Archive for the ‘Web services’ Category

Conformity Announces GA Release of First Enterprise-Class Management Platform for SaaS and Cloud Apps

September 30, 2009

We’re excited to announce today the general availability of the Conformity solution, which provides customers the first enterprise-class management platform for cloud applications and users.  The Conformity solution is designed to arm enterprises with the same level of visibility and control over on-demand applications as they’ve come to expect with traditional packaged apps.  With our solution, enterprises can now be confident bringing new cloud applications into their business environments, knowing there will no longer be compromises made in the areas of management processes, insight and control.  With today’s GA, enterprises can:

  • Increase data security and reduce compliance risks
  • Optimize license allocation and expenses
  • Automate and streamline administration
  • Expand and extend enterprise usage of SaaS and cloud applications

Specific capabilities of the Conformity solution include:

  • User provisioning – provides centralized point of provisioning and deprovisioning of users accounts within cloud applications, and ongoing management of user permissions and authorizations.
  • Role and profile management – enables organizations to centrally manage cloud application roles, profiles and permissions through normalized permission models, and maps policies to users and roles.
  • Approval workflows – provides auditable cross-functional approval processes for users requiring new or amended access permissions, or role and profile changes.
  • Directory integration – enables organizations to seamlessly synchronize Conformity’s user repository with on-premise directory services.
  • Compliance reporting – provides reports required for effective preparation for audits for SOX, HIPAA, PCI and other regulatory mandates and standards.
  • Usage analytics – provides visibility, analytics and reporting on cloud application and license utilization.
  • Change management – enables archiving, management and recovery of application configurations and role models.

The Conformity platform provides templates, tools and workflow needed to manage all cloud applications in a customer’s environment.  Conformity also provides additional analytics, reporting and provisioning automation through integrations with the following leading cloud applications:

The Conformity platform also supports directory integration for Microsoft Active Directory, and is compatible with industry standards such as SPML, SAML and WS-Federation.

Please click here to read the full announcement, and stay tuned for more upcoming news!!!


Mark your calendar – Enterprise SaaS Working Group webinar

August 28, 2009

We’re excited to announce that on September 30th at 11:00am PDT / 2:00pm EDT we’ll be holding the first event in our Best Practices webinar series, featuring a roundtable discussion with the Enterprise SaaS Working Group. Comprised of recognized thought leaders and visionaries in SaaS and cloud computing, the group will discuss the challenges and issues that need to be overcome for SaaS and cloud applications to become truly ‘enterprise-ready’. Participants in the session will include:

The discussion will focus on critical issues and corresponding best practices in the areas of management, governance, security and compliance, and will include a Q&A session open to all attendees. Click here for more information and to register for this exciting event!

The Enterprise SaaS Working Group – Coming Soon…

August 20, 2009

As frequently discussed in this blog, here at Conformity we believe that there are a fundamental set of issues that the SaaS industry as a whole needs to address for SaaS and cloud applications to become truly ‘enterprise-ready’.  These issues range from management access and APIs to SLAs and performance monitoring.  To provide a forum to further surface, discuss and propose solutions to these issues, in September we will be introducing the first Enterprise SaaS Working Group.  The group will discuss challenges that need to be overcome to accelerate adoption of on-demand solutions in the enterprise, and will include a broad range of perspectives from thought leaders and practitioners alike.  Participants will include:

  • Enterprise CIOs and IT executives
  • SaaS vendor executives
  • SaaS consultants and service providers
  • Industry analysts

We will be formally introducing the group at an exciting event we’re going to be hosting in late September.  Please stay tuned for more details…

Closing the gap between IT and SaaS

July 8, 2009

One of the big challenges the SaaS industry continues to face (which we talked about at our presentation at SaaS University last week in Chicago) is the gap that exists between the APIs/management access that SaaS applications provide today and the expectations of CIOs and IT teams, particularly in the enterprise.  The end-customer CIOs we’re working with are typically surprised at how difficult it is to integrate most SaaS applications into their existing management processes and solutions –  a CIO we recently spoke with just assumed that all major SaaS applications supported direct integrations into Active Directory and LDAP.  On the flip side, most SaaS vendors are being faced with IT requirements and expectations they haven’t yet considered, let alone support in their services (though there are exceptions) particularly in identity-related areas such as user authentication and access control.

Why is this important?

