Weighing Risks, Benefits of Cloud Computing and SaaS

As cloud computing and software-as-a-service increase in popularity, concerns are growing over the control and security issues that come with adoption of the technologies.

Two recent reports offer fresh insight into how companies are adapting to cloud computing and software-as-a-service, commonly known as “SaaS.” Overall, the reports show companies increasingly realize the benefits of such technologies—albeit while approaching the risks very cautiously.

In cloud computing, a company leases data storage and computing power from an outside vendor, rather than owning that IT infrastructure directly. “All you need is a browser and you can get to your company’s systems,” says John Kogan, CEO of Proformative, an online forum for corporate finance, accounting, and treasury professionals. SaaS is slightly different: The applications—Quickbooks, Oracle, SAP, and such—reside in the cloud, where they can be rented on a periodic basis.

Kogan

For global companies in particular, “it’s incredibly complex to maintain an accounting system across all these different countries,” Kogan says. In that case, SaaS might make more sense, he says.

Both styles of computing cut companies’ up-front licensing or server infrastructure costs, as well as the number of IT professionals needed on staff. “Companies just want to be out of the business of IT,” says Kogan.

In a recent survey of 425 financial executives conducted by Proformative, 55 percent agreed that cloud technology will be very important to their companies over the next two years. Their top two reasons were a desire to scale up computing ability without adding infrastructure, and pressure to reduce capital expenses, Kogan says.

Specifically, when asked to rate the significance of each benefit on a low-medium-high scale, a plurality of respondents rated scalability as high (47 percent), cost savings as medium (46 percent), and faster response to business requirements as medium (50 percent).

“People want to be able to scale up and scale down really fast,” