Archive for the ‘Uncategorized’ Category

SaaS, the Cloud and the ‘Big Bang’

May 11, 2009

Here at Conformity we recently wrapped up some interesting market research on the topic of adoption of SaaS and cloud-based services and the management challenges it is creating for organizations and their IT departments in particular.  Conducted in conjunction with a leading analyst firm,  we spoke with IT and business executives at nearly 50 midsize and large enterprises that were adopters of multiple SaaS applications, and who were planning on extending their adoption of the model.  We’ve summarized our findings in a new whitepaper titled SaaS, the Cloud and the Big Bang.

The results?

In organizations we spoke with, business users drove the initial wave of SaaS adoption and largely took on the associated management and support responsibilities.   In a pattern similar to what happened with distributed computing 15-20 years earlier, as SaaS adoption hit ‘critical mass’ in these organizations (particularly those with compliance exposure),  IT has been brought in to extend existing management processes, controls and tools to SaaS and cloud-based resources.

The problem?  SaaS and cloud-based services are fundamentally exploding the traditional IT management model, due to:

  • Decentralization of management – in ‘traditional’ management environments,  IT has near complete responsibility and accountability for governance and management of technology resources.  The focus on autonomous IT governance and managmeent has increased due to increasing regulatory compliance requirements (SOX, GLBA, HIPAA, PCI etc) and the resulting increase in adoption of best practice policy and control frameworks (ITIL, COBIT, ISO 17799/27001, 27002).   In the SaaS world, business users have taken on management and support responsibilities traditionally owned by IT.  For example activities such as user provisioning and permissions management, role and profile management, application customization and configuration, and vendor management are now decentralized and distributed in many organizations.
  • Loss of control – in addition to the applications themselves, metadata on users, role and profile models, authorization and credential stores, usage activity and application performance all move outside the corporate firewall.  IT loses visibility and control over this critical management data that is now fragmented across heterogeneous SaaS service providers, in addition to the applications and users themselves.
  • Broken integrations – many IT processes around application and user management are highly automated, supported by integration with on-premise directory services, identity management and systems management solutions.  These integrations largely ‘break’ in an on-demand world, and organizations are rapidly finding that creating a new management ‘blade’ for a given SaaS app in legacy management application is not a realistic, cost effective answer.  Additionally, SaaS applications must be integrated into existing business processes through configuration and management by line-of-business users, with little or no ability to automate integration into cross-application business processes.

While it is still early, clear perspectives are starting to emerge around what the characteristics of a new generation of management solutions that address the unique challenges of on-demand environments will need to include.  Organizations are finding that SaaS and cloud-based service models are driving a convergence in identity and systems management issues, which will require the reinvention of solutions that address these issues.   Areas such as  user access management, policy monitoring and enforcement, data integration and management and business process integration all need a fundamental ‘rethink’ in a cloud-based world.

If you’re interested in receiving a copy of the whitepaper, please contact us.


Is SaaS Adoption Getting Ahead of Itself?

May 7, 2009

Reviewing customer SaaS adoptions keeps sending us back to John Martin’s post on SaaS as the next disruptive “Big Thing” for IT.  Though referencing SaaS in terms of the CIO Corner’s disruption cycle may raise some eyebrows, I think we all agree SaaS is disruptive.  SaaS presents IT and LOB executives with a true strategic differentiator, challenges IT’s comfort level for areas such as control and compliance, and disrupts the entrenched legacy vendors and solutions.  Ironically, actually calling SaaS a disruptive technology may be exactly what is required to help ensure it really goes mainstream.

Disruptive technologies referenced in Gary Beach’s blog drove the market to revisit established processes and controls, sometimes reluctantly.  SaaS is no different – discussions positioning SaaS as ‘just a delivery model’ or a simple extension for legacy IT solutions ignore the business and IT challenges.  SaaS shifts key business processes, user information, permissions, and policy to an off-premise model that is configurable – but not fully customizable.  Add in the fact that multiple best-of-breed SaaS applications may enable a full business process like CRM, we find the overall market must adapt or risk artificially limiting the SaaS opportunity.

To keep SaaS adoption from getting ahead of itself, we must turn the collective focus to driving market adoption and removing barriers to enterprise deployment.   As with any emerging industry, the solutions that enable SaaS to move beyond early adopters lag the initial SaaS deployments.  In response to this lag, SaaS customers are barraged with existing vendors quickly repurposing older technologies to capture $$$ and industry experts clamoring for ‘SaaS 2.0’.  Neither market reaction meets the real adoption needs of SaaS customers – especially in larger organizations.

It is not clear how may “IT events” failed in Gary Beach’s disruptive model, but the successful ones must have been embraced by a proactive community and industry.  Customers are demanding solutions that allow IT to move beyond old approaches, limited point solutions, and empty promises.  These solutions will have to focus on coordinated provisioning, alignment of business policy, risk and regulatory compliance, and cross-application visibility, to name a few.  If we want SaaS to be the next “Big Thing”, it is time to step up and focus on the real market needs, providing IT with robust solutions needed to drive adoption.  Let’s raise the visibility of this conversation to match the ongoing debates around next generation standards and modification of legacy approaches for SaaS.

