling business innovation
IT will need to work closely with the business to gain insight into how customers interact with current processes. That knowledge will help IT professionals collaborate with busi­ ness units to seize opportunities to improve customer satisfaction, generate new revenue streams, and increase profitability. This is an area where third parties can be especially beneficial. external consultants can provide an unbiased view of processes and objective advice that isn’t tainted by political motivations. They can play an


About the authors
Fred Broussard is a research director in IDC’s System Infrastructure Software group, specifically focusing on PC device management software and enterprise systems management. He is responsible for covering all aspects of problem management software (e.g., IT help desk software) and change and configuration management software (e.g., asset management, system configuration, software distribution, and software licensing). Broussard has a bachelor’s degree in aerospace engineering from the University of Southern California, a master’s degree in systems management from Western new england College, and an MBA from the Massachusetts Institute of Technology. Robert Mahowald is a research vice president at IDC and leads the SaaS & Cloud Services practice as well as co­leads IDC’s Cloud Services: Global Overview program. In his role, Mahowald advises clients on key trends and opportunities in the changing world of software creation and delivery. His research identifies trends and market dynamics in software development, licensing, and delivery characteristics of the SaaS delivery model. An experienced speaker, Mahowald is well known as a subject matter expert in the areas of SaaS, IT cloud services, and software application delivery. A ten­year industry veteran, Mahowald previously led research for IDC’s Collaborative Computing practice. Before joining IDC, Mahowald was an officer in the U.S. Army, earning the rank of lieutenant colonel in his 26­year career of active and reserve service. Mahowald earned his B.A. from the University of Iowa and his M.A. from Wesleyan University.

It’s all about business innovation 12

Cloud computing and saas: a global perspective
Cloud computing and SaaS present a variety of benefits and risks for CIOs, IT organizations, and lines of business. For a global perspective, Andrew Harsch, senior manager, SaaS Solutions for BMC Software, sat down with Phil Wainewright, notable industry expert, to discuss this topic. Here are some highlights from their conversation.


VIEWPOINT: Phil, you’re in a unique position to provide a 30,000­foot view of SaaS [Software as a Service] around the world — a global perspective of the unique charac teristics of the various regions. What can you tell us? Phil Wainewright: For starters, the United States is such a huge market that it gives U.S.­ based providers a big advantage because there’s no barrier in terms of the size of the market that they can address — at least not until they’ve worked through the first 300 million people in the United States. But if you’re in any other part of the world, in europe or South America or Asia­Pacific, the size of the economy that you can address — before you actually start to cross borders into other languages, currencies, legal jurisdictions — is much smaller. And that creates a natural obstacle. This is true in any industry, but you feel it particularly strongly if you’re operating in the cloud or on the Inter­ net, because one of the big features of the Web is that it’s global. There are no borders. For example, I was recently at a cloud confer­ ence in luxembourg and some French companies discussed how they have been ver y successful with initially pricing in U.S. dollars, even though they were operat­ ing in France. The idea was that they offer a service — in english — on the Web, and dollars are seen as the base currency of trading on the Web. But then the question arises, what if people want to trade in euros? Do you add that currency? And do you add British pounds? Immediately you have these issues just as you’re getting started — issues that a U.S.­based company doesn’t face.

VIEWPOINT: Are you seeing any regional differences regarding the uptake from the consumer side of the business as a result of cultural issues?

Cloud computing and SaaS: A global perspective

SaaS is an attractive alternative only if you have good broadband penetration.
Phil Wainewright: Culture is the big one. And with technology adoption there’s defi­ nitely a time lag. For example, technologies that have been adopted in the U.S. market get picked up a year to 18 months later in Scan­ dinavia and the netherlands. They get picked up around 18 months to two years later in the U.K, and maybe two or three years later in France, Germany, and southern europe. The same applies to Asia­Pacific, with maybe the Australian/new Zealand market picking up first around the two­year mark and other territories later. The one factor that really stands out is how a regional culture feels about security in regard to cloud applications and other client services. I think it’s fairly true to say that in the U.S. market, security is not as big an issue as it was a couple of years ago. People still want to know how the service or infra­ structure is secured, but they take for granted that it is secure. A few years ago, this was not the case — the assumption was that it was not secure. But this has changed. In europe, a lot of questions are still being asked about security. There’s a lot of suspi­ cion about lack of security and it’s more of a showstopper. In fact, for many in europe, security is almost a reason to stop looking more deeply at a cloud solution. In the U.S.


market currently, it’s more of an objection that simply has to be overcome. But in parts of europe, it’s a real issue. VIEWPOINT: So does that also carry over into the concerns about a startup delivering a solution via SaaS? Do customers worry that the SaaS startup will go bankrupt in three to six months, and their solution will be gone? Phil Wainewright: Well, you must perform the same due diligence as always. And yes, it’s a concern with the SaaS model, but concerns exist with bigger, established companies as well. You may not worry that the larger providers will disappear, but you still get locked in to that provider. If the pro­ vider changes its price trend, for example, then that’s an issue. The due diligence on a potential provider should ex plore the fol­ lowing kinds of questions: What is the commitment? What is the long­term strat­ egy? What is the funding background of this company? How likely is the company to stay around? And it’s always misleading to make general­ izations about markets because there are always outliers. We are seeing successful startups in the european markets because early adopters do exist in europe — in fact, some of the earliest big enterprise adopters of certain SaaS offerings have been in europe. VIEWPOINT: How does bandwidth play into the SaaS story? Phil Wainewright: Here’s an interesting anecdote about the importance of bandwidth. A large enterprise software provider has

been looking to roll out its SaaS offerings in a number of markets. The company is very carefully testing each market to evaluate band width to ensure that ver y specific parameters for response times can be met. And that’s very much dictated by the network infrastructure. The company looked closely at China and at the typical response times that users would get in the main metropolitan areas. As a result of this testing, the company is reluctant to offer SaaS in certain areas of China that are lacking in infrastructure. So it’s quite an important point — SaaS is an attractive alternative only if you have good broadband penetration. Similarly, some companies in India complain about the country’s broadband infrastructure and the fact that it’s holding back adoption of cloud applications. VIEWPOINT: Is anything hindering the adop­ tion of SaaS? Phil Wainewright: People often talk about this notion of data outside the firewall, as if cloud providers don’t have firewalls. The providers do have firewalls, and what people are actually saying is, “I don’t want to have this data outside of my firewall.” What’s really needed is proper accountability and good governance processes and systems between the outside providers and the enterprises. We already have examples of PCI­compliant infrastructure in the cloud and other very challenging compliance needs being met. Some issues still need to be ironed out, particularly around jurisdiction over data privacy and data protection. There’s concern


in europe that if data is with a provider based in the U.S., the data may not be held or pro­ cessed in a way that conforms to european data protection legislation, or might even put the customer at risk of breaking the laws regarding data. The industry and policymakers must come up with solutions that make sense in the cloud environment. VIEWPOINT: So looking globally, are there regional differences as to what people are looking for in SaaS from a B2B [business­ to­business] standpoint? Or are people generally looking for the same capabilities regardless of where they are located? Phil Wainewright: The wave of social media has accelerated a common culture in major metropolitan areas across the globe. And everyone in business is feeling the same imperatives: to be able to compete and connect globally, to be able to work with customers or suppliers globally, to have real­time information, and to be able to get answers to customers on a 24x7 basis. Also, they want to be able to support em ­ ployees who are working on the road using mobile devices, from home, or from cus­ tomer sites, as well as in the office. All of these factors make cloud applications and cloud resources more attractive and more essential because they’re better adapted as a platform for doing this in a very connected way. VIEWPOINT: So is it fair to say that IT orga­ nizations around the world basically have

the same requirements and are looking for the same kinds of features and functional­ ity, even if their customers vary? That is, they may need to be able to adjust their offerings and localize them, or change because of the different types of products or services that they’re delivering. But in es sence, they are managing infrastruc­ ture, applications, and services and need to provide them on multiple form factors, devices, and so on.

Cloud computing and SaaS: A global perspective

Everyone in business is feeling the same imperatives: to be able to compete and connect globally, to be able to work with customers or suppliers globally, to have real-time information, and to be able to get answers to customers on a 24x7 basis.
Phil Wainewright: Yes. I think everyone is exposed to the same technology accelera­ tion and drivers. everyone is exposed to the greater connectivity and the customer expectation of up­to­date information and instant response. In some industries, that expectation is probably more pressing than it is in other industries. But I think it’s prob­ ably equally felt around the world. For example, in Africa, the banking indus­ try is being revolutionized because people now do their banking on their mobile phones. In countries such as Kenya, people have leapfrogged a whole generation or two of tele communications technology that never was reliable or universal on fixed­line telecoms infrastructure. every­ one is going straight to mobile.


now, people in rural areas of Africa are using their mobile phones to check whether there’s a spare part they need from the motor dealer in the next village, and it saves them spend­ ing the day walking there and back to find out. VIEWPOINT: What differences are you seeing in attitudes toward IT­specific applications and services versus applications for HR and sales being delivered via SaaS? Phil Wainewright: People are always saying the holdouts against SaaS are the IT depart­ ments — that IT doesn’t like the idea of giving up control of the computing infrastructure to outside providers and it’s the business­ people who are adopting SaaS. And while there may be some truth that IT is sometimes an obstacle to SaaS adoption by a line of business, IT itself is a very avid adopter of SaaS applications for IT functions such as malware prevention, various aspects of

email archiving, compliance for websites, testing for help desk, and even across cus­ tomer assistance management. VIEWPOINT: Can you outline some key suc­ cess factors for a company moving to using SaaS­based offerings? Phil Wainewright: First, a SaaS strategy is essential. enterprise IT leaders need a way to ensure that the cloud applications are taken on in a consistent way and in a way that can be kept compliant. The IT department needs oversight and governance. They also need an infrastructure for managing provisioning and access and security around all of these different applications. And, of course, an integration framework is critical; otherwise you’ll have incompatible and often contradictory pools of data. This inte gration framework should be created

5 TIps

for successfully moving to SaaS
» Ensure that cloud applications are taken on in a way that is consistent and that can be kept compliant. » Enable the IT department to have oversight and governance. » Create an infrastructure for managing the provisioning, access, and security of Software as a Service (SaaS) applications. » Establish an integration framework, which should be created at the global level in a global organization. » Take these factors into account before you start thinking about the more routine elements of evaluating a SaaS vendor.


at the global level in a global organization. This creates certain difficulties because if you want to standardize on a particular SaaS application for a particular function, only a limited number of SaaS providers operate globally today. So, take these factors into account before you even start thinking about the more routine elements of evaluating a SaaS vendor.

running in 45 minutes by using a cloud solu­ tion. That’s a great example of how rapidly you can implement these solutions. now, in a more traditional enterprise procurement environment, it will take a little bit longer than 45 minutes, but you will still dramati­ cally decrease the time it takes to get the solution in place — perhaps a matter of days or weeks instead of months and years. VIEWPOINT: What is your take on the future of SaaS and cloud computing? Phil Wainewright: This new computing platform has a number of strengths. But I’m really most interested in seeing cloud com­ puting and cloud applications provide a platform for doing business in completely different ways. And there’s great potential for very exciting business innovation and busi­ ness process innovation using these online capabilities and using the instant productivity that the cloud enables. We’re also going to start seeing pushback due to concern about the TCO [total cost of ownership] of all of these different applica­ tions often being added in an uncontrolled way. Finally, SaaS is becoming more main­ stream and large companies will start running mission­critical processes using cloud applications, or using cloud applica­ tions for very large parts of their operation. VIEWPOINT: Any closing thoughts? Phil Wainewright: If you are considering moving to a SaaS­based solution, keep in mind some key benefits. Certain things come for free with a cloud application that would

Cloud computing and SaaS: A global perspective

There’s great potential for very exciting business innovation and business process innovation using online capabilities and using the instant productivity that the cloud enables.
VIEWPOINT: Do you have high­level advice for CIOs thinking about bringing SaaS into their organizations? Phil Wainewright: Well, aside from the due diligence around security and the viability of the vendor — which I’m sure everyone is going to do anyway — CIOs should look at opportunities where SaaS can really open up some breathing space. Right now, a lot of enterprises are adopting SaaS to fill gaps in functionality or where they have very aging, outdated application stacks. And adopting a SaaS application is a very rapid and easy way to nonintrusively introduce a replace­ ment. Plus, you don’t have the technology implementation issues and you don’t need to hire new staff. I was talking recently to an innovative call center software provider in the U.K. that actu­ ally got a replacement call center up and


be quite costly if you were building and imple­ menting the software yourself. For example, take geographical distribution. If you have a lot of mobile users, or a lot of locations such as in the hotel or retail indus­ try, you would need to build a robust wide area network to connect everyone together. With a cloud application, you get that for free because the cloud provider is already cater­ ing to a geographically dispersed user base. You also get mobile platform support for free because the provider must keep up to date with market demands for mobile technology and people needing access to the application on smartphones and tablets, and so on. Global consolidation is another factor. For example, if you have a lot of financial data that you need to consolidate across different geographies, and if you use an application provider that concentrates everything into a single application instance, then you again get the consolidation built in for free. Cloud financial applications are seeing a great deal of success in large globally dispersed orga­ nizations because these applications provide

much better visibility into the real­time finan­ cial information in the various subsidiaries. And finally, remember disaster recovery. With your own infrastructure, you actually need to replicate it somewhere else. But with a large SaaS provider, this is part of the offering. And my closing thought is this: A lot of the conversation we hear about SaaS and cloud focuses strongly on what could go wrong, but I always prefer to emphasize the business benefits and opportunities. It’s only natural for people to be uncertain and distrustful — this is a new platform, there are different parame­ ters for success and failure from what went before, and everyone is feeling their way. But as with any new wave in technology, those who are willing to be the early adopters can reap huge rewards by being the first to dis­ cover how to prosper from the opportunities that any new platform brings along — and I personally believe that cloud is one of the big ones. It’s going to really change the way we use IT in the enterprise, and those who learn how to harness its potential can be big winners. ●

About Phil Wainewright
Phil Wainewright is an influential commentator and strategist on Internet computing and its impact on business, with a track record of spotting key themes and trends at an early stage. He specializes in on­demand services (SaaS/PaaS), services architec­ tures (SOA), and Web 2.0/enterprise 2.0. He has closely observed the evolution of Software as a Service (SaaS) — and more recently Platform as a Service (PaaS) — ever since he founded the website in 1998 to track the then nascent application service provider (ASP) industry. Since August 2005, Wainewright has covered the re­emergence of SaaS in his ZDnet blog Software as Services. He is widely regarded as the most authoritative and best­informed blogger covering the sector.


Top 10 reasons SaaS is here to stay

Top 10 reasons saas is here to stay
The broad and increasing acceptance of SaaS indicates that the approach is not a trend that will fade anytime soon. The benefits tell the story.
By Jeffrey Kaplan




ome technologies fade away, such as VHS tapes, typewriters, and tradition­ al film cameras. Others have lasting power. Software as a Service (SaaS) is one of them. Clearly, SaaS is here to stay. CIOs are no longer asking what SaaS is and why they should want it. They’re now asking when, where, and how can they best take advan­ tage of Web­based, on­demand applications to better achieve business goals.

acquire and utilize business applications and other computing resources, but also how hardware and sof t ware vendors develop, deliver, package, price, sell, and support these solutions. Without question, top vendors are delivering viable alternatives to traditional, on­premise legacy applications. They have proven that they can achieve the reliability and security that enterprises demand. They’ve earned legitimacy by attracting high­profile clients who are now speaking out about their suc­ cesses and providing proof that the benefits of SaaS are very real.

Top 10 reasons SaaS is here to stay

Independent research shows a high level of satisfaction among enterprises that have deployed SaaS solutions. For example, in a Datamation and THInKstrategies survey: » 85 percent of respondents reported that they are very satisfied with their SaaS solutions. » 80 percent said they would renew their services. » 61 percent said they would expand their use of SaaS. » nearly 70 percent said they would recom­ mend SaaS to others. What factors are driving this broad accep­ tance of SaaS? Certainly the 2008 economic downturn is one. The weak economy has forced enterprises to consider more cost­ effective ways to provide the IT services that their businesses require. Another important driving factor is the for­ ward march of technology. Technology breakthroughs have allowed SaaS vendors to bring their solutions to new levels of maturity. The emergence of cloud compu­ ting, which encompasses SaaS, is radically changing not only the way enterprises

Technology breakthroughs have allowed SaaS vendors to bring their solutions to new levels of maturity.
So, why is SaaS here to stay and what are the benefits? Here are the top 10.

1. Limited risk
In the past, IT professionals worried that using external providers for business appli­ cations represented high risk. But for a number of years, the risk associated with SaaS has been kept relatively low due to what I refer to as out-tasking. Out­tasking is about incrementally adopting a solution in a relatively isolated fashion, and testing its capabilities and effectiveness either for free or on a limited­fee basis. Most SaaS solutions vendors offer 30­day trials. Those that don’t are typically willing to negotiate pilot programs so you can confirm that their solutions meet your needs. This


ability to “try before you buy” and investigate at your own pace mitigates risk. Additionally, SaaS vendors have had a num­ ber of years now to demonstrate not only the reliability and security of their offerings but also to prove their staying power. If you stick with major players in the SaaS market, you won’t need to worry that they will go away anytime soon.

SaaS solutions also benefit from crowd­ sourcing, which leverages the collaboration of an expanding user community to employ solutions in innovative ways, drive enhance­ ments, and solve problems. The result is that SaaS applications are quickly becoming more robust, user friendly, and reliable. Those characteristics contribute to greater efficiency and lower costs over the long haul.

4. Rapid deployment
SaaS allows a company to deploy an applica­ tion or service almost instantly. You don’t need to wait until you’ve purchased and deployed servers and hired and trained staff to get a new application up and running. So you save time and money and enjoy faster time to value. This faster ramp­up means you’ll begin reap­ ing the rewards of new applications much more quickly. Depending on the type of appli­ cation and its importance to your business, the rewards could include higher productivity for the employees who use it and a competitive advantage for your business.

SaaS applications are quickly becoming more robust, user friendly, and reliable.

2. Low upfront costs
Perpetual license fees and capital invest­ ments for servers have made traditional business applications costly to acquire and implement. In contrast, SaaS solutions are available on a pay­as­you­go basis. You may need to pay for the first­year subscription up front, but attractive per­user pricing slashes the upfront costs, making these solutions far more affordable than their on­premise counterparts.

3. Lower total cost of ownership
SaaS eliminates more than just the upfront costs. With SaaS, the tedium of ongoing sup­ port falls on the application vendor instead of your in­house staff. Companies that are going the out­tasking route are realizing lower overall total cost of ownership (TCO) as they transfer skilled staff members from reactive and mundane efforts to strategic projects that deliver competitive advantage and business value.

5. Faster adoption/higher utilization
The leading players in the SaaS marketplace have achieved success because they have taken an entirely different approach to design­ ing, developing, delivering, and even selling their solutions. They have focused their atten­ tion on the end user, providing highly intuitive user interfaces and a process­centric orienta­ tion that makes people’s jobs easier. The high usability and relevance these solutions offer can accelerate user adoption, leading to higher employee productivity and effectiveness.


Top 10 reasons SaaS is here to stay

Crowdsourcing comes into play with respect to this benefit as well. Successful SaaS vendors continue to enhance their applica­ tions on a regular basis and deploy those enhancements across the population of customers. Many of them now actively solicit customer participation to guide them in expanding functionality and refining interfaces. These incremental improve­ ments help to shave costs by increasing efficiency and reducing training require­ ments for end users.

programs. Their efforts are paying off. There are far fewer service disruptions or security breaches among SaaS vendors than in tradi­ tional, on­premise software environments.

Leading SaaS vendors invest heavily in robust service delivery and security technologies as well as rigorous certification programs.

7. Easier integration
SaaS solutions generally rely on a common set of Web service protocols and application programming interfaces (APIs). Those proto­ cols and APIs make SaaS solutions easier to integrate with your IT infrastructure than traditional applications. Most likely, however, you’ll still need special­ ized tools and skills to fully integrate SaaS

6. Better reliability and security
let’s face it, SaaS vendors couldn’t stay in business for long without delivering quality services and safeguarding customer data. leading SaaS vendors invest heavily in robust service delivery and security tech­ nologies as well as rigorous certification


applications with your legacy applications and data sources. Vendors and customers are working together to ratchet up the level of integration and make it easier to achieve.

8. Quicker access to innovation
With the SaaS model, customers can take advantage of the vendor’s latest enhance­ ments without the disruptions and cost of upgrading software. enterprises using SaaS applications report a high level of satis­ faction with this fast, easy access to new functionality and enhanced usability. SaaS vendors are also tapping consu mer­ Web innovations and delivering them to business users.’s Chat ter and similar social networking tools are examples.

The new frontier is employing SaaS appli­ cations as a catalyst for innovation within specific industries to automate formerly in efficient business processes and thus help firms increase productivity, improve accuracy, and drive up profitability. The SaaS vendor iPipeline, for example, is helping the insurance industry eliminate inefficient paper­based processes by providing Web­ based forms that can be transmitted quickly between brokers and underwriters.

9. Shared benchmarks and best practices
As SaaS vendors attract a critical mass of customers, they can aggregate the nonpro­ prietary activity data from their customer base and analyze it to better understand which features are working and which need to be improved. They can also use this


information to create valuable benchmark data, which can provide customers with useful insight into industry best practices and help them optimize their operations.

10. Vendor-customer alignment
In the past, the idea of vendor­customer part­ nerships was somewhat an illusion. Once a software vendor sold a customer a perpetual license for an application, the vendor had little incentive to ensure customer satisfaction and success. High acquisition and deployment costs often kept customers locked in. The subscription pricing model underlying SaaS puts more pressure on the vendor to ensure that customers are satisfied and successful. Unhappy customers can quickly switch to a competing solution, whereas satisfied customers will renew, expand their service usage, and provide positive referrals. SaaS vendors can’t afford high customer churn. Instead, their success is dependent on the success of their customers, and vendors are compelled to develop true partnerships with the customers they serve.

Top 10 reasons SaaS is here to stay

The subscription pricing model underlying SaaS puts more pressure on the vendor to ensure that customers are satisfied and successful.
Constant Contact, for example, recently introduced a service that allows its custom­ ers to compare the effectiveness of their email campaigns with those of their peers using such metrics as open rate, click­ through, and bounce­back statistics. This type of information helps businesses fine­ tune their campaigns to achieve a higher return on investment.

5 Key TaKeaways
about SaaS
» Today’s Software as a Service (SaaS) solutions are viable alternatives to traditional on-premise applications. » Top SaaS vendors have proven their reliability, security, and staying power. » Research indicates that 85 percent of SaaS customers are very satisfied. » Low risk, low cost, and rapid time to value are among the top benefits. » SaaS is an idea whose time has come.


What lies ahead
Today’s CIOs are determined to move in the direction of SaaS and other cloud service delivery solutions because, in many cases, these solutions offer more cost­effective alternatives to legacy applications. At the same time, however, CIOs are concerned because the ad hoc manner in which SaaS adoption has been occurring is beginning to cause fragmentation in the IT environment. CIOs increasingly are looking for a more tightly controlled and better managed pro­ cess of SaaS adoption. Only in this way can they ensure that they are making the right SaaS selections, deploying solutions opti­ mally, integrating them with legacy and other

SaaS systems, and, ultimately, getting the best performance and return on investment. In making the move to SaaS, IT professionals will need to monitor and manage SaaS services as an integral part of a complex hybrid IT environment that encompasses both on­premise and on­demand solutions. They need to integrate the management of SaaS services into their IT service man­ agement processes across all areas, including performance management, secu­ rity management, incident and problem management, change management, and vendor management. By doing so, IT organi­ zations can begin immediately to enjoy the 10 top benefits of SaaS. ●

About the author
Jeffrey Kaplan is managing director of THInKstrategies (, an independent consulting firm focused on the business implications of the on­ demand services movement. He is also the founder of the Cloud Computing Showplace (, a vendor­independent, online directory of cloud solutions and industry best practices. Kaplan has more than 25 years of experience and recognized expertise in IT and network management, SaaS, managed services, cloud computing, telecommunications, and outsourcing trends.


9 cloud myth busters: TCO savings, ROI, and more
Myths abound about cloud technologies. Sort through the hype to reach fact­based assessments and financial analysis.
By Tom Pisello and Bill Kirwin

9 cloud myth busters: TCO savings, ROI, and more




urvey after survey of IT executives indicates that cloud computing ranks as one of the top strategic technolo­ gies. This prioritization makes it important for IT decision makers to quickly and clearly understand the available cloud solution options, design considerations, deployment requirements, economic impacts, and more. Cloud computing is also one of the most­hyped new technologies, leading to a decided lack of clarity. Certain bold statements making the case for cloud computing, such as “The cloud will definitely reduce your IT costs,” or making the case against cloud computing, such as “The cloud is not secure,” should not be taken at face value. like most dramatic statements, these might gain attention — even headlines — in the media, and then rise to the status of truth. Some facts and more than a fair share of hot air probably are behind these claims. In fact, many of the claims are baseless unless effort is made to create accurate research and economic­justification models, test them in the real world, and prove when they are true and false. A bold, unsubstantiated, and widely publi­ cized statement is a myth. This article will explore a number of cloud IT myths and shed some light on them.

amortized over a relatively short useful life. And business appetite for IT resources seems insatiable. Yet IT budgets are severely con­ strained in the current economy. Further, new capital investments beget more labor cost to install, administer, and manage these assets.

9 cloud myth busters: TCO savings, ROI, and more

Cloud IT will definitely reduce capital costs over time.
enterprises that are weary from constantly paying for more infrastructure look to cloud IT as a way to cap that spending by outsourc­ ing it to Infrastructure as a Service (IaaS) providers. This desire gives rise to some contrarian views that warn of infrastructure costs increasing with IaaS. Hence the warn­ ing: “Prepare to spend more on infrastructure with the cloud.” As almost always, the truth is “it depends.” Myth buster: Regarding capital investments, cloud IT will definitely reduce capital costs over time. However, it may require an adjustment in both the mix and amount of capital costs in the near term. Additional investment may need to be made in com­ munications and remote management infrastructure, virtualization technologies, as well as systems and asset management to make the infrastructure “cloud ready and cloud capable.” These new assets will require maintenance and upgrades as well as labor and new, perhaps more expensive, skills to manage the hybrid environment that will emerge. The net result is that a capital infusion for operations cost trans formation will happen with a potential for long­term capital costs to be reduced.

Myth 1: The cloud will produce significant infrastructure/ capital savings
Infrastructure costs are the bane of IT orga­ nizations. Infrastructure is capital intensive, requiring high upfront investment that is


To make sure that infrastructure costs do not increase overall, IaaS total cost of ownership (TCO) must be carefully assessed to ferret out hidden costs in service fees, service levels, and in tactical events such as data transfers over the planned lifetime for the service.

combined with a TCO assessment. And then organizations can determine how they would fare in the open marketplace of outsourcing and cloud IT services. Myth buster: Chances are that cloud IT service providers will improve service levels and reduce IT management and support costs. Cloud IT service providers compete in an open marketplace and must offer market pricing and service levels that meet or beat your internal costs and the competition. Factors that drive this pricing and service include providers’ profit­focused, business­ oriented model; their focus on mature, professional services; and their ability to leverage a large, high­volume market. Cloud IT service providers have the wherewithal to invest in the latest technology, the best talent, and the best practices. They focus on their core competencies and sell to a market larger than the largest internal IT organization. Further, the tools to manage an outsourced or hybrid cloud IT environment are available and adequate. The process of vendor man­ agement is fairly well understood but may require some restructuring at the customer IT site, which will again require some invest­ ment to make the IT management “cloud ready and cloud capable.”

Myth 2: The cloud will cost you more to manage than you think
IT management is a multifaceted term. In one sense, it means systems and technology management. This management is actually a platform or collection of tools and techno­ logies to tune, maintain, and troubleshoot servers, storage, networks, and software.

Chances are that cloud IT service providers will improve service levels and reduce IT management and support costs.
In another definition, it is the management of IT processes such as service support (incident, change, and problem management, for example), service delivery (capacity, availability, and financial management), security, asset, and others as defined in the IT Infrastructure library® (ITIl®). A third facet is IT administration where hu­ man resources (HR), finance, governance, and business relationships are managed. All of these functions represent a set of internal costs and risks. These functions also have a maturity level that drives the cost and risk of delivery. every IT organization should conduct a capability or maturity assessment to determine its performance constraints and objectives. This assessment can then be

Myth 3: The cloud will not work until you have services defined and in place
Many organizations, both on the IT side and the business side, wish that their IT services could be better defined, more predictable, and cost/benefit aligned. This desire has caused some of them to put off deployment


of cloud service offerings until they “get their act together.” This delay may be wise for enterprises that are at the lowest levels of maturity, where outsourcing chaos is not a good plan. But the typical organization that has identified basic IT processes and offers them in a reliable manner should consider a limited deployment of cloud services as a learning experience. Myth buster: The cloud can help you mature to a service orientation. Given that cloud IT is a learning experience, the sourcing decision should focus on well­understood, noncritical service offerings. These should run parallel to existing services where possible or be deployed on a pilot basis to a segment of the user population. Costs should be tracked and not passed on if the offering is a parallel offering. every effort should be made to understand the service, service level agree­ ments (SlAs), and terms and conditions of the contract. A vendor that will provide insight into its operations, processes, and practices will go a long way toward cement­ ing a long­term relationship and provide a broader array of services in the future.

certainly can be anticipated and planned around. Vendor lock­ins can occur with in­ house software and proprietary solutions also. This is a well­understood management issue. The risk and cost of vendor lock­in for a sourced solution is usually lower than an on­premise solution. The fear of a pricing change is also a noted inhibitor. Again, this risk factor is manage­ able. The potential for cost overages on in­house projects is arguably higher. Myth buster: Cloud IT can be rapidly deployed and scaled with less risk than most in-house projects.

9 cloud myth busters: TCO savings, ROI, and more

The brand equity of a cloud IT vendor is tied to its service levels.

Myth 5: The cloud may not meet your service level requirements
A hardware vendor’s equity is the price/ performance of its equipment. A software vendor bets on feature/function and plat­ form. Service levels make or break a cloud IT provider. The brand equity of a cloud IT vendor is tied to its service levels. Once the service is determined, the key negoti­ ating factors are price and service level. Chances are very good that the reputable service provider will meet service levels as contracted. Many leading cloud pro­ viders transparently publish and promote ser vice availabilit y and per formance statistics online. Myth buster: Cloud IT will typically meet or exceed service level requirements. That

Myth 4: The cloud is not as flexible and agile as you think
The purported primary business benefits to cloud IT are that it enables rapid deployment of initiatives with business benefits and that it can scale up or down according to demand. This is a highly desirable alternative to IT projects that take several years to implement and require large upfront investments. Although sourcing agreements can have potential traps, such as vendor lock­in, these


said, SlAs are always written to protect the service provider. Service level reporting may be an issue. Just as with any service offering, sourced or in­house, contingency planning for unplanned outages and refund or exit strategies for poor performance must be part of the plan. Make sure that the vendor SlA is transparent and aligns with the service levels promised for the business needs and expected by end users.

An IT security plan needs to cover all pos­ sible breach points. Just about every IT infrastructure has network access and thus is vulnerable to network attacks. Cloud IT providers will vary in their ability to ensure security, but there are cloud IT providers that can meet most needs. Most cloud IT pro­ viders include system and data security as part of their core design, architecture, and implementation. Myth buster: Cloud IT can be as secure as or more secure than on-premise computing.

