Business advisory: Know SaaS issues before they impact operations

Uncovering the benefits of Software-as-a-Service, or SaaS, requires understanding the terms and technologies involved so everyone can ask the right questions. Corporate IT, discrete manufacturing, and continuous process operations all have unique considerations when it comes to deciding when and how to adopt SaaS applications, or move into the service-based world.

Benefits typically attributed to SaaS include easier deployment, maintenance, and upgrades; flexible licensing; and better application life-cycle management. How these benefits are realized will depend on users' readiness to externalize their infrastructure and data. Companies may have to reconsider the way they think about security, data centers, managed service offerings, legacy applications, or desktop support—and of course, accessing the Web in general.

Distributed supply chains and various economic factors have driven discrete manufacturers to become more agile to stay competitive. Their cousins over in the continuous-process industries may not be under the same pressure to examine SaaS on the operations side.

“Manufacturers that need a great deal of flexibility to tie together their supply chain may find SaaS offerings fit their requirements,” says Alison Smith, a director with Boston-based AMR Research. “For both continuous process and discrete manufacturing, operations intelligence will be a more obvious fit. Once you get closer to the process, data volume may become more of a consideration.”

Thus, many process and manufacturing software vendors have worked hard to re-architect their software into “service-enabled” applications that can help customers better integrate disparate systems that might span platforms, product lines, divisions, companies, or other wide IT chasms.

To deliver their software as a service, vendors need a secure, highly available data-center infrastructure ready to support their customers. For example, Plexus Systems established its own data center and hosting infrastructure when it completely reinvented its manufacturing software solution to be delivered entirely over the Web in 2001.

“When customers tour our data center and see the measures we have in place to protect their data, we find they are much more comfortable keeping their data off-premise,” says Mark Symonds, CEO, Plexus Systems.

Security is paramount for any hosted application. For Plexus Systems, passing a SAS-70 audit demonstrates that it has established the appropriate controls and safeguards for its customers' data. This is a critical consideration for manufacturers that maintain a Sarbanes-Oxley compliance program.

Because building data centers is a significant undertaking, some SaaS vendors may elect to become customers of another vendor's “data center as a service” offering to host and maintain their SaaS application infrastructure. Similarly, manufacturers may want to consider using a data center as a service to move critical but noncore IT functions off-premise safely and securely.

Software licensing programs and practices are among the most contentious points in any vendor/customer relationship. Customers need to consume the software in a way that fits the business. Vendors need to license their software in a way that minimizes their support costs and preserves their development flexibility. Traditionally, the customer is either asked to pay for portions of the product they won't use, or the customer limits the scope, use, or deployment of the application to minimize license costs.

Managed service offerings can offer an alternative to customers that want to keep some resources on-premise, but keep their license structure flexible. Vendors establish a service-level agreement, or SLA, to guarantee important aspects of their software performs to customer expectations.

One company that has started to focus on a managed service offering is data historian vendor OSIsoft. Customers retain the software on site, but OSIsoft manages and maintains the software installations within their own off-premise network operating center, or NOC. Upgrades still have to be rolled out to each installation individually, but are done by experts working inside the NOC, which helps customers stay up-to-date.

Clearly though, the pure Software-as-a-Service model is about “the cloud,” or off-premise offerings. SaaS customers can subscribe to what they need—when they need it—while SaaS vendors increase their development and support efficacy.

To get there, an established vendor may offer an entirely new application as a service. This is the idea behind SAP's Business ByDesign. It's not SAP as you've seen it before, and not just because it doesn't live on-premise. SAP started from a targeted set of functionality that addresses the small-business market segment and plans to evolve it over time.

Other vendors are completely service-based already, so the benefits SAP intends to deliver with Business ByDesign already are being experienced by, for example, the customers of Plexus Systems and Carbonetworks, a vendor of carbon emissions-management solutions. Potential benefits aside, industry acceptance of SaaS can be a hurdle because customers must relinquish some degree of control.

“Initially we were strongly encouraged to deliver our software suite as a solely on-premise offering,” says Michael Meehan, CEO of Carbonetworks. “However, with our business model, it made much more sense to keep it entirely off-premise, and now our customers don't even think twice about it being an off-premise offering.”

Carbonetworks software allows users to include site operations, partners, and suppliers into their carbon footprint management strategy. Upgrades happen out in the cloud seamlessly, and adoption of the software by new customers is expedited because they've obviated a significant amount of the IT resources needed to install and maintain a new business system.