Some additional thoughts on SaaS user provisioning…

May 1, 2009

As the term ‘provisioning’ tends to have different meanings depending on who you talk to, we wanted to follow-up on our post last week on SAML / SPML-based ‘just-in-time’ user provisioning to provide some quick additional thoughts…

Effective user provisioning requires much more than just ensuring users have an active account and access to a given service or SaaS application.  User authorizations and permissions within the service also need to be consistent with role-based access control (RBAC), least privilege and segregation-of-duties (SOD) concepts.  This requires that organizations ensure that permissions and authorizations are consistent across services, not just within each individual SaaS silo.   What makes provisioning challenging is that each SaaS service provider has their own unique role, profile and authorization model optimized around the particular problem set they address.   Virtually all SaaS user attribute and permission models are unique to the individual vendor, with some services providing the ability to configure over 50 different user attributes.  In our mind, proper user provisioning ensures that user accounts and all associated authorizations are consistent with corporate policy, which is a much deeper, more challenging problem that it first appears…

New Conformity Whitepaper

January 8, 2008

We’ve been spending quite a bit of time here at Conformity talking with organizations that we call ‘aggressive’ adopters of the SaaS model. They’ve tried for example, for CRM, have loved the benefits and flexibility of the model, and are now attempting to leverage SaaS across other functional areas and application types.

Saas User Management Whitepaper

Our new whitepaper identifies and discusses many of the common management ‘pain points’ and challenges we’ve been hearing from organizations that are attempting to go ‘all SaaS’. Please let us know if you’re interested in getting a copy.

SaaS – What’s in store for 2008?

January 5, 2008

Over the Holidays we saw a number of interesting articles and posts predicting that in 2008 SaaS will begin to go ‘mainstream’, resulting in a surge of demand for SaaS and On-Demand applications (for two of the better commentaries see Phil Wainewright’s great post on the Eight reasons SaaS will surge in 2008 and Jeff Kaplan’s Top Ten Reasons Why On-Demand Services will Soar in 2008). Some of the more compelling drivers of a potential breakout year (in terms of adoption and awareness) for SaaS in 2008?

  • Macroeconomic backdrop – the prospects of recession (which appear to be higher by the day) could actually drive increased demand for SaaS applications. The lower cost, more flexible SaaS subscription model will become even more attractive to organizations as capital budgets are cut and cost pressures increase. If organizations also accelerate office virtualization efforts in face of increasing cost pressures, SaaS will demand will benefit.
  • The heavyweights appear – 2007 saw not only large on-premise incumbents such as SAP, Oracle and others diving into the SaaS market, but also the introduction of major utility computing services from Amazon (EC2), IBM and Google, increasing the overall momentum towards SaaS that is sure to spill over into 2008.
  • Enterprise adoption – data from and other SaaS vendors (as well as our own anecdotal evidence) suggests that enterprises are becoming increasingly accepting of the SaaS model, due both to the traditional cost and support benefits of the model over on-premise software and to the increasing push towards SOA and web services models. Enterprise adoption, if it follows the mid-market pattern, will accelerate significantly over the next 12-18 months.
  • Wall Street takes notice – with successful IPOs from NetSuite and SuccessFactors (and several more in the pipeline), initiation of M&A activity in the SaaS space with Cisco’s acquisition of Webex, and valuations that reflect substantially higher multiples than traditional on-premise software vendors, investors are quickly taking notice of the SaaS opportunity.

We believe that 2008 may also be the year that ‘the other shoe drops’ for SaaS – when offerings and adoption proliferates to a point where management of SaaS applications becomes a challenge at both the organizational and departmental level…

New Microsoft SaaS offerings

October 4, 2007

Microsoft earlier this week announced the availability of SaaS versions of Exchange, SharePoint and Forefront, as well as a new SaaS-only unified messaging service named Office Communication Server. Interestingly, the offerings are not targeted at traditional mid-market adopters of SaaS, but instead at organizations buying a minimum of 5,000 licenses. An effort to fend off Google in the enterprise???

New 2007 SaaS Market Estimates

August 11, 2007

On Thursday, Gartner released its most recent worldwide SaaS market size and growth estimates. The highlights:

  • The 2007 worldwide market for SaaS is projected at $5.1 billion, a 21% increase over 2006
  • By 2011, software revenue from SaaS will reach $11.5 billion
  • From 2007-11 the growth rate of SaaS will double that of enterprise software as a whole
  • SaaS penetration ranges widely (and will continue to) across software segments, from 1 % in enterprise content management (ECM) to 75% in other segments such as e-learning and web conferencing

Further details are available in the full Gartner report “SaaS Demand Set to Outpace Enterprise Application Software Market Growth” (subscription required).