Myth 6: The cloud is not as secure as you think
nothing is as secure as you would like to think: keeping your data on­site, keeping your savings in a mattress, nothing. Hacking will occur, internally or externally, whether your data is on your drives or on a cloud.

Myth 7: The cloud is flawed regarding disaster prevention and recovery
Fundamentally, the cloud is a perfect archi­ tecture for disaster prevention and recovery.

5 TIps

for cloud IT assessments
» Calculate the total cost of ownership (TCO) for Infrastructure as a Service (IaaS). » Start your cloud initiative with well-understood, noncritical service offerings. » Make sure that the vendor service level agreement (SLA) aligns with the service levels promised for the business needs and expected by the end users. » Remember that the cloud can be a superior platform for disaster mitigation. » Recognize the real costs of IT, so you can understand the payback.


envision huge, multiple, geographically distributed, linked tier 2, 3, or 4 data centers with capabilities for redundancy, mir roring, and backup and restore. The cloud can be a superior platform for disaster mitigation. Indeed, one of the earliest uses for networked computing was for disaster recovery. It was often privately built and always very expen­ sive. Cloud IT commercializes this capability and leverages multi­tenancy to make it more feasible and affordable. Myth buster: The cloud can provide a superior as well as a more cost-effective disaster recovery facility.

in cost, functionality, flexibility, and/or agility are compelling, there are fewer and fewer reasons not to consider cloud IT.

9 cloud myth busters: TCO savings, ROI, and more

Myth 9: It costs more than you think to migrate to the cloud
The fact is that a cloud IT solution may cost more than an enterprise expects. This is often because the enterprise has only a foggy notion about what the cost of IT actually entails. This notion of inexpensive IT, coupled with the typically high level of quality of marketplace­competitive cloud IT services, may shock some business decision makers. While there is always room for tough nego­ tiations on unit price, there is no leeway to cut corners on enterprise­class services in a market that is just leaving the proving grounds and becoming mainstream. Myth buster: Cloud IT can be a very costeffective solution with rapid return on investment (ROI) if enterprises really know how to calculate this and are willing to do so. It’s important to understand that there are many different types of cloud IT. At the highest level are public and private cloud IT offerings. Then there are architectural service levels that range from infrastruc­ ture, platform, software, and business process as a service. There are also pure cloud and hybrid implementations. Finally, there are myriad ways to contract for and provision these services. They may be pur­ chased as a subscription, per seat, on demand, license, and so forth. These options provide infinite possibilities to customize the service levels, security, and availability of IT capabilities.

Myth 8: You can’t meet privacy and compliance requirements in the cloud
If cloud security is adequate to meet your ne e d s, then pr iva c y a nd complia n ce re quirements are additional layers for consideration. In some highly regulated sectors, there may be restrictions on hav­ ing data off the premises. However, in hybrid cloud IT architectures, even these requirements can be met.

Cloud IT provides transparency on both the cost and service levels.
Myth buster: The cloud is adequate for most privacy and compliance regulations. The issues then become cost, complexity, and convenience. If there are no compelling functional benefits to putting all or part of an application or data on a cloud platform, then there is no reason to deploy using the cloud. Conversely, if the business benefits


The real question is whether the market cost of these services seems realistic to meet your business needs. Most enterprises don’t recognize the real costs of IT and never really understand the payback. Often the functional requirements are not in line with the cost of delivering them. Cloud IT pro­ vides transparency on both the cost and service levels.

The bottom line
As such a high priority, cloud computing will receive great focus, investment, and scrutiny. IT executives must break through the hype and clearly understand the technical, busi­ ness, and economic impacts. Myths are prevalent, and busting the myths with diligent fact­based assessments and financial analy­ sis is a requirement to ensure that the right decisions are made. ●

About the authors
Tom Pisello, “the ROI Guy,” is chairman and founder of ROI consultancy Alinean. Alinean has performed extensive real­world research and analysis tool development on cloud assessments and IT TCO. IT vendors, users, and researchers have taken these models to the field for pre­project planning, business case justifica­ tion, solution validation, and post­deployment value assurance. Pisello’s research and advice articles can be found at, or by following him on twitter @tpisello.

Bill Kirwin, board member for Alinean, is the father of TCO at Gartner, developing measurement and benchmark research and tools for the past 30 years. He recently conducted cloud computing research and TCO model development for Alinean. Kirwin is also a contributor to Saugatuck Technology, the leading research advisory services firm on disruptive technologies such as cloud IT. As an independent consultant, he advises technology providers and buyers with strategic planning and program review. Kirwin can be reached at


Beyond security: Gaining trust in the cloud

Beyond security: Gaining trust in the cloud
When you use cloud services, you want them to be a trustworthy extension of your data center. But how can you trust that those services will get you to your destination? Here are some factors to consider.
By W. Wyatt Starnes




ere’s a riddle: What’s the difference between a 747 jetliner and 6 million parts flying in formation and in uni­ son? The answer is that the 747 is a closed­loop, fully automated, and highly capable system. A 747 is, in fact, made of up 6 million separate parts, including complex automatic flight control systems (also known as autopilots) that perform the same duties as a highly trained pilot. For some in­flight routines and procedures, autopilots are actually more effective and reliable than a person. Autopilots not only make your flight smooth­ er, but they also ensure that your flight is safer and more efficient. The sophisticated closed­loop system — with monitoring and other checks and balances — guarantees that all the critical pieces are working togeth­ er, so you can trust with confidence that you will safely reach your destination.

Compare this scenario to a cloud computing environment. like a modern jetliner, a cloud is highly complex. It comprises thousands of hardware components and perhaps millions of lines of software code. But how can you trust with confidence that your cloud is ready to take off, run, and land? After all, if you plan to use external resources from a third party, this public cloud — or hosted private cloud, in which your company has an isolated set of resources — should be a trustworthy extension of your data center. The cloud must be as trustworthy as a 747. To be trusted, the cloud environment has to be more than secure. It must be a trusted environment to which enterprises can con­ fidently shift business­critical ser vices without sacrificing security, service quality, or management control. Figure 1 shows that as computing deployment models shift from traditional monolithic models to the

Beyond security: Gaining trust in the cloud

Security & compliance Performance & availability

Public multi-tenant

Privacy & separation

Private multi-tenant


Transparency & control

Single tenant

Monolithic Secured

Interoperability & portability


Figure 1: Compute model shifts


cloud, a number of important implementa­ tion para meters come into consideration. Here are some factors to consider when using a cloud offering.

each other. The following section des cribes this issue in more detail. Cloud providers devote a lot of resources to ensuring strong security and isolation.

Security: Essential but not sufficient
The headlines are full of stories about the growing number of increasingly sophisticated attacks on computing systems. IT profes­ sionals face a major challenge to protect their IT infrastructures against such attacks. Often, organizations perceive that having the infrastructure within the walls of their data centers gives them complete control and visibility of the components as well as the people who manage them. With that control is a perceived comfort level in their ability to deliver an adequate level of secu­ rity. However, many IT leaders will often admit their internal data centers are not as secure as they might like. But if you opt to use services from the public cloud, then the servers, networking com­ ponents, and software that support these services, as well as the people managing them, reside in third­party facilities that are outside of your visibility and control. now you must depend on third parties for security, which may actually prove to be advanta­ geous, depending on the relative state of your internal systems. In the cloud, the service provider faces a two­pronged security problem. One prong is the same one that internal IT faces: heading off external threats. The other prong is the need to fully isolate the multiple tenants from

Cloud providers have to deliver a trusted environment that offers security as a baseline but that also offers availability and performance.
In addition to reducing performance and availability risks, providers need to continu­ ously monitor their systems to quickly identify and respond to cyber attacks. The advanced persistent threats (APTs) that have been regularly launched against major enterprises and government entities in the past year represent just one example. Some of these APTs involve email messages that appear to be legitimate. The messages entice recipients to click on links that download and install software that opens the door for hack­ ers to access confidential systems and data. Security is essential, but not sufficient. Cloud providers have to deliver a trusted environ­ ment that offers security as a baseline but that also offers availability and performance.

Tenant isolation
One fundamental source of value in a cloud environment is the use of an underlying shared infrastructure, ensuring that capacity is better utilized. The result is lower costs for all users. However, sharing infrastructure is similar to sharing a common building, such as neighbors in an apartment complex. In any given apartment complex, some neighbors are great, but you may also have a


neighbor who tries to tap into your wireless network without your permission. Similarly, if neighbors on the same shared cloud infra­ structure are able to see or tamper with each others’ workloads, that presents a fundamen­ tal security gap in the cloud architecture. Public cloud providers, therefore, need to ensure that the neighbors sharing infrastruc­ ture are properly shielded from intrusion from each other. Commonly known as tenant isolation, creating virtual software or network­ based barriers between tenants is critical to the viability of a public cloud service. This is complicated by the potential for a single tenant to have workloads that must interact across multiple pieces of hardware and still be isolated from any neighbors in the infrastructure. In addition to ensuring the isolation of tenants for security purposes, the provider must ensure that one tenant cannot use all the resources and cause a perfor­ mance hit on other tenants. Bottom line: Consumers of public cloud offer­ ings need to ensure that their requirements for isolation are met by the public cloud providers.

like all manufacturers, IT hardware manu­ facturers use a bill­of­materials approach to ensure that their systems are built cost­ effectively and with high quality. This precise manifest of what goes into each item ensures consistency and quality. With respect to provisioning software, however, IT hasn’t done as good a job as hardware manufactur­ ers. Many IT organizations employ manual, open­loop software deployment processes that are not only costly but also prone to error.

Beyond security: Gaining trust in the cloud

Public cloud providers need to ensure that the neighbors sharing infrastructure are properly shielded from intrusion from each other.
Trusted cloud computing requires uniformity and accuracy in the deployment of software. You should put mechanisms in place that consistently deploy the right software on the right systems. To help get the right software out at the time of deployment, you might want to consider using a comprehensive database of vendor­supplied firmware and software reference images. You also need to close the loop by verifying that the software you pushed out has indeed been deployed completely and correctly. let’s go back to the 747 analogy. One way airplanes ensure safety is through extensive monitor­ ing and feedback. For example, when a pilot issues a command to deploy the landing gear, he’s not going to land the plane until he gets confirmation that the landing gear is indeed down and locked. IT should run the same way with respect to software. Assume that you deploy a mandatory

Deploying standard configurations
To ensure the reliability and performance of a 747, the manufacturer exercises sound manufacturing principles. That means build­ ing the airplane with standard parts that are put together in standard ways. likewise, ensuring the reliability and per formance of a cloud infrastructure means provisioning with standard parts based on standard configurations.


software update to a hundred servers. If you don’t close the loop with feedback, there are many reasons why all systems might not get the patch. Some might be down at that moment. Others might have failed the installation. Consequently, you may end up with a certain number of servers that are no longer in compliance. That introduces risk.

Keeping configurations standard
Deploying the right software to the right sys­ tems isn’t enough. That’s because systems tend to drift from their standard configura­ tions over time. Drift may occur for a variety of reasons — for example, emergency fixes. As devices drift from standard configu ­ ra tions, they might begin to experience problems such as performance degrada­ tion or system outages. Those problems can become difficult and costly to diagnose. What’s more, nonstandard configurations are more vul nerable to malicious attacks. You need to detect configuration drift in a timely manner. That requires continuous

monitoring to detect changes that result in nonstandard configurations. These changes should trigger an alert for human inter ven­ tion or trigger automated action that brings the device back into compliance. One way to monitor configurations is through auto­ matic discovery that continually scans the infrastructure environment, compares the discovered configurations to standards, and reports discrepancies. Monitoring also detects the addition of the download of an APT as a deviation from a standard configuration. Your remediation process could include alerts that systems have potentially been compromised and trigger automatic removal of the malicious software. The response would be imme di­ ate, dramatically reducing risk.

Managing IT change
You will likely make continual, intentional changes to your cloud infrastructure over time. These changes are driven by many fac­ tors, ranging from adding new application

5 ways

to bring trust to the cloud
» Deploy and maintain standard configurations. » Make managing IT change a top priority. » Use monitoring and reporting to ensure continuous compliance. » Tame complexity and cut costs through automation. » Provide full visibility and control.


functionality to meet changing business con­ ditions to keeping up with a steady flow of software patches and updates. not only will you have your own changes, but the cloud provider will also make changes in the infrastructure, make patches available, or upgrade the infrastructure. The changes made by the cloud provider should be seam­ less to you — unless you have a need to know.

if a software update must be rolled out to a server, the operations staff will be informed in advance of the change. The staff can then move services to another server during main­ tenance to avoid service interruptions. Once the change has been successfully completed, the operations staff is notified and can move the services back to the original server. Truly effective change management requires visibility into the components that make up the infrastructure, how they relate to each other both physically and logically, and which ser­ vices they support. With this visibility, IT can assess the full impact of changes, including the business impact, and act accordingly.

Beyond security: Gaining trust in the cloud

One of the critical success factors for cloud computing is an intense focus on managing IT change.
In making changes, you must maintain the continuing integrity of the infra structure by carefully controlling every change. like air­ line maintenance personnel, you have to ensure that every change is properly autho­ rized, that it is made only by authorized personnel, and that it is made with standard parts using standard processes. Consequently, one of the critical success factors for cloud computing is an intense focus on managing IT change. effective change management requires automated processes and workflows for creating change requests, getting them approved, informing the right people that a change is coming, deploying the change according to schedule, closing out the request after validating that the job has been complet­ ed, and maintaining an audit trail of all change activities. end­to­end change management helps en sure high availability by keeping all pertinent parties in the loop. For example,

Maintaining compliance
like airline maintenance personnel, you must document all changes you make to your IT infrastructure to maintain compliance with industry standards and government regulations. examples include the Health Insurance Portability and Accountability Act (HIPAA) for health care organizations, Federal Information Security Management Act (FISMA) for government entities, and Payment Card Industry Data Security Stan­ dard (PCI DSS) for retailers. Compliance requirements vary from industry to industry; some are more stringent than others. With a cloud environment, the provider should address the compliance needs of diverse clients in many industries. This can range from agreeing to an automated audit, submitting proof of certain configurations and controls, or even allowing an inspector to walk the data center checking for specific details of the physical environment. Many


public cloud vendors are reluctant to comply with these requirements, and thus are not able to support the compliance needs of certain customer groups. But even private clouds in many enterprises typically must deal with diversity to support multiple busi­ ness units. Diversity requires the ability to support multiple compliance templates.

but also helps reduce the number of people required per cloud cycle delivered. The re­ sulting lower costs allow cloud providers to offer competitive pricing.

Ensuring visibility and control
Before most enterprises will shift their work­ loads to the cloud, they want assurance that they can maintain management visibility and control. They want to be able to see what’s going on in their environments and interact accordingly. That requires a portal frame­ work that offers visibility and control of their cloud services even though they are hosted in a third­party data center. This portal pro­ vides IT service management in a Software as a Service (SaaS) model. Requirements of this portal include the following: » You should be able to easily request the services you need through a service catalog that clearly defines the available offerings. » If something is out of compliance or a new patch is available, an alert should be trig­ gered so you can control how to proceed. » You should be able to transitionally and seamlessly add and subtract capacity through the portal, including the establish­ ment of reserve systems and demarcations of program software. » You should be able to monitor and manage service level agreements from the portal.

Continuous monitoring and reporting ensure ongoing availability of compliance data, which enables continuous compliance.
Some organizations treat compliance as an activity to be done periodically — maybe monthly or quarterly. Continuous compliance is possible only when compliance becomes an integral part of processes, instead of an extra step. Continuous monitoring and report­ ing ensure ongoing availability of compliance data, which enables continuous compliance.