IT is regaining its seat at the table when it comes to SaaS.  In mid-size enterprises, as SaaS adoption has accelerated cross-functionally organizations are beginning to look to IT to centralize management and governance of SaaS applications and users to minimize compliance risks and administrative costs.   In a recent survey we found that IT was involved in management and administration of SaaS applications in 72% of multi-SaaS organizations.   In larger enterprises that are now taking a serious look at SaaS, IT is involved from the start to determine how the applications will be integrated into broader business processes and other on-premise applications, as well as management processes and solutions.  We’re starting to hear from both types of organizations, as well as the SaaS vendors that serve them, that application ‘manageability’ is becoming a consideration in sales cycles – in fact we’re aware of several situations where an incumbent SaaS provider was displaced by an offering with improved API and management access.

Why the disconnect between SaaS vendors and IT?  Based on our experiences and interactions with both sides of the issue, the gap that exists between SaaS applications and IT is driven by two factors:

  • SMB legacy – the majority of leading SaaS vendors (including grew from an initial focus on SMB customers.   Applications were architected and optimized to solve a specific functional business problem for this initial class/size of customer, with (understandably) limited focus on how the application would have to integrate into multi-SaaS or enterprise environments.
  • IT as ‘the enemy’ – the ease of deployment and flexibility of SaaS eliminated the need for business users to involve their IT organizations in the selection, configuration and management of SaaS applications.   As IT historically has neither been a decision-maker or influencer in the sales process, most SaaS vendors haven’t been exposed to IT organizations, particularly in the enterprise.  In fact, IT was and is often times (and often unfairly) characterized as the enemy of SaaS adoption, needlessly entangling business users in red tape and bureaucracy.  IT teams have also been part of the problem, often taking little interest in administering or managing SaaS applications.  In either case, most SaaS vendors have had relatively limited interactions with enterprise IT organizations, particularly when compared to on-premise ISVs.

We fundamentally believe that for SaaS adoption to continue to accelerate in both midmarket and large enterprises that the gap between IT requirements and SaaS application capabilities will need to be closed.  SaaS vendors need to improve APIs, management access and visibility in areas such as user and identity management, activity logging and monitoring, service management and back-office/financial management.  More on this to come….

SaaS, the Cloud and the ‘Big Bang’

May 11, 2009

Here at Conformity we recently wrapped up some interesting market research on the topic of adoption of SaaS and cloud-based services and the management challenges it is creating for organizations and their IT departments in particular.  Conducted in conjunction with a leading analyst firm,  we spoke with IT and business executives at nearly 50 midsize and large enterprises that were adopters of multiple SaaS applications, and who were planning on extending their adoption of the model.  We’ve summarized our findings in a new whitepaper titled SaaS, the Cloud and the Big Bang.

The results?

In organizations we spoke with, business users drove the initial wave of SaaS adoption and largely took on the associated management and support responsibilities.   In a pattern similar to what happened with distributed computing 15-20 years earlier, as SaaS adoption hit ‘critical mass’ in these organizations (particularly those with compliance exposure),  IT has been brought in to extend existing management processes, controls and tools to SaaS and cloud-based resources.

The problem?  SaaS and cloud-based services are fundamentally exploding the traditional IT management model, due to:

  • Decentralization of management – in ‘traditional’ management environments,  IT has near complete responsibility and accountability for governance and management of technology resources.  The focus on autonomous IT governance and managmeent has increased due to increasing regulatory compliance requirements (SOX, GLBA, HIPAA, PCI etc) and the resulting increase in adoption of best practice policy and control frameworks (ITIL, COBIT, ISO 17799/27001, 27002).   In the SaaS world, business users have taken on management and support responsibilities traditionally owned by IT.  For example activities such as user provisioning and permissions management, role and profile management, application customization and configuration, and vendor management are now decentralized and distributed in many organizations.
  • Loss of control – in addition to the applications themselves, metadata on users, role and profile models, authorization and credential stores, usage activity and application performance all move outside the corporate firewall.  IT loses visibility and control over this critical management data that is now fragmented across heterogeneous SaaS service providers, in addition to the applications and users themselves.
  • Broken integrations – many IT processes around application and user management are highly automated, supported by integration with on-premise directory services, identity management and systems management solutions.  These integrations largely ‘break’ in an on-demand world, and organizations are rapidly finding that creating a new management ‘blade’ for a given SaaS app in legacy management application is not a realistic, cost effective answer.  Additionally, SaaS applications must be integrated into existing business processes through configuration and management by line-of-business users, with little or no ability to automate integration into cross-application business processes.

While it is still early, clear perspectives are starting to emerge around what the characteristics of a new generation of management solutions that address the unique challenges of on-demand environments will need to include.  Organizations are finding that SaaS and cloud-based service models are driving a convergence in identity and systems management issues, which will require the reinvention of solutions that address these issues.   Areas such as  user access management, policy monitoring and enforcement, data integration and management and business process integration all need a fundamental ‘rethink’ in a cloud-based world.