As would be expected, new or “breakthrough” applications are easier to offer as a service. There are no legacy customers, no migration concerns, and a clean slate from which to start a vendor/customer relationship. This is partly why an established software vendor will nearly reinvent even a well-known application as a service. Simply slapping a set of Web services on top of an application doesn't make it a winning proposition for the customer or vendor.

As is the case with SAP, which is first targeting small businesses with Business ByDesign, vendors may identify a different customer demographic with their new application because every feature or function from the flagship application isn't yet available as a service.

Operations IT may not be the first place your company looks when it comes to investigating SaaS. Common IT infrastructure may in fact be the primary consideration.

Subscribing to email and collaboration software offerings as a service seems a logical first step. Many companies also subscribe to certain HR systems as services for functions like payroll and expenses. Vendors will try to extend this trust beyond these basic utilitarian offerings and into new application areas.

Of course, most process industry and manufacturing companies depend upon at least one specialized or custom application. What if these can't be replaced with a vendor's off-the-shelf or SaaS application? Infrastructure providers like Microsoft have been working hard to bring those applications that can't be left behind into the service world one way or another.

Realistically, most companies will require a blend of both on- and off-premise applications. Microsoft's service strategy calls this Software plus Services—or S+S—which is executed from an infrastructure, hosted services, and applications perspective.

Microsoft offers tools that enable partners and customers to migrate or create applications that work both on-premise and in the cloud. Microsoft also has a suite of online services to support partners and customers that need hosted resources like email (Microsoft Exchange); collaboration (SharePoint); and entire data centers. The vendor uses its infrastructure and service offerings to enable applications like Microsoft Office System to work in both the on- and off-premise world, allowing a partner application to seamlessly move from one to another.

“Microsoft thinks there is tremendous benefit in offering certain manufacturing and operations systems as a service,” says Chris Colyer, worldwide director, manufacturing operations strategy, Microsoft. “If you think of it from an ISA S95 information architecture model, Level 3 and Level 4 systems such as MES, genealogy tracking, or quality systems can be managed or offered as a service.”

It goes beyond that as well: Microsoft has a way to move that critical legacy application into a manageable desktop environment, or even into the cloud.

“Virtualization can help you move a critical application into a more robust environment,” says Colyer. “Legacy desktop applications also can be virtualized and centrally managed as a service to run on today's hardware.”

Where should the SaaS adventure begin? A narrow scope can help weed out the field of candidates while establishing a foothold in the software as a service world.

When IT applications are "service-enabled"—whether created in-house or leveraging vendors’ service-oriented architecture (SOA) support—infrastructure upgrades can be accomplished without necessarily touching every single piece of integration work previously accomplished. In theory, a SaaS ERP provider can offer services from other vendors.

As with any application, consider how it will affect the user base. The security integration of any off-premise service—even if it is within your own control, but outside the firewall—with pre-existing security topology and practices can make or break its adoption. Just consider how many user names and passwords employees manage today—and how they manage them. The more seamless the integration, the more users will accept it.

The introduction of any external software or services will change a company's risk profile. It is important to assess and understand the current situation so one can ask the right questions of a services or SaaS vendor prior to engagement. This will help identify any unintended security risks beyond the obvious concerns regarding the vendor's security experience and your data's safety outside the firewall.

“You have to build a secure relationship and partnership with a vendor, and this will develop over time,” says Colyer—a sentiment echoed by Carbonetworks and Plexus Systems. An open dialog with any vendor helps address concerns, and bring to light the vendor's readiness, as well as your own.

Central to the Firepond solution is its Product Data Manager, which serves as a central data repository for all product descriptions, pricing, and configuration rules—in addition to necessary workflows.

If possible, a service-oriented integration approach that isolates a legacy application's functions may deliver the best of both worlds. If that blend of functions can be recreated from several vendor applications, then it isn't necessary to find an exact replacement for the legacy application.

These trade-offs can and must be evaluated. Truly understanding an application's role in operations helps identify the right strategy. Certainly there are examples where the work to maintain that application or develop a more modern replacement will be an acceptable strategy. When that list of applications is known and its impact on operations understood, the alternatives will become clearer.

Embracing services of all kinds can offer many benefits. Taking advantage of those benefits may require leveraging all the options available, and that calls for an understanding of your IT landscape and objectives. Just remember: you're in the driver's seat and your unique strategy won't come in a box, hosted or otherwise.