Taming complexity and reducing costs through automation
The multi­tenant public cloud is more complex than a basic single­tenant cloud environment because it has to meet the diverse needs of many residents. On top of that, the provider should offer favorable economics to motivate clients to move services to an outsourced public cloud in the first place. Managing complexity and reducing labor costs require polic y­based automated processes in a variety of areas, including provisioning and deprovisioning, change and configuration control, and incident and problem management. Automation not only ensures the use of best­practice processes,

From security to trust
Cloud environments can enable enterprises to reap the benefits of private cloud comput­ ing without building their own private cloud infrastructures. But enterprises aren’t going to move to such environments unless they are as trustworthy as 747 jetliners. To gain


trust, providers will need to go well beyond delivering the highest levels of security. enterprises will be looking for a trusted environment that offers security as a base­ line but that also provides assurance of stability, availability, and performance.

In the trusted environment, people have confidence that service quality, compliance, and management control will never be compromised. Security is the baseline, but trust is what enterprises need before they can embrace the cloud. ●

Beyond security: Gaining trust in the cloud

About the author
W. Wyatt Starnes is vice president for advanced concepts for Harris Corporation’s Cyber Integrated Solutions. He is responsible for the advanced development of the Harris Trusted enterprise Cloud service portfolio and the Harris Cyber Integration Center (CIC), a 100,000­square­foot cloud computing node in northern Virginia that was brought online in June 2011. Starnes has more than 36 years of experience in high technology, with eight different startups. He is the founder and CeO of SignaCert, Inc., which was acquired in 2010 by Harris Corporation, an international communications and information technology company serving government and commercial markets in more than 150 countries. Prior to SignaCert, Starnes founded Tripwire, Inc., and served as its president and CeO for seven years. In addition, he is the co­founder of RAInS (Regional Alliances for Infrastructure and network Security), a nonprofit public/private alliance formed to accelerate the development, deployment, and adoption of innovative technology for homeland security. In April 2011, Starnes was selected for the TechAmerica Foundation’s Commission on the leadership Opportunity in U.S. Deployment of the Cloud (ClOUD2), which is tasked with providing the Obama administration with recommendations for both government and commercial advancement of the cloud.


Choosing a saasbased IT service management solution
Consider a more complete solution if you need integration, automation, and change/release management.
By Bob Johnson



he choice on how best to consume software — whether on­premise or through a Software as a Service (SaaS) model — is based on your specific require­ ments at different points in your business and organizational lifecycles. each model presents benefits that take into consideration the IT skills within your organization and your budget for capital versus operational expenses. When you look at each model, it’s also important to consider the potential for growth in your IT infrastructure and the level of customization and integration required.1

determine not only your IT costs, but also your business agility for years to come. Here are the criteria that have helped IT organizations like yours choose the right level of a SaaS­ based IT service management platform.

Choosing a SaaS-based IT service management solution

Key criteria
The size of your user base, along with your staff size and associated skill levels, can provide important clues about the range and complexity of your environment. We’ve found that IT organizations generally employ one help desk professional for every 100 users, and that those organizations with a maximum of 35 help desk professionals are generally can didates for a smaller, slimmed­down offering. Firms with more than 35 help desk professionals, on the other hand, tend to have more demanding requirements that call for higher­end IT service management systems, as well as a skilled staff to imple­ ment them effectively.

The right approach
Choosing a SaaS delivery model for IT service management can provide your IT organization with many benefits. leaving the IT service management infrastructure to a SaaS ven­ dor avoids the upfront costs of purchasing and implementing the software, the capital expense of buying hardware, and the costs associated with compliance and security best practices. However, even after you have chosen to adopt a SaaS model, you still need to decide “how much” IT service management you need. Do you need a tactically focused, slimmed­down help desk application focused on basic work­ flow for incident management and asset stores? Or do you need a more full­featured system that provides detailed information about the IT infrastructure and best­practice IT workflows? Choosing the right IT service management approach is critical because it will help

Choosing the right IT service management approach is critical because it will help determine not only your IT costs, but also your business agility for years to come.
Other considerations might be more impor­ tant than size, however. One is the current and future complexity of your application environment and the IT infrastructure that supports it. If your applications — as well as the servers, storage, and networks that support them — are reasonably simple and static, you could consider a more basic solution to hold down cost and complexity.

1 Paul Avenant, “Top Considerations for Moving to a SaaS Delivery Model for IT Service Management,” BMC Software, 2010.


The greater the complexity, the more you should consider a comprehensive solution. One useful indicator of complexity is the number of changes executed per month, as well as the effect each change has on a service and its related components. The more potential for downtime or security risks each change poses throughout your infra structure, the more robust a change release system you should consider.

If your environment is less complex, a basic solution may be a better way to get that agility and savings. You should also ask yourself whether the managers of your business are moving from a view of IT as a “tactical cost of doing busi­ ness” to seeing IT as a critical business enabler. The more this shift in perspective takes place, the more you should consider a fuller solution that takes a “service­centric” rather than a “trouble ticket” or “reactive” view. A comprehensive IT service manage­ ment solution provides more information and enables more processes. The current and future complexity of your business processes is also important. The more variety in the types of users you have, and the more information they need from more sources, the harder it is to track the underlying IT assets and ensure service levels. If you anticipate a lot of complexity in the future, consider a more full­service solution for the wealth of information and best­process workflows it can deliver. If you don’t anticipate greater complexity, then a basic solution could be more cost­effective. As business managers demand better mea­ surement of the services you provide, it becomes more important to consider a more complete IT service management platform. The measurement and reporting capabilities found in more extensive platforms will help you report on business metrics (such as whether you are delivering services on time and within budget) as opposed to IT­ centric measurements (such as the cost per asset delivered via a service request).

A comprehensive IT service management solution provides more information and enables more processes.
You should also take into consideration what percentage of changes are normal or standard changes, rather than emergency modifica­ tions. That’s because emergencies give you less time to simulate the effect of the change on other components in your environment. The more effort it takes to make changes — and to anticipate and mitigate the effects of those changes — the more you should consi­ der a comprehensive IT service management solution. It provides the deeper insights into your environment that could save significant effort, money, and risk in the future. Another factor to consider is how the solution will help you deliver IT services more quickly and at lower cost. If you have a very complex environment, the automation and manage­ ment provided by a comprehensive solution might actually reduce the cost and time required to provide such services, even though the solution may appear to be more expensive than a more basic alternative.


If managing “what you do” is becoming as important, or more important, than “what you have,” you should also consider a compre­ hensive IT service management platform. Basic systems usually provide only an asset inventory application, rather than an asset management system that uses a configu­ ration management database (CMDB) to catalog information about your IT assets. The CMDB found in comprehensive systems not only stores asset data, but also normal­ izes and shares it with an entire range of IT service management tools. An enterprise­ scale CMDB improves the speed and accuracy of help desk services, while also supporting more mature, enterprise­wide change and release processes. In addition, an enterprise­level CMDB eases asset and software license management activities, ranging from providing software to users to retiring unneeded software.

The ability to integrate other systems — such as infrastructure discovery, event manage­ ment, or business applications — into your IT service management platform is usually found only in more comprehensive solutions. While most basic systems ship with inte­ gration to authentication mechanisms, such as lightweight Directory Access Protocol (lDAP), you should consider a broader solution if you need integration with infra­ structure discovery, event management, or such business applications as enterprise resource planning (eRP) or customer rela­ tionship management (CRM) systems. With the need for broad integration comes the requirement for infrastructure discovery tools that enable the tracking of IT compo­ nents, such as servers, network switches, and storage arrays, through their service life­ cycles. By tracking the IT service components

Choosing a SaaS-based IT service management solution

5 ReasONs

to consider a comprehensive IT service management solution
» Your application environment and the IT infrastructure that supports it are complex or becoming more complex. » The potential risk from changes and the effort it takes to make changes are significant for your organization. » Managers of your business see IT as a critical business enabler. » Business managers demand better measurement of the services you provide. » Managing “what you do” is becoming as important, or more important, than “what you have.”


that provide critical business ser vices, you are better able to make the decisions required to resolve service slowdowns or interruptions, or to meet industry, corporate, or legally mandated compliance and gov­ ernance standards.

more complete tool would speed problem resolution and aid service monitoring by allowing service desk employees to share information about system uptime and performance with widely used enterprise applications, such as eRP or CRM.

An enterprise-scale CMDB improves the speed and accuracy of help desk services.
You’re more likely to need integration with event management systems to the extent that: » Users or customers often discover service slowdowns or interruptions before IT » Users complain about the time or cost involved in solving problems » You have trouble maintaining uninter­ rupted operations across an increasingly large and demanding environment » You’re having trouble sifting through false alarms or multiple warnings about the same issue The integration capabilities found in more complete solutions might be a requirement if, for example, your service desk needs to be notified about, or make changes through, such devices as smartphones, or to share information with industry­specific provision­ ing systems, such as those used in the telecommunications industry. Those inte­ gra tion capabilities may also be required if your IT service management system needs to share information with diagnostic tools, such as remote access, or software that allows a service to repeat the sequence of events that caused an error. Finally, con­ sider whether the integration provided by a

Change management and service level management
Comprehensive IT service management solutions tend to provide higher levels of support, as well as more mature processes around change management and service level management. You should give greater consideration to change management the more you experi­ ence serious problems when implementing changes or security updates within your normal maintenance windows. You should also make change management a very high priority if you have experienced slowdowns or crashes because of changes made in error or in the wrong order, or if the problems are caused by “collisions” among multiple releases. Change management might also help if you are experiencing delays in identifying which IT components provide specific business services, thus hindering your staff’s ability to troubleshoot or resolve problems. Ask your­ self how beneficial it would be to be able to simulate the impact of changes before making them. Would it reduce application downtime or performance issues? Would it reduce your risk of not complying with corporate, industry, or government regulations? Moving to a broader IT service management solution with mature change management


processes might also help you reduce costs and errors by grouping configuration changes or by changing the order in which they are done. What’s more, change management is worth considering if the business wants to significantly improve compliance with industry­standard best practices, such as the IT Infrastructure library® (ITIl®), and if your current change or release manage­ ment processes make it difficult to ensure compliance with corporate, industry, or gov­ ernment regulations. Service level management capabilities found in comprehensive IT service management solutions may be worthwhile if your business requires interactions among multiple appli­ cations and IT infrastructure components, or if you need to provide different levels of service to various classes of users. Other consi derations include whether you must meet specific ser vice level agreements (SlAs) for users in different business units or divisions, and whether the business measures IT on its ability to provide business services (such as decision support for a manufactur­ ing system or policy underwriting) rather than just applications and network uptime. You should also consider a comprehensive solution if you need to improve — in a con­ sistent and measurable way — the efficiency, effectiveness, or accuracy of such disciplines as change management, service level man­ agement, or release management. A more complete solution is also worth considering if a holistic (versus “siloed”) view of how your IT infrastructure and core business affect each other would help reduce costs and/or provide better service to users, business

partners, or customers. Finally, consider an extensive service level management option if you are under pressure to better align IT with the business or to make IT a “business enabler” rather than just a support function.

Choosing a SaaS-based IT service management solution

Consider a comprehensive solution if you need to improve — in a consistent and measurable way — the efficiency, effectiveness, or accuracy of such disciplines as change management, service level management, or release management.
You’re less likely to need as many service level management capabilities (and thus should consider a slimmed­down IT service manage­ ment solution) if you only need a “help desk” to solve specific problems and perform individual tasks, such as upgrading a user’s machine. Consider a less sophisticated system if business managers mostly view IT as a cost of doing business and necessary to maintain­ ing daily operations, as opposed to helping the business grow and enter new markets.

Release management and data center automation
The more you need mature release manage­ ment capabilities and data center automation, the more you should consider a comprehen­ sive IT service management solution. You should give more consideration to release management to the extent that you have experienced problems implementing new application releases within your normal maintenance windows or have experienced application outages or slowdowns due to soft ware that was released in error or released in the wrong order. The streamlined release management provided by a robust


IT service management tool can help free your IT staff from routine work to develop new mission­critical applications or services. Data center automation may be a requirement if your internal IT group is having trouble matching the prices that cloud service pro ­ viders are quoting for IT services. It may also be a requirement if your IT staff is being pulled away from strategic, business­critical projects to “keep the lights on” or deal with operational emergencies. Finally, this may also be a require ment if management is considering outsourcing part or all of your IT operation to save money.

On­premise deployment may be a better fit the more you need to customize the code (as opposed to just reconfiguring the system settings) or integrate it with locally hosted applications. You should give more consider­ ation to on­premise deployment if you have significant concerns about the reliability or speed of the Internet access available to your enterprise.

Future needs
As you weigh these criteria, consider your current and future needs. For example, is the size or complexity of your organization growing? Is IT emerging from its current tactical role to become a more strategic enabler of business services? Will higher maturity levels in such areas as configura­ tion and release management hold down costs or boost customer satisfaction as you move to serve new markets and new customers? While you want to ensure a healthy return from your investment, consider whether comprehensive IT service management capabilities might not only save money in the long run, but also position your enter­ prise to outperform the competition. ●

The on-premise option
While there are many benefits to deploying IT service management through a SaaS model, there are other cases where on­ premise deployment may be the best option. On­premise deployment is required, of course, if your organization must comply with government, industry, or corporate guidelines that forbid corporate data or sys­ tems being hosted outside the enterprise firewall. It may also be the best option when senior business or IT management are, for whatever reason, fundamentally opposed to moving critical systems to the cloud.

About the author
Bob Johnson, vice president and general manager of BMC’s Software as a Service business, joined BMC in December 2009. Johnson has more than 20 years of experi­ ence in SaaS/managed services marketing, product management, application development/integration, and broadband networking. At Cisco, he was responsible for leading the development of Cisco managed services offerings for advanced technology appli ca tions. He also held executive positions at SAIC­Telecordia Technologies and the SaaS division of Breakaway Solutions.


Strategies for success with cloud and SaaS

strategies for success with cloud and saas
The cloud can improve IT service delivery and is causing increased interest in traditional ITSM functions. Here’s what you need to know.
By Dennis Drogseth




t’s all about the cloud these days, and it’s no wonder. Cloud can improve IT service delivery in ways not before possible, and the approach is causing a resurgence of interest in IT service management (ITSM) functions. The bottom line is that Software as a Service (SaaS) and the cloud will make IT more agile, more capable, and more innova­ tive. What’s not to like?

» Cloud technologies require visibility across both cloud­related and non­cloud­specific services as well as increased cross­domain awareness and higher levels of automation. » Core service management disciplines ac­ celerate a more successful adoption of cloud.

Strategies for success with cloud and SaaS

5 key strategies
You can learn from the experience of IT organizations that are effectively managing cloud and SaaS. This section describes five strategies for success in moving forward with cloud and SaaS in your IT organization. By following these strategies, you will save time and effort, avoid political delays, and keep your cloud/SaaS project on track.

And the survey says…
enterprise Management Associates (eMA) recently conducted a survey about the impact of cloud on IT organizations. The results of the survey show that IT organizations recog­ nize that SaaS and cloud technologies are maturing and the adoption rate for these technologies is steadily increasing. According to the survey, SaaS adoption was up 10 per­ cent and 77 percent of respondents said SaaS was either in deployment or committed.1

Strategy 1: Take charge of the cloud
You should define cloud, not allow cloud to define you. Begin to leverage cloud by deconstructing it. Cloud is a fragmented set of technologies; it is not a goal or destination. Remember that the people who talk about cloud as a destination are mostly infrastruc­ ture vendors. Although some IT organizations now have more than 30 percent of their applications hosted on a cloud platform, many are start­ ing to wonder whether specific applications should stay in the cloud. Clearly, there are real benefits in SaaS, but you should always ask, on a case­by­case basis, whether it is better to outsource or keep the application in­house. Depending on the application, you may find that it’s less expensive to provision it in­house. Or you may decide that you want

Cloud is a means to an end, not an end in itself.
In addition, cloud will continue to have a “catalytic effect” on service management depar tments and on technologies that will assist these organizations to more effectively understand, manage, and moni­ tor the services they deliver. At a high level, the survey revealed that: » The dynamic nature of cloud computing will mandate a greater capability for the people, process, and technology to support the rapidly changing infrastructure.