If you’re interested in receiving a copy of the whitepaper, please contact us.

Some additional thoughts on SaaS user provisioning…

May 1, 2009

As the term ‘provisioning’ tends to have different meanings depending on who you talk to, we wanted to follow-up on our post last week on SAML / SPML-based ‘just-in-time’ user provisioning to provide some quick additional thoughts…

Effective user provisioning requires much more than just ensuring users have an active account and access to a given service or SaaS application.  User authorizations and permissions within the service also need to be consistent with role-based access control (RBAC), least privilege and segregation-of-duties (SOD) concepts.  This requires that organizations ensure that permissions and authorizations are consistent across services, not just within each individual SaaS silo.   What makes provisioning challenging is that each SaaS service provider has their own unique role, profile and authorization model optimized around the particular problem set they address.   Virtually all SaaS user attribute and permission models are unique to the individual vendor, with some services providing the ability to configure over 50 different user attributes.  In our mind, proper user provisioning ensures that user accounts and all associated authorizations are consistent with corporate policy, which is a much deeper, more challenging problem that it first appears…

SaaS – What’s in store for 2008?

January 5, 2008

Over the Holidays we saw a number of interesting articles and posts predicting that in 2008 SaaS will begin to go ‘mainstream’, resulting in a surge of demand for SaaS and On-Demand applications (for two of the better commentaries see Phil Wainewright’s great post on the Eight reasons SaaS will surge in 2008 and Jeff Kaplan’s Top Ten Reasons Why On-Demand Services will Soar in 2008). Some of the more compelling drivers of a potential breakout year (in terms of adoption and awareness) for SaaS in 2008?

  • Macroeconomic backdrop – the prospects of recession (which appear to be higher by the day) could actually drive increased demand for SaaS applications. The lower cost, more flexible SaaS subscription model will become even more attractive to organizations as capital budgets are cut and cost pressures increase. If organizations also accelerate office virtualization efforts in face of increasing cost pressures, SaaS will demand will benefit.
  • The heavyweights appear – 2007 saw not only large on-premise incumbents such as SAP, Oracle and others diving into the SaaS market, but also the introduction of major utility computing services from Amazon (EC2), IBM and Google, increasing the overall momentum towards SaaS that is sure to spill over into 2008.
  • Enterprise adoption – data from and other SaaS vendors (as well as our own anecdotal evidence) suggests that enterprises are becoming increasingly accepting of the SaaS model, due both to the traditional cost and support benefits of the model over on-premise software and to the increasing push towards SOA and web services models. Enterprise adoption, if it follows the mid-market pattern, will accelerate significantly over the next 12-18 months.
  • Wall Street takes notice – with successful IPOs from NetSuite and SuccessFactors (and several more in the pipeline), initiation of M&A activity in the SaaS space with Cisco’s acquisition of Webex, and valuations that reflect substantially higher multiples than traditional on-premise software vendors, investors are quickly taking notice of the SaaS opportunity.

We believe that 2008 may also be the year that ‘the other shoe drops’ for SaaS – when offerings and adoption proliferates to a point where management of SaaS applications becomes a challenge at both the organizational and departmental level…

SaaS Research Study – CIO Insight

July 29, 2007

CIO Insight recently released the results of its July 2007 Research Study on SaaS, SOA and web services. We typically think about SaaS adoption both from a breadth perspective – the number of organizations that have adopted at least one SaaS app – and depth – how many SaaS apps has the typical adopter deployed. The organizations with ‘deep’ adoption are the ones where we see management and control issues starting to emerge. While the report concludes that companies are ‘cautious’ in acceptance of SaaS, and that use of SaaS is ‘wide, not deep…yet’, taking a closer look at the numbers was instructive.

70% of survey respondents were IT executives from companies with 2006 revenues between $5 million and $1 billion; of those; of those approximately half were from companies between $5 and $100 million, so the survey had a clear bias towards SMBs/MSEs. The average respondent has 6 SaaS apps currently deployed – certainly nothing to sneeze at in this context. While the survey doesn’t have it, to get a better sense of adoption ‘depth’ it would be interesting to know what percentage of the total application portfolio for these respondents have ‘gone SaaS’. Our guess is that it would higher than most people expect. While SaaS pentration clearly hasn’t reached its potential, we get the sense from this (and other surveys and anecdotal evidence) that penetration within SaaS adopters is accelerating quicker than most would believe particularly in MSEs.

The other interesting note is that the survey was of IT executives who acknowledge that SaaS apps are frequently deployed at the departmental or business unit level. In many of these organizations, it’s likely that there’s additional adoption occurring below the radar screen of IT.

Read the full study here.