1 This data appears in the February 2011 research report, Operationalizing Cloud: The Move Towards a Cross-Domain Service Management Strategy, from enterprise Management Associates® (eMA™). eMA studied 155 IT organizations that were seeking a more cohesive cloud strategy.


a particular application in­house for greater flexibility and control. Remember, cloud is a means to an end, not an end in itself.

Strategy 2: Get C-level buy-in
People, organization, and process issues are almost always significant in any IT initiative, and cloud is no exception; the C­level sup­ port can help you clear the traffic jams and make sure all parties do what they have agreed to do. eMA data shows that 70 percent of cloud initiatives needed to be redone. To avoid that disaster in your IT organization, approach the initiative from both the top down and the bottom up.

For example, in many cases, the group evolved from an infrastructure and archi­ tecture services group or a DevOps group. A cross­domain service management group might comprise network systems, application storage, and related systems. What’s relevant is the dynamic nature of the environment. Cross­domain service management groups are proving highly effective for strategy, com­ munications, and planning with respect to cloud and SaaS. Such groups should ideally include the czar and a cloud architect or vir­ tualization architect. If an IT organization has a good cross­domain group in place, and the group has C­level commitment to support its efforts, then IT can more easily build processes and optimize the storage and the network to facilitate a cloud initiative and a virtualization initiative. The group should understand where cloud can help IT the most, and how. Based on this information, the group can creatively build a step­by­step plan that includes defined goals for each step. The approach is similar to the traditional approach to a configuration management database (CMDB) or any other kind of initiative.

Strategy 3: Appoint a czar
Someone needs to have overarching man­ agement responsibility for the cloud. This person should know (1) what’s going on in cloud, (2) who owns which cloud­related services, and (3) who the stakeholders are. Where are all those people, inside and outside the IT organization? What are the commitments? Are there are any service level agreements (SlAs)? Put someone in charge and make them accountable for specific goals and objectives.

Strategy 4: Build a cross-domain group
Many IT organizations — 59 percent of the respondents to the eMA survey — have cre­ ated cross­domain service management groups that are responsible for managing and/or plan ning services for internal and external customers. Typically, these groups evolved from earlier efforts in enterprise IT service delivery.

Cross-domain service management groups are proving highly effective for strategy, communications, and planning with respect to cloud and SaaS. Strategy 5: Ensure your ITSM infrastructure can support your SaaS strategy
So you have taken charge of the cloud, obtained management buy­in, appointed


a cloud czar, and built a cross­domain group. now, make sure that your ITSM infrastruc­ ture can meet the needs. A good ITSM team, processes, and the right infrastructure can enable you to most effec­ tively cope with the dynamic nature of cloud. Things change or are moved, and someone else owns it. Your established processes need to take these variables into account, whatever ITSM solution you choose. The ability to start to automate and build from well­defined IT Infrastructure library® (ITIl®) or similar best­practice processes or workflows is very beneficial. Take advantage of best practices, strong processes, and an ITIl­aligned platform that has strong support for automation.

» leveraging infrastructure more economi­ cally, efficiently, and dynamically in support of service delivery » Provisioning services faster and more effectively » evolving IT’s role from a service facilitator to a service broker » Tying IT more closely to the business than ever Cloud offers several technologies to help achieve these goals. As senior IT managers consider employing new infrastructure op­ tions such as virtualization and SaaS, they are thinking in a more cross­domain mind­ set within IT. This mindset is something eMA has championed for years. The “not so good” is that senior management may put pressure on IT to adopt cloud, before IT is comfortable with moving to a cloud environment. IT organizations are being forced to respond faster to the needs of the business, and senior management is usually

Strategies for success with cloud and SaaS

The good, the bad, and the ugly
The good part is that cloud presents an opportu nity to raise the stature of the IT organization by:

5 BeNefITs
of cloud and SaaS
» Cloud and Software as a Service (SaaS) can make IT more agile, capable, and innovative. » Cloud presents an opportunity to raise the stature of the IT organization. » Implementing virtualization and SaaS fosters a cross-domain mindset within IT. » The use of cloud technologies can tie IT more closely to the business. » The lower cost of deployment and management of SaaS allows organizations to redirect funds toward growth and innovation.


aware that cloud and SaaS can help. But extra attention from senior management can also create strain for some in IT. And the ugly? The ugliest potential outcome for cloud deployments is chaos: degraded service performance, security breaches, and a general loss of control — in which business and IT stakeholders and owners remain fragmented and ungoverned, and service provider relationships are haphazard and sometimes at odds with each other.

eastwood — as long as the executive IT sheriff and his cross­domain posse remain vigilant and engaged.

What this all means to you
The future of SaaS and cloud will involve more complexity but will also provide you with more agility and more capabilities. The lower cost of deployment and management of SaaS means that you can redirect funds toward growth and innovation. SaaS and cloud participate in an ecosystem of partners, suppliers, and service providers, all gathered around an interrelated set of business services. IT’s job will be to work the ecosystem in the best way to plan, deliver, and optimize IT services in support of busi­ ness outcomes. Follow the five strategies discussed in this article to make the most of your cloud and SaaS initiative. ●

The future of SaaS and cloud will involve more complexity but will also provide you with more agility and more capabilities.
It’s something like making cars for a super­ highway system where every windshield is covered with soot. This outcome, however, is ver y avoidable — even without Clint

About the author
Dennis Drogseth joined enterprise Management Associates (eMA) in 1998 and currently manages the new Hampshire office. Drogseth brings more than 30 years of experience in various aspects of marketing and business planning for service management solutions. He supports eMA through leadership in Business Service Management (BSM), CMDB systems, automation systems, and service­centric financial optimization. He also works to promote dialogue across critical areas of technology and market interdependencies. Drogseth works extensively with vendor clients to help establish meaningful product positioning within an over­ crowded marketplace, as well as with IT clients seeking to establish effective baselines for strategic management initiatives. He is a speaker on many manage­ ment­related issues. Prior to joining eMA, Drogseth worked to develop marketing strategies and new business models for Cabletron’s SPeCTRUM management software. Before Cabletron, he spent 14 years with IBM in marketing and commu­ nications, including a year of international consulting on best practices for bringing networking solutions to market.


ITsM in the cloud: springboard for a new line of business
Wood Group Information Solutions turned to SaaS so the company could offer managed services to a strategic client, opening the door to a new line of busi­ ness. Read about the company’s step­by­step approach to success with SaaS.
By Frederic Drouin

ITSM in the cloud: Springboard for a new line of business




was an interesting request — one that created quite the challenge for our external IT consulting business unit, Wood Group Information Solutions (WGIS). A client asked us to take on the management and operation of its IT service desk and infrastructure — and wanted the new service desk to be operational in a very short period of time. But managed services was not one of our firm’s existing offerings. What’s more, I wasn’t considering expanding our business in that direction. But this was a very strategic client — a client that was depending on WGIS to help make its IT operations more efficient and to help it achieve greater business success. So we decided to take on the challenge. The result: Today, WGIS has a new line of business that is expanding rapidly, generating addi­ tional revenues, and contributing to business growth and profitability. How were we able to launch a new service offering, quickly and effectively? The answer is Software as a Service (SaaS). The avail­ ability of a robust IT service management (ITSM) solution in the cloud gave WGIS the agility and flexibility to seize this opportu­ nity. The new managed services offering has become a key component of our busi­ ness, and it is proving to be a differentiator that helps WGIS attract and retain clients.

rapid time to implementation, which was vital to addressing this client’s needs. Traditional approaches would have required a significant investment in hardware and software plus the need to hire resources to deploy and manage the environment. Additionally, the staff would have faced diffi­ cult decisions about how much to invest in infrastructure. An inadequate investment in hardware and software might have resulted in a poorly performing system that could damage the customer relationship. Buying too much, however, would have cut into profitability and possibly made the managed services offering a losing proposition.

ITSM in the cloud: Springboard for a new line of business

The pay-as-you-go pricing model allowed us to acquire service desk functionality without a hefty capital investment.
SaaS eliminated these barriers to entry. The pay­as­you­go pricing model allowed us to acquire service desk functionality for this client without a hefty capital investment. The SaaS provider maintains an infrastructure that is ready and able to scale. As a result, we can take on new clients with confidence. A streamlined and rapid onboarding process gets clients up and running almost instantly. With SaaS, we were able to get the client’s new service desk operating successfully in just two months. SaaS also positioned WGIS to quickly expand the scope of our offerings. Additional ITSM modules are available from the SaaS provider, including asset, change, release, service request, and service level management. We plan to

SaaS breaks down barriers to entry
Without SaaS, WGIS likely would have passed up this business opportunity, because the traditional IT model makes entry into the market costly. Moreover, it doesn’t support


expand our managed services offering with additional modules in the coming months.

A solution built on ITIL best practices allowed for rapid implementation using proven processes.

While we acted swiftly to meet the client’s deadline, we simultaneously applied due diligence at every step to ensure quality. The road map included the following steps.

Understand the requirements
The first step was a thorough investigation of both the client’s needs and WGIS’ criteria. Three primary requirements emerged for the SaaS solution. Operation in the cloud was first and foremost for the reasons men­ tioned earlier. Robust functionality was essential to ensure that the client’s service desk needs would be met effectively over the long term. Predefined best­practice pro­ ces ses were indispensable. A solution built

Step-by-step approach yields success
One of the critical success factors for this new business was the decision to move incre­ mentally instead of taking a “big bang” approach. With each step, the team gained knowledge and experience that moved the project ahead and demonstrated quick wins along the way.


on IT Infra structure library® (ITIl®) best practices allowed for rapid implementation using proven processes.

Select a provider you can trust
The quality of the SaaS provider was an important factor in the success of WGIS’ new business venture. So, although attrac­ tive pricing was vital to maintaining a lean balance sheet, we determined that the cheapest option wasn’t necessarily the best. Other important requirements with respect to the provider included experience, depth of offering, and scalability in terms of adding not only users but also functionality.

acquire comprehensive knowledge before rolling out the service to the client. The side benefit of this step has been improved incident management for WGIS. We replaced a patch­ work of spreadsheets and tools with rigorous service desk processes that have improved service desk efficiency by 15 to 20 percent.

ITSM in the cloud: Springboard for a new line of business

Manage the scope of the initial offering
By keeping the initial project to a manageable size, the team gained familiarity with service desk processes and the software, and could apply them to the needs of the client. We achieved immediate success, and from the start we were able to meet the contractual obligations for reliability and performance.

Acquire internal expertise
It takes solid skills and experience to run a service desk — or any managed services offering for that matter. To help build expertise, we formed a service delivery group and launched the service internally. We appointed an ITIl Master to head up the team. The team worked closely with the SaaS provider to

Reach out to new clients
We were so enthusiastic about the success of the first managed services offering that we shared information about it with other clients. Other companies expressed an immediate interest in service desk as a managed service. Pay­as­you­go, scalability,

5 TIps

for a SaaS­based business
» Understand your client’s requirements. » Partner with a mature, reliable Software as a Service (SaaS) provider. » Acquire the right skills, experience, and expertise. » Manage the scope of the initial offering. » Build on success to expand the number of clients and the depth of the offering.


and rapid onboarding enabled us to meet their needs, bringing the number of man ­ aged services customers to four in just three months.

Rapid return
Our clients are pleased with the managed services offering, which enables them to concentrate on their core competencies and strategic growth. WGIS offers them predict­ able pricing and visibility of services. The service desk staff is responsive to client needs and reliably meets the agreed perfor­ mance targets. Based on initial estimates, we expected to achieve return on investment (ROI) within 18 months. But the payback for this new venture is happening much faster than anticipated, and we now expect a 9­ to 12­month ROI. Bottom line: SaaS offers exciting and com­ pelling cost benefits. But for WGIS, the real value lies in the agility SaaS provides to respond swiftly to customer demands — even when that means venturing into a brand new line of business. ●

Expand the scope of the offering
The success of the service desk offering led us to investigate the viability of expanding the offering and making it a strategic part of the business. We found that the offering complemented our existing consulting busi­ ness: A number of consulting customers are interested in turning the responsibility of their IT service management over to a partner that has demonstrated quality in other areas. We are now putting a road map in place to expand the scope of our offering on a quarterly basis, starting with asset management. Change management is likely to be the next addition. The order in which the firm adds modules will be based on our clients’ requirements.

About the author
Frederic Drouin has been the general manager of WGIS since november 2009. Prior to WGIS, he was the IT manager and act­ ing CIO at CITIC Pacific Mining.


The future of saas: How to prepare for the revolution
enterprises and particularly CFOs are recognizing the advantages of SaaS to satisfy a myriad of business and technical challenges. As you move toward a SaaS environment, here are some things to keep in mind.
By Steven Woods

The future of SaaS: How to prepare for the revolution




he SaaS revolution is coming to enter­ prise IT, whether IT is ready or not. SaaS applications are moving from single department implementations to top­ down enterprise strategy. SaaS applications are becoming integral to companies’ busi­ ness strategies and long­term growth. And companies appreciate that SaaS vendors take responsibility for their customers’ suc­ cess. Companies will be looking for deep IT engagement with SaaS vendors and custom­ ization to the business. So what can IT do to prepare for the SaaS revolution? Here are five key areas for IT to focus on.

months) growth constructs of flexibility, scal­ ability, security risk, manageability, and customizability. Therefore, IT organizations need to get more deeply involved with the lines of business and help each line of business think through these longer­term decisions. IT becomes an advocate for the business needs; it does not necessarily have to focus on the infra­ structure, because that is the concern of the SaaS vendor. The longer­term challenges of flexibility, scalability, growth, and manageability are just as real whether the software is delivered in the SaaS model or in the on­premise model. So it’s crucial to redefine IT’s role as truly understanding the long­term business need.

The future of SaaS: How to prepare for the revolution

1. Be an advocate for business success
now more than ever, IT should be a supporter of business needs for the short term and the long term. That means understanding the current business process, as well as how that business process may evolve. In addition, IT should understand how the business’ needs will grow and how the SaaS system will scale. IT must take into account — and ensure — security from both the inside and the outside. And, IT should evaluate whether the system will provide flexibility when the business processes and business priorities need to change. Most businesspeople are ver y good at understanding the near term (0 to 12 months). They know what their pain is. They know what they need to solve. They recognize that a certain piece of software can solve it — or at least improve the situation. On the other hand, the IT organization is usually good at understanding the longer­term (24 to 36

2. Be proactive
The IT organizations that are really succeed­ ing with SaaS are the ones that are taking a proactive approach to embedding skilled IT professionals within the lines of business and understanding the business, all the way to 36 months out and beyond. These organizations are the pioneers of a new way of life for IT.

The longer-term challenges of flexibility, scalability, growth, and manageability are just as real whether the software is delivered in the SaaS model or in the on-premise model.
Take eloqua Corporation as an example. eloqua provides SaaS­based marketing software. We constantly ask ourselves questions such as: How do our customers generate revenue? What do we have for


data? How do we understand the buyers? What are the systems? What are the systems likely to be in 12 and 24 months? What will our customers’ priorities be in 12, 24, and 36 months? Our customers’ IT organizations are valuable guides and participants in answering these questions.

initial requirements while being scalable, extensible, and flexible enough to meet future requirements. IT will also need to focus on matching business requirements to the platform and fully understanding what the platform can do versus building and deploy­ ing these capabilities in­house. They also need the ability to assess the vendor itself — especially the vendor’s willingness and ability to provide back­end support equal to or better than the support IT has been providing. Making these assessments against busi­ ness needs is not a trivial task. With SaaS applications, you cannot perform the same types of technical testing that you might with on­premise software. There will be a greater need to understand the business needs, and to understand the business processes and how they generate revenue — and now IT will finally have the time to do it.

SaaS will increase agility for both IT organizations and the lines of business they serve.
In the near future, SaaS may prove to be the biggest boost ever in IT’s quest to become more proactive versus reactive and to achieve greater efficiencies in IT service management. The reason is simple: SaaS offloads IT from worrying about current application problems; as a result, many IT people will be able to spend almost 100 per­ cent of their time helping the business focus on longer­term needs.

3. Develop skills to assess and manage
In an on­premise world, successful IT profes­ sionals have the skills to build software that is scalable, manageable, flexible, and secure, and mitigates risk. But in a SaaS environ­ ment, IT professionals need the ability to assess and manage. They need the ability to determine, when they’re watching a demon­ stration, whether what is “under the hood” of the system really is scalable, manageable, flexible, and secure. In other words, IT organizations need to really focus on understanding the platform itself: learning how to ask the right questions and request the right proof points that will determine whether the software meets their

4. Maximize the benefits of agility
SaaS will increase agility for both IT organi­ zations and the lines of business they serve. SaaS solutions typically have a high degree of flexibility and configurability. As a result, IT will be able to work toward early successes and then iterate beyond those quick wins. This is the best way to build more momen­ tum in any project. So, rather than working toward a massive payoff that will be delivered 36 months in the future, the IT organization should constantly strive to deliver more incremental benefits to the business — tangible benefits in real time. In tandem, the business will also become


more agile. It will have the systems to support quick, nimble business moves.

5. Establish appropriate metrics
In a SaaS world, IT’s success should be measured by system adoption and system success — not on the number of support tickets or other metrics from the on­premise world. This means that metrics need to be more business relevant, rather than technical. Project success should be measured in terms of the percentage of user adoption, user satis­ faction with the system, successful business projects completed on the system, or execu­ tive usage of the analytics provided, rather than uptime, transaction speeds, or speed of response to trouble tickets. Changing these metrics pushes an IT organization to consider all factors involved in system selection and deployment, rather than just technical factors. So be sure to really think through how IT professionals will be evaluated and ask questions such as: What do we need from

this system and where are we trying to go? How do we get there? Can the system provide what we need? Do we need help from the vendor?

The future of SaaS: How to prepare for the revolution

The enterprise, SaaS, and integration
One other point deserves mention here: integration. In an on­premise environment, an integration of any two or more systems might include an element of “wiring” the two systems to talk to each other. This is usually done by the customer.

Metrics need to be more business relevant, rather than technical.
In the SaaS environment, these integrations are usually completed by the vendors “in the cloud” — which can then be leveraged again and again by other customers. Cus­ tomers can focus on how to utilize these integrations rather than spending time to develop and, more importantly, maintain these integrations.

5 BeNefITs
of SaaS
» Vendor responsibility for success » Innovations through integration » Cross-company benchmarking » Agility and flexibility » Quick wins


As a result, SaaS leverages new ways to integrate systems such as several “integra­ tion clouds” where multiple vendors work to develop and maintain connections between the most popular cloud and SaaS applica­ tions. These integration clouds are based upon standard connectors and vendors working in concert on interoperability. This activity will allow enterprises to continue to deploy and enhance their existing applica­ tions and services while at the same time introducing new innovative applications.

IT professionals — aware of the ease of integration now possible, and familiar with the corporate benefits that seamless integra­ tion provides — can now be more proactive in suggesting ways to create more value from existing or new SaaS systems. The SaaS revolution will benefit vendors and their customers in many ways — some known and some not yet discovered. Are you ready? ●

About the author
Steven Woods co­founded eloqua Corporation in 1999 and has held the position of chief technology officer since that time. Woods brings to eloqua years of experience in software architecture, engineering, and strategy, and is responsible for defining the product strategy and technology vision at eloqua. Woods’ insights into the application of technology to the marketing profession have been key to eloqua’s consistent record of client satisfaction. He was recently named as one of Inside CRM’s Top CRM Influencers and recognized by Frost & Sullivan with its GIl prize for Innovation. Woods’ book, Digital Body Language, explores these topics, and he is a regular writer on his blog of the same name. Prior to co­founding eloqua, Woods worked in corporate strategy at Bain & Company and engineering at Celestica. He holds a degree in engineering physics from Queen’s University.


Fast-track SaaS with a proven methodology


fast-track saas with a proven methodology
You’ll get the best results from your SaaS solution if you use a structured approach. Here are four guidelines to help you prepare for a smooth deployment.
By Jeffrey Gore



aster. Better. More agile. Almost sounds like the latest new superhero. But these terms are actually often used to describe Software as a Service (SaaS) implementations. It’s true that implementing SaaS solutions is faster and easier than traditional deploy­ ments, because SaaS eliminates the lengthy acquisition and deployment cycles of on­ premise solutions. What’s more, the SaaS provider takes responsibility for infrastruc­ ture, security, performance, and upgrades. But how do you realize the full potential of SaaS? The truth is, you have to do some impor tant groundwork before deployment. Collaboration with the provider during de ploy ment is essential to configure the solution for your business needs. Following a structured methodology as de ­ scribed in the sections below can speed your ramp­up time and facilitate adoption. You can adapt the methodology to standardize your own SaaS deployment, decrease timelines, and ensure a high­quality SaaS solution that delivers business value right from the start.

terminology, and other changes that come with the solution will help them to more read­ ily embrace it. If you can provide real­world examples of how other organizations have approached onboarding, you will promote understanding and speed deployment. In addition, as you would with any new initiative, be sure you have an executive sponsor who adamantly supports the project and com­ municates to everyone how important it is.

Fast-track SaaS with a proven methodology

Be sure you understand the profound effect a SaaS solution can have on your organization.
And, like other technology deployments, a SaaS solution can bring greater success when you have a clear picture of your orga­ nization. To get that clarity, answer such questions as: » Who are the process and application owners? » Who are the key players across critical processes — the incident manager, change manager, configuration mana ger, and so forth? » What foundation data is unique — and vital — to the business, including locations, individuals, teams, and responsibilities? » What do your customers expect? » What are key metrics that need to be mea­ sured and what are the baselines today? Tap into your SaaS provider and outside consultants, if necessary, to get insight into the roles you’ll need to create and the type of configuration data you’ll need to provide. Then be sure to define roles and responsibi­ lities and assign the right people to make the

Know your organization
For starters, be sure you understand the profound effect a SaaS solution can have on your organization. For example, implement­ ing a SaaS IT service management (ITSM) solution may involve adopting new processes based on IT Infrastructure library® (ITIl®) guide­ lines. It may mean creating new roles within IT and communicating in different ways with different groups. Preparing the people in your organization for the new processes, workflows, communications,


solution a success. Your administrators need to be closely aligned to the business and must be able to translate your unique busi­ ness requirements into configuration settings within the solution. And finally, ensure that staff members are fully trained and that they are empowered to make decisions.

appropriate starting point for implementation and develop a clear road map that will deliver the biggest return on your investment. A key goal of the assessment is to gain buy­ in for the project and commitment of the resources required to achieve success. The business case is one way to achieve that goal. An effective business case includes a thorough analysis of all costs associated with SaaS adoption — not only the monthly sub­ scription fee, but also the cost of preparation, training, and so forth.

Assess business value
In the business value assessment phase, conduct structured interviews with key stakeholders to shed light on the pain points, identify the key metrics IT is cur­ rently tracking, and define the metrics IT wants to influence. The assessment involves stepping back and evaluating each pain point and each metric with an eye toward improvements that drive efficiency, cut costs, or deliver business value in some other way. The interviews include discussions that help set realistic expecta­ tions, establish achievable goals, and identify ways to measure and demonstrate progress toward goals.

Take a deep dive
Once you have completed the business value assessment, it’s time to pull together the details for an effective design. You’ll want to ensure that all stakeholders have an under­ standing of the functionality and how the process flows might work for them. If the solution you have selected includes a built­in service management process model, then use that to introduce stake­ holders to standard process flows, roles and responsibilities, terminology, and other facets of the solution. Doing so will help them gain insight into how they will likely interact with the solution. Be sure to note areas of the solution that will need to be configured. If discussions uncover a piece of foundation data that is required, then you will want to explore the implications of the data and point out the various process configuration steps associated with it. At the end of the deep dive phase, everyone should have a thorough understanding of

A key goal of the assessment is to gain buy-in for the project and commitment of the resources required to achieve success.
An important outcome of the assessment is heightened awareness of the effort involved to make the SaaS implementation a success. The assessment activities should guide management in identifying and assigning key people to examine current processes for inefficiencies and in uncovering areas of improvement the new solution should address. The insight gained through these efforts allows IT to determine the most


their roles and responsibilities to ensure an effective design and activation.

The design phase
In traditional IT deployments, the project team goes through a lengthy process of specifying requirements, building a solution, and pre­ senting the finished product to the users at the end. SaaS is different. The project team engages in rapid prototyping and presents multiple iterations based on client input. With this in mind, schedule frequent reviews so all stakeholders understand how data configurations and workflows are shaping up in the solution. These checkpoints ensure that requirements are being properly trans­ lated throughout the design phase. You’ll need to identify baseline configura­ tion data that must be populated into the solution for it to function properly. Such

data includes location structure, overall organization, user groups and individual group members, and categorizations. Then, you’ll want to focus on fleshing out the requirements and reaching agreement on an appropriate design. If your solution includes a best­practice model, then imple­ ment it without significant customization wherever possible. The goal is to “tweak” the environment, not redo it completely.

Fast-track SaaS with a proven methodology

Organizations that use the out-of-the-box processes and workflows enjoy faster adoption and better success.
Most organizations like this approach. Many are looking for a fast path to ITIl or other best­practice framework. They are eager to benefit from proven processes and technologies that thousands of other enterprises are using successfully around

5 TIps

for fast onboarding
» Be realistic about the effort involved. » Prepare stakeholders for organizational change. » Identify key metrics for gauging success. » Ensure tight alignment by tailoring the solution to your business. » Leverage built-in models, templates, and tools to speed activation.


the world. Organizations that use the out­of­ the­box processes and workflows enjoy faster adoption and better success. Some organizations, however, encounter cultural and political challenges in this area. And these organizations that insist on keep­ ing their familiar terminology, data, and work flows lose time customizing the tool in ways that don’t always deliver real busi­ ness value. For example, if your service desk uses the term case and the solution uses the term incident, it would be wiser to switch your terminology than to modify the tool. If you face these political and cultural issues, be persuasive so people understand the value of aligning with the solution and mini­ mizing alterations.

Preparation pays off
The bottom line is this: You’ll get the best results from your SaaS solution if you use a step­by­step, structured approach. Invest the time up front to gain visibility into your business, prepare the enterprise for what’s ahead, and find the right balance between using out­of­the­box capabilities and honing the SaaS solution for your environment. That investment will pay off in faster activation, faster adoption, and faster time to value for your SaaS solution. And with SaaS success, perhaps you’ll be seen as the latest super­ hero in your IT organization. ●

About the author
Jeffrey Gore is the director of services of the eastern region for Column Technologies. Gore brings 12 years of experience within service management and has been with Column since 2005. He possesses a wealth of knowledge around enterprise service management process consulting and the alignment of business goals with tech­ nology in supporting successful commercial off­the­shelf implementations. Gore is a graduate of the University of Maryland College Park.


The truth about ITIL and saas
As the SaaS model increases in popularity, several misconceptions have arisen regarding ITIl and SaaS. This article dispels some of these rumors.
By Malcolm Fry

The truth about ITIL and SaaS




he sky is the limit, or so the saying goes. Open skies policies have broad­ ened the competitive landscape and consumer choices for air travel. Similarly, the Software as a Service (SaaS) model of delivering applications increases competition among software suppliers by giving business customers more options. With the increasing availability of on­demand technologies, local managers within a com­ pany can very quickly and directly get appli­ cations delivered through SaaS. But with its vast knowledge base, IT should be involved to make sure that customers get the best possible service. The flexibility of SaaS works if participants have rules to play by. Many IT organizations already have adopted best­practice pro­ cesses, such as those defined in the IT Infrastructure library® (ITIl®), to manage the IT services they provide. now those pro­ cesses can provide some rules and control for managing SaaS. But with new approaches come misconcep­ tions about technologies and best practices. The sections that follow will dispel some common misconceptions about combining SaaS and ITIl.

As today’s SaaS becomes more widely used, the ITIl processes still apply. However, organizations must apply them a bit differ­ ently. To manage SaaS, the IT organization needs feedback from those using SaaS applications. In the past, IT provided the technology for the customers’ use, and IT recorded details about every incident, who called to report it, when they called, and what they did. With SaaS, IT doesn’t always know the details. now, business managers can easily opt for their own SaaS solutions, but IT still needs to be involved in supporting, inte­ grating, and managing those solutions.

The truth about ITIL and SaaS

All the basic tenets of IT service management and ITIL still exist today with SaaS.
Take, for example, a SaaS consumer who repeatedly encounters a problem when using a sales force automation tool that integrates with internal systems. each incident will be logged, and the root cause can be identified and eliminated using problem management. However, if these incidents are logged by the SaaS supplier, the IT organization will not be able to perform proactive problem management itself unless the SaaS sup­ plier collects the correct data and makes that data available. All the basic tenets of IT service management and ITIl still exist today with SaaS, but the form of communication with the supplier is different. The compatibility of information between SaaS suppliers and consumers must be absolutely precise, so that both sides know what the other is doing. If both the IT organization and the SaaS supplier are using ITIl terminology and processes, then both

Misconception 1: ITIL is old school. SaaS is modern. They’re incompatible.
During the last 20 years, SaaS has revolu­ tionized some businesses. SaaS is more sophisticated now, but it isn’t that much younger than ITIl.


are speaking the same language and will better understand each other. For example, if the language and processes are compatible, then the IT service desk can share resources, data, and knowledge with the SaaS supplier. Support can be maintained regardless of where an incident originated. In other words, if the original point of contact for the con­ sumer is the SaaS supplier, the incident can be escalated to internal support automati­ cally and seamlessly without the need to re­enter data or other information. Conclusion: SaaS and ITIl are compatible. They go together like James Bond and fast cars.

ITIl focused. When putting together a service portfolio, clearly describe the services and the rules that must be followed. even if the SaaS supplier is not ITIl focused, your IT organization should be. Follow good ITIl processes; you’ll still need to implement changes and adhere to processes, and you’ll need to make sure you impose the right regulations from your end. Conclusion: Just as it is critical for an air­ plane pilot to complete a checklist before takeoff, following ITIl processes is critical to success with SaaS.

Misconception 2: ITIL doesn’t matter with SaaS.
Organizations that have spent years estab­ lishing ITIl processes and getting ITIl certifications probably will want to use a SaaS solution that is also ITIl focused. In particular, if you are buying a service man­ agement SaaS product, ITIl certification shows commitment to the industry and commitment to the product. ITIl­compatible products are more likely to be adaptable with other products that you might use to support internal service management.

Misconception 3: SaaS should not affect how you manage ITIL processes.
It’s tempting to think that if you use SaaS, you will not need to adjust how you manage ITIl processes. But you do. For example, with SaaS, who will be in charge of the ITIl pro­ cess of change management? If the SaaS supplier must make a change, how does the customer get involved in change manage­ ment? In those circumstances, you can’t have the same kind of change advisory board (CAB) that ITIl recommends. When incidents, problems, and changes occur to a SaaS application, IT needs to know that the SaaS supplier will resolve problems and implement changes. Ask the supplier questions such as: How do you manage your changes? How do I know your changes are going to be successful? What’s the process if the change fails? How will you notify us of proposed changes? How do you manage incidents?

Even if the SaaS supplier is not ITIL focused, your IT organization should be.
For a service management tool, look for a solution with built­in ITIl­based best prac­ tices and an embedded cross­function process model. If the SaaS supplier is provid­ ing another type of business tool, then be sure that the supplier is prepared to work with you even if the tool and supplier are not


The answers to these questions will differen­ tiate SaaS suppliers. If SaaS suppliers don’t have good service management processes behind their applications, then this is cause for concern. Clear lines of responsibility and stringent controls will help you know exactly what is happening and where. Bottom line: IT is no longer the owner of changes. So, in addition to rethinking the way it handles change management with a SaaS supplier, IT might include something about change management in the service contract. Conclusion: Clarify how SaaS suppliers follow ITIl processes and how their own processes integrate with yours. You may also need to evaluate your processes to ensure they are effective in a SaaS environment.

and take a turn at a faster speed. In many cases, having established processes will actually streamline the accomplishment of your goals. ITIl brings the discipline. It will tell you where to set your parameters, how to manage those parameters, and so on. It’s about having the right agility in the right place. Controlling the agility in all directions is important. IT profes­ sionals know that doing things quickly without proper planning and without proper notifica­ tion is a road to disaster. Conclusion: Following ITIl best practices actually will increase agility.

The truth about ITIL and SaaS

Misconception 5: IT doesn’t need to be involved in relationships with SaaS suppliers.
In many cases, SaaS makes it easy for busi­ ness users to acquire services, so it might seem that a relationship between the IT organization and the SaaS supplier is un­ necessary. But your ability to maintain your ITIl processes — and the likelihood that your SaaS supplier also follows ITIl processes and will deliver services as promised — can benefit your organization when you have effective lines of communication and clear responsibilities with your SaaS suppliers. Begin building a relationship with a SaaS supplier by appointing an ITIl/SaaS coordi­ nator within your organization. Then, get a contact point for ITIl from the SaaS sup­ plier; make sure the supplier is prepared to work with you on ITIl­related matters, even if the supplier is not ITIl certified. Together these individuals should identify the key common ITIl components so the respective

Misconception 4: ITIL gets in the way of SaaS agility.
The on­demand nature of SaaS can offer tremen dous agility to IT organizations and business users, and they may not want to stifle that agility with processes such as those in ITIl. But agility without discipline is dangerous. If you make changes too quickly, without considering the ramifications to your strategy, design, and operations, you might inadvertently create tremendous problems that affect service availability.

The on-demand nature of SaaS can offer tremendous agility to IT organizations and business users.
You can compare ITIl processes to the high­ performance brakes on a sports car; those brakes give you the confidence to be more agile


organizations can produce or alter processes as appropriate.

infrastructure. Therefore, business managers should be required to always consult IT before entering into contracts with SaaS suppliers. IT organizations will need to be much more vigilant about what is running on their systems and what’s allowed on their systems. The opera­ tional and transitional ITIl processes can help you determine whether activities are occurring as expected and whether you have control. In addition to the ITIl/SaaS coordinator, iden­ tify a sponsor within your IT organization. The more senior the sponsor, the more effective the overall efforts. The CIO is the ideal sponsor for this sort of project. Conclusion: As in any relationship, commu­ nication is key between the IT organization and the SaaS supplier — especially in regard to ITIl.

One of the biggest challenges is getting the business customers to tell you they’ve purchased a SaaS product.
Typically, the ITIl components will include the following management disciplines: change, incident, problem, asset, configu­ ration, capacity, availability, and all of the service management components. To help ensure an ongoing relationship, establish regular communications between the SaaS/ ITIl counterparts. One of the biggest challenges is getting the business customers to tell you they’ve pur­ chased a SaaS product. In many organizations, the SaaS products will need to integrate with other internal IT solutions through the existing

5 pOINTs

to consider when choosing a SaaS supplier
» Strategy: Follow the IT Infrastructure Library® (ITIL®) guidelines for setting your strategy before selecting your Software as a Service (SaaS) supplier(s). » Design: Make sure that the service catalog includes what you want, and make sure that what you get is what you really need. Calculate the capacity and availability you’ll require. » Transitional and operational processes: Confirm your SaaS suppliers have clearly defined operational and transitional processes to ensure that issues will be resolved as quickly as possible. Also, unless your organization uses SaaS exclusively, you must integrate SaaS with your current services and systems. » Contracts: Carefully construct SaaS contracts to ensure that you have the necessary visibility, processes, and performance — and establish penalties for noncompliance. » ITIL focus: Look for a solution with built-in ITIL-based best practices and an embedded cross-function process model.


Misconception 6: Establishing penalties for nonperformance is unreasonable.
With SaaS, the service measurement, service catalogs, and service portfolios recommended by ITIl are essential to ensuring that the service being provided to the customer meets or exceeds the level of service that the cus­ tomer expects. ITIl also encourages the use of service level agreements (SlAs) to help set para meters for IT service man agement. now, with SaaS, contracts take the place of traditional SlAs to enforce performance. Supplier management is an important com­ ponent of ITIl to control both the performance of the SaaS supplier and to ensure that the supplier meets its contractual commit­ ments. Contracts must include very specific para me ters, especially relating to capa­ city, performance, and availability. Since you don’t own the software, you must pro­ vide the controls to ensure that the SaaS sup plier meets service commit ments. A key way to do that is to build penalties into the contract.

Ideally, the target performance level should be 100 percent, not 99.9999 percent. Keep in mind that 99.9999 percent is the lowest possible failure rate. It’s not a success rate. If the per­ formance is not 100 percent, then clarify the penalty that the supplier will pay if perfor­ mance falls below the agreed­upon service levels. The SaaS supplier should have a goal of perfect performance; a failure of cloud services can have a serious effect on an organization. Conclusion: If the supplier doesn’t enable you to play, then the supplier needs to pay.

The truth about ITIL and SaaS

A framework for flexibility
SaaS offers IT organizations and business users more choices and greater flexibility when selecting applications, but agility without discipline can be a problem. And unless your organization uses SaaS exclu­ sively, you will need to integrate old and new IT solutions. The ITIl processes you already use for managing your IT systems can provide some rules and control for also managing SaaS. Follow ITIl best practices and watch your SaaS implementation soar. ●

About the author
Malcolm Fry is a recognized IT industry luminary with more than 40 years of experience in information technology. Fry is the author of many best­selling books on IT service management and has had numerous articles and papers published. He is also the solo performer in a best­selling DVD series made for the Help Desk Institute, explaining the relationship between the ITIl processes and the service desk. Fry was a member of the ITIl Advisory Group (IAG), which was responsible for overseeing the development and publishing of ITIl v3, plus he was a mentor for the ITIL Service Transition book. In 2009, Fry was awarded the coveted Ron Muns lifetime Achievement Award for his work in the IT service management arena. Over the last few years, he has authored seven ITIl­focused booklets, of which more than 100,000 copies are now in circulation.


Maximizing your saas implementation
Understanding the challenges of a hybrid IT environment is a key factor to success with SaaS. Here are five strategies for delivering maximum value with your SaaS implementation.
By Jack D. Bischof



oftware as a Service (SaaS) offers a number of high­potential advantages for organizations thinking of adopting the model: substantial savings in capital out­ lay for software and environments; reduced operating expenditures for maintenance and support; elimination of software upgrade investments; and so on. SaaS also enables rapid implementation of services and capa­ bilities at a speed that has never before been possible and, as a result, creates the poten­ tial for rapid and continuous innovation. But along with these benefits comes the need for IT to build and manage a hybrid operating environment that combines internal IT ser­ vices with those provided by outside sources. To ensure that the new environment delivers maximum value to the enterprise, follow the five strategies outlined here.

Accenture research shows that high­performing organizations are keenly aware of truncating innovation cycles, and they find ways to con­ tinually invest incrementally during good and poor economic environments, while turning the faster pace to their advantage. As part of their innovative transformation, high­performing organizations seek to establish a virtuous cycle where the enterprise frees up scarce resources on an ongoing basis — skills, budget, time, facilities, and so forth — and reallocates them to higher­value activities with greater potential for competitive advantage.

Maximizing your SaaS implementation

If you’ve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation.

1. Focus on innovation
It’s shortsighted to focus solely on the econo­ mics of SaaS. So if you’ve been concentrating only on cost containment benefits, broaden your horizons and consider the competitive edge your enterprise can achieve through IT innovation. SaaS fast­tracks numerous aspects of common deployments, and instead of traditional one­ to three­year upgrade cycles, SaaS solutions may go through four, six, or even more revi­ sions within a 12­ to 18­month period. With limited or zero technical intervention by cus­ tomers, this allows for short and continual bursts of innovation through reallocation of resources, and through increasing focus on core strategy execution.

An Accenture client in the health care indus­ try illustrates the wisdom of this approach. The firm’s growth strategy required that it become far more efficient in “commodity” operations services (such as IT service desk and IT request management) while achieving critical innovation milestones. The time and resources saved through the adoption of SaaS were applied to high­impact projects such as electronic records management and e­health solutions, yielding cost savings as well as greater efficiency and higher­quality medical care. Such innovation enables companies to dis­ tinguish themselves and gain a competitive advantage through differentiated services. But rapid innovation can be disruptive. In the past, innovation occurred at a slower


pace because of the lengthy development and deployment cycles required for new applications. The longer cycles, however, gave enter prises time to absorb new capa­ bilities and new processes. SaaS gives enterprises far greater agility in adapting to market changes and new cus­ tomer expectations. Problems occur when people are overwhelmed by such rapid change. The long­term success of your hybrid environment will depend on how well you manage the faster pace of innovation and prepare people to adapt to it.

Both cloud sprawl and shadow IT drive up IT costs instead of reducing them. Moreover, shadow IT can introduce security risks. To avoid both, you’ll need to establish strong governance that focuses on policy, proce­ dures, financial controls, and supplier management. By bringing visibility into these areas, you can bring rogue deployments into compliance with security requirements and policy. You can also identify and shut down underutilized resources to keep costs in check, as part of a standard portfolio man­ agement capability.

2. Establish controls
You’ll want to develop updated governance models that enable IT to manage and/or have visibility into all services uniformly, whether the services are delivered internally or by a third­party provider. Here’s why: With SaaS, spinning up new services is easier than ever. Unfortunately, those services can circumvent IT, or can be a duplication of existing services already in use elsewhere and can stay run­ ning long after people stop using them. This cloud sprawl is similar to the “container sprawl” that so many enterprises experience as they virtualize ser vers and other IT re sources. Additionally, business users continue to be very creative in getting what they want without going through IT. Many business units have discovered they can tap into or to quickly acquire services they want. So shadow IT is cropping up in many enterprises at a more rapid pace.

SaaS gives enterprises far greater agility in adapting to market changes and new customer expectations.
But establishing visibility and control of SaaS services can be tough. Many of these ser­ vices are like black boxes and provide little or no transparency in terms of how, and from where, services are provisioned, maintained, stored, and secured. A consortium of leading IT providers has joined forces with the World economic Forum to create recommendations encouraging service providers and govern­ ments to improve transparency, facilitate interoperability and data portability, and provide cloud users with enhanced visibility to improve governance.1 SaaS providers are progressing in these areas, but there will continue to be variations in the level of transparency because not all providers are at the same level of maturity. Don’t wait for providers to address the gover­ nance challenge for you. Take steps yourself

1 “Advancing Cloud Computing: What to Do now?” World economic Forum in partnership with Accenture, 2011.


Maximizing your SaaS implementation

to ensure proper control over all the resources you use — internal and external. Shift your mindset away from traditional service delivery and management skills, and start emphasizing service outcomes. Develop use cases and governance pro­ cesses that you can apply broadly across a large and diverse portfolio of cloud offer­ ings and providers.

incident and problem management, vendor management, and portfolio management.

Be sure you have the right solutions in place for your new hybrid environment.
Most likely you have solutions for at least some ITSM disciplines. Those solutions may or may not be effective for the hybrid environ­ ment. The cloud places more stringent requirements on ITSM than does the tradi­ tional environment. For example, change management solutions designed for static IT environments don’t always work well in the dynamic cloud environment. Be sure you have the right solutions in place for your new hybrid environment. If you haven’t already done so, you’ll need to evolve your service management approach

3. Ensure you have the right solutions and tools for management
Once you have strong policies, processes, and controls in place for management and governance, you need IT service management (ITSM) solutions to operate and enforce them. Those solutions must span a broad range of disciplines, including performance manage­ ment, change and configuration management,


from an infrastructure­centric model to a service­oriented approach. The ability to track and manage the performance of internally supplied services and cloud services against established service level agreements (SlAs) is vital. Keep in mind that, with respect to SaaS providers, SlAs manifest within underpinning contracts, complete with financial penalties if the provider fails to meet commitments.

consumption model, and the technology model. This comprehensive transformation requires a corresponding shift in the culture and organizational structure of IT and per­ haps the enterprise as a whole. In response to the changing model, IT organi­ zations in large, global enterprises are increasingly centralizing ownership of the service portfolio into an entity, often called a service management office (SMO). Irrespec­ tive of the name, the SMO establishes and maintains the policy, control, and visibility of IT services — their cost, performance, utilization, and emerging demand — and is responsible for driving the portfolio manage­ ment lifecycle. This transition to centralized service manage­ ment requires the application of some newer

4. Foster evolution in the IT organization and operating model
You can launch new services in the cloud fas ter than ever. That speed, however, has major implications with respect to organiza­ tional change. Cloud brings about a structural shift away from the traditional client/server support and outsourcing format. everything is changing: the operating model, the


roles and responsibilities within the IT orga­ nization, that of service manager or business relationship manager. The service manager takes full ownership of the services under his or her jurisdiction, including such responsibili­ ties as specifying functionality, defining quality requirements, and setting pricing. A key function of the SMO is to provide finan­ cial and performance visibility into services. This visibility should not be an impediment to cloud service consumption but, instead, offer guidance in the use of a service. By under­ standing the costs as well as the benefits and performance of services, consumers can make better­informed choices.

Arguably, the highest­priority criteria revolve around data. Specifically, the security, transmission, por­ tability, continuity, and related legislation of data have become a global concern for pro­ viders, consumers, and governments. Carefully assess the data in question, and ask yourself some important questions: How critical is this data to my business? What would happen if we did not have access to it for a few hours, or a few days? What conse­ quences might result from unauthorized access to it, or cross­border transmission (for instance, many governments forbid personal data to leave the country)? If moving a particular application to a tier 1 out sourcer would pose a substantial risk to the enterprise, that risk may be magnified by a SaaS consumption model, or in other cases may actually improve. Make sure you have done your due diligence and are comfortable with the answers prior to taking a leap of faith.

Maximizing your SaaS implementation

5. Carefully identify services appropriate for SaaS
Organization­specific context is critical when assessing the adoption of SaaS, as many dimensions come into play and not all ser­ vices make great candidates (for the sake of this discussion, this article will primarily address the off­premises SaaS option).

for hybrid environments
» Focus more on innovation. » Avoid cloud sprawl and shadow IT with strong controls. » Evolve IT management solutions for the hybrid environment. » Prepare for organizational change. » Consider security, transparency, and core competencies when moving to Software as a Service (SaaS).


Other important considerations fall under the category of transparency. Organizations need to understand the levels of service available to them (and the corresponding implications, both financial and operational), precisely who will be providing those services, as well as how those services will be provided, and from where. Keep in mind that the SaaS market is still evolving, and transparency can vary wildly from one provider to the next. Your choice of provider, and the related contract­ ing, can have a significant impact on your satisfaction, risk, and compliance.

tremendous agility, visibility, and focus into IT, capitalizing on areas of specialization across both internal and external providers. The key is in shining a light on cost, performance, and innovation across the multivendor landscape of sourced services. Management at one products company expects the visibility and clarity it is gaining around the cost and performance of its vendors will deliver gratifying results. The company expects to achieve significant cost gains going forward, shaving 15 percent or more off its sourced services portfolio, while increasing focus on innovation programs that will enable it to speed new services to market. Moreover, SaaS will rapidly enable a more uniform operating model that accommodates varying opera­ tional maturity levels across geographies.

The goal is to not only eliminate unnecessary costs, but also strengthen business agility.
Finally, core competencies are another important consideration. Truthfully consider whether you possess the requisite skills, policy, solutions, and processes to deploy and manage SaaS or other cloud­based services in a scaled hybrid environment. If the answer is “not yet,” starting small is always a good idea and will give you time to “work out the bugs.”

Make the move
Your organization’s success with SaaS lies in understanding the challenges of a hybrid IT environment and managing that envi ­ ron ment effectively. The goal is to not only eliminate unnecessar y costs, but also strengthen business agility. As you move ahead, you’ll find that with visibility and control, your enterprise can innovate at an unprecedented pace while driving down the initial cost of that innovation. ●

Overcome obstacles through visibility
Some Accenture clients are changing the game with SaaS by simultaneously adopting a new operating model intended to inject

About the author
Jack D. Bischof is an executive in Accenture’s IT Service excellence consulting practice, specializing in service­based IT strategy and transformation around the globe for more than 15 years, serving the Fortune Global 1000. He is a key contribut­ ing author of the core volume of ITIl v3, Service Strategy, and is a regular speaker at various industry and client events.


a saas-first approach to application portfolio management

A SaaS-first approach to application portfolio management

SaaS is here to stay. As you examine your application portfolio with an eye toward SaaS, keep in mind the benefits as well as the adjustments you’ll need to make in your IT organization.
By Mark Settle



was a watershed year in the evolution of the Software as a Service (SaaS) industry. Worldwide sales of SaaS tools within the enterprise application software market exceeded $9 billion.1 The industry bellwether — — continued to grow its revenue dramatically. A variety of IT research organizations pre­ dicted that by 2014 SaaS products would account for more than 40 percent of all new software sales. By any reasonable measure, SaaS is now considered to be an acceptable and, in some cases, a desirable means of sup­ porting a company’s business operations.


SaaS capabilities have even crept into the IT function. Several companies, including BMC Software, offer tools for service desk opera­ tions, project portfolio management, vendor contract management, budgeting and fore­ casting, and compliance administration that are specifically designed for IT organizations.

A SaaS-first approach to application portfolio management

The more significant benefits of SaaS adoption have been an accelerated time to market of new IT capabilities and an improved return on software investments.

Why SaaS?
BMC’s IT organization has implemented at least one new SaaS application per quarter since the first calendar quarter of 2009. We have realized several benefits through large­ scale adoption of SaaS tools. The hard benefits associated with SaaS are well known to all IT professionals. SaaS products are built, hosted, maintained, and operated by the SaaS vendor. This approach can absolve IT of responsibilities for hard­ ware procurement and installation, availability and disaster recovery management, and application maintenance and development. This transfer of responsibilities has enabled us to reduce the size of our data center and achieve savings in hardware depreciation and maintenance, cooling requirements, power consumption, and operator support. In addition, we have been able to redirect

SaaS is here to stay
SaaS tools were originally considered to be niche products, largely confined to the CRM (customer relationship management) segment of a company’s application portfolio. SaaS products have matured considerably over the past ten years and are now available to support back­office and mid­office opera­ tions as well. A variety of SaaS tools support human resour­ ces functions, such as recruiting, contingent worker management, performance manage­ ment, succession planning, payroll and bonus administration, and so on. SaaS products have also expanded into procurement and financial management functions, supporting such activities as pricing, quoting, order processing, tax and tariff administration, and currency exchange operations.

1 Gartner, “Gartner Says SaaS Revenue Within the enterprise Application Software Market to Total $9.2 Billion in 2010,” press release, December 14, 2010.


several members of our applications teams into business systems analyst roles since their former responsibilities for software coding and testing are now being performed by the SaaS vendors. The more significant benefits of SaaS adop­ tion have been an accelerated time to market of new IT capabilities and an improved return on our software investments. Through practice, we have developed the ability to implement new SaaS applications in roughly three to four months. This is in marked contrast to the time typically required to implement licensed software applications. like most IT shops, we would likely need six to nine months to put a licensed software application into production. This time would be needed to design an appropriate hardware environment to host the application, procure and install the needed equipment, license the database software and additional utilities required to support the application, custom­ ize the application to support our users’ requirements, and perform extensive testing in collaboration with our users prior to the “go­live” date. The business sponsors of IT projects tend to have changing priorities and short attention spans. One of the not­so­obvious benefits of SaaS applications is that their original spon­ sors are much more likely to be present to drive adoption and realize forecasted business benefits, simply because SaaS implementa­ tion timetables are so much shorter than conventional application projects.

The second, less obvious benefit of SaaS products is the true return achieved on a company’s software investment. Simplistic financial comparisons of SaaS subscription fees versus the cost s of conventional licensed software typically fail to capture all of the trade­offs involved. A simplistic analysis of the cost of a licensed application will combine the costs of depre­ ciation and maintenance of the software and hardware that is initially procured. It will also include the professional service fees of any external consultants required to configure the application and the labor costs of the internal staff required to maintain the soft­ ware and operate the system.

One of the not-so-obvious benefits of SaaS applications is that their original sponsors are much more likely to be present to drive adoption and realize forecasted business benefits.
This total cost of ownership will be compared to the subscription fees of a competing SaaS solution over a multiyear period, typically three years. Whichever procurement approach results in the lower multiyear cost would appear to be the preferred strategy (assuming that Capex and Opex funds are equally available). What this type of analysis fails to capture is the benefit being realized on the maintenance fees for licensed sof tware versus the subscription fees for SaaS software. Many companies heavily customize licensed


software applications that have been imple­ mented internally. In principle, they are paying maintenance fees on the licensed software to preserve their ability to leverage the functional enhance­ ments in subsequent product releases. In practice, however, they become mired in customizations that make it difficult, if not impossible, to move to the latest version of the licensed product.

achieve business benefits if the original busi­ ness sponsors of a new application are available and enthusiastic at the time of “go live.” This is much more likely to be the case for the introduction of a new SaaS product. Furthermore, SaaS subscription fees allow you to offer your users functional enhance­ ments on a much more frequent basis and avoid maintenance fees for which you are receiving no immediate benefit. These qua li tative benefits are rarely captured in simplistic comparisons of SaaS and licensed software costs.

A SaaS-first approach to application portfolio management

A SaaS-first application strategy will enable any IT organization to reduce hardware and data center expenses.
In contrast, enhancements in the functional­ ity of SaaS products are typically delivered in an incre mental fashion over much shorter intervals (four to six months). Incremental upgrades are much more likely to be adopted immediately, producing a return on the invest­ ment in SaaS subscription fees that is not typically realized on the maintenance fees for licensed software. The less obvious benefits of SaaS adoption significantly outweigh the hard benefits de­ scribed in this article. A SaaS­first application strategy will enable any IT orga nization to reduce hardware and data center expenses, as well as repurpose application developers into analyst roles that produce more inherent business value. Far more significant is the ability to drive adoption of new IT capabilities and ensure that the business benefits of a new application are achieved. It is easier to drive adoption and

What to watch out for
Although SaaS tools can be leveraged to achieve a wide variety of business and opera­ tional benefits, they don’t constitute a “free lunch” for your IT organization. large­scale adoption of such products will create new challenges, which are briefly summarized in the following sections.

From your users’ perspective, you are still responsible for application performance
The employees who depend upon business applications to perform their daily jobs frankly don’t care whether an application is developed or hosted internally or developed and delivered by a SaaS vendor. They still hold IT accountable for the availability and performance of all business applications. Many IT shops have deployed an “inside­out” monitoring strategy to assess the health of their business applications. This strategy employs tools to monitor the heartbeat of all the IT components that support individual


business applications. This strategy is based upon the presumption that if all IT components are up and running, then the application must be available and healthy. large­scale adoption of SaaS products will force your IT organization to become much more aggressive in complementing your existing “inside­out” monitoring strategy with an “outside­in” strategy that proactively moni­ tors the application experience of your end users. As SaaS tools become more pervasive, it will be essential to proactively assess application availability, response times, and integrity from all worldwide locations in which you have employees and customers. Similarly, IT organizations cannot abdicate their respon sibilities for disaster recovery (DR) planning simply because a subset of their application portfolio is now being hosted and operated by SaaS vendors. SaaS

products typically have multiple integration points with other applications, databases, and utilities within IT. The interfaces required to authenticate user access to SaaS applications, supply or extract data to/from SaaS applications for reporting purposes, and synchronize data in SaaS applications with other databases and appli­ cations need to be explicitly defined and tested during DR exercises. Although IT is no longer responsible for the hardware and soft ware components of individual SaaS applications, IT remains responsible for the rollover and recovery of all of the interfaces that ensure the business integrity of SaaS tools.

Application enhancements are no longer under your control
Many SaaS vendors are relatively small firms, delivering applications with very specialized business capabilities. Inevitably, there may be

5 TIps

for managing SaaS in your IT organization
» Proactively assess application availability, response times, and integrity from all worldwide locations in which you have employees and customers. » Establish and enforce a retirement timetable for legacy applications whose functional capabilities have been largely replaced by new SaaS tools. » Form SaaS implementation teams that can be reformed as needed to support the implementation of new SaaS capabilities in any functional domain. » Orchestrate access procedures within the single-sign-on security procedures that have been established for all other business applications. » Define and implement interfaces between the new SaaS tool and pre-existing applications and databases.


some element of functionality — critical to your company — that needs to be incorpo­ rated into a SaaS application. Your ability to influence the prioritization of such enhancements may be limited. This can become particularly frustrating when the enhancements are small and could have been readily achieved if the application were being maintained internally.

restrictions on the movement of certain types of data across national boundaries, and other restrictions have been imposed on the man­ agement of health care records and other forms of personal data, very sophisticated encryption and aliasing technologies are available to protect sensitive information.

A SaaS-first approach to application portfolio management

You must retire legacy applications to achieve the true financial benefits of SaaS
A SaaS product rarely provides wholly new functionality that is not already being delivered by one or more existing on­premise applica­ tions. To achieve the full financial benefits of a SaaS­first strategy, IT organizations need to redouble their efforts to retire legacy appli­ cations possessing duplicative capabilities. As a best­practice suggestion, I would encour­ age all IT organizations to establish a “sunset architect” within their enterprise architecture team whose sole job is to establish and enforce a retirement timetable for legacy applications whose functional capa bil ities have been largely replaced by new SaaS tools. There is no true cost advantage to in cor porating new SaaS­based capabilities in your application portfolio if you are forced to maintain legacy applications with duplicative capabilities.

To achieve the full financial benefits of a SaaSfirst strategy, IT organizations need to redouble their efforts to retire legacy applications possessing duplicative capabilities.
Much of the current debate regarding infor­ mation security is legal and contractual in nature and focuses on who will bear the financial responsibility for business damages triggered by the inadvertent loss of sensitive information. Currently, businesses are largely self­indemnified if such losses occur from any of their on­premise systems. They will likely remain self­indemnified if similar losses are incurred by any of their SaaS providers. I strongly suspect that, over the next five years, our industry will overcome many of the pho­ bias that currently exist regarding the security of data being managed by SaaS providers.

Double standards for SaaS
Although reliability and security are chronically cited as the most significant impediments to SaaS adoption, discussions of SaaS reliability and security are almost always conducted on an absolute basis and not a net basis. During the course of any given fiscal year, every IT organization experiences outages of its business­critical and busi ness­essential applications to one degree or another. When SaaS alternatives to existing on­premise

You must differentiate true security liabilities from security phobias
Surveys of business executives and IT lead­ ers commonly identify information security concerns as the number one deterrent to SaaS adoption. While there are concrete regulatory


applications are being considered, the reli­ ability of the SaaS alternative is rarely, if ever, discussed relative to the current reliability of a company’s on­premise application suite. Similarly, prospective SaaS customers screening the security architectures and procedures of SaaS vendors rarely initiate such investigations by exposing the security lapses they have experienced over the past 12 to 18 months. SaaS vendors are not screened to determine the relative improvements in data security they can provide. They are screened to determine the likelihood that any security lapses might occur in the future. SaaS vendors are typically asked to guaran­ tee the availability and security of their services in an absolute sense with zero toler­ ance for service disruptions or data loss. They are not asked to compare their levels of reliability and data security to the current performance of the IT organizations procur­ ing their services.

SaaS capabilities are appearing in unlikely places. A company’s data center — once known as “the glass house” — was conventionally considered to be the most highly restricted inner sanctum of the IT empire. The idea that SaaS tools could be used to perform external discovery of data center resources, monitor availability, assess capacity utilization, and so on, would have been abhorrent ten years ago. no self­respecting data center manager would have ever let a third party come through the firewall and interrogate their devices or access in situ agents. Those phobias are increasingly giving way as technology becomes more complex, the IT talent pool contracts, and the speed of the business accelerates. It’s ironic that SaaS capabilities have even found their way into IT’s core functions.

What will happen next?
SaaS is no longer perceived to be a risky, expensive means of procuring business support capabilities that are largely confined to a company’s front­office CRM operations. SaaS products make increasing sense in a business marketplace that prizes agility over customization and in an IT industry that pre­ fers “buy solutions” over “build solutions” in responding to business needs. SaaS adoption has been spearheaded by small­ to medium­ sized businesses but is becoming increasingly prevalent in large enterprises as well.

SaaS products make increasing sense in a business marketplace that prizes agility over customization and in an IT industry that prefers “buy solutions” over “build solutions” in responding to business needs.
enlightened IT organizations will form SaaS implementation teams that can be reformed as needed to support the implementation of new SaaS capabilities in any functional domain. Most IT groups have merger­and­ acquisition “tiger” teams, consisting of a set of people who are routinely pulled away from their normal responsibilities to support the assimilation of newly acquired companies. Similar teams should be established for SaaS implementations.


The two biggest technical issues in imple­ menting any SaaS tool are user access and integration. Access procedures need to be orchestrated within the single­sign­on security procedures that have been established for all other business applications. Interfaces between the new SaaS tool and pre­existing applications and databases need to be defined and implemented. Rather than letting individual application teams discover and resolve these issues on a case­by­case basis, enlightened IT groups will form specialized teams that can leverage past experience to accelerate the implementa­ tion of SaaS­enabled business capabilities.

SaaS tools are just one element — albeit an important one — of the cloud computing transformation that is sweeping across the IT industry. As part of this transformation, IT executives are abandoning the “own and operate” management paradigm that has dominated our industry for the past 50 years and are moving toward a new management framework built around brokering and inte­ grating services. SaaS capabilities are a critical and essential element of this new framework. early SaaS adopters will be a step ahead of their compe­ titors in realizing the full benefits of cloud computing as this transformation continues. ●

A SaaS-first approach to application portfolio management

About the author
Mark Settle, chief information officer for BMC Software, joined the company in 2008. He has served as the CIO of four Fortune 300 companies: Corporate express, Arrow electronics, Visa International, and Occidental Petroleum. Settle has worked in a variety of industries, including consumer products, high­tech distribution, financial services, and oil and gas. He received his bachelor’s and master’s degrees from the Massachusetts Institute of Technology (MIT) and a Ph.D. from Brown Uni versity. He is also a former Air Force officer and nASA Program Scientist.


This publication was created by BMC Software.

Business Runs on IT. IT Runs on BMC Software. Business thrives when IT runs smarter, faster and stronger. That’s why the most demanding IT organizations in the world rely on BMC Software across distributed, mainframe, virtual and cloud environments. Recognized as the leader in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT organiza­ tions cut cost, reduce risk and drive business profit. For the four fiscal quarters ended June 30, 2011, BMC revenue was approximately $2.1 billion. Visit for more information.


This publication was created by BMC Software.

Business Runs on IT. IT Runs on BMC Software. Business thrives when IT runs smarter, faster and stronger. That’s why the most demanding IT organizations in the world rely on BMC Software across distributed, mainframe, virtual and cloud environments. Recognized as the leader in Business Service Management, BMC offers a comprehensive approach and unified platform that helps IT organiza­ tions cut cost, reduce risk and drive business profit. For the four fiscal quarters ended June 30, 2011, BMC revenue was approximately $2.1 billion. Visit for more information.


Sponsor Documents

Or use your account on


Forgot your password?

Or register your new account on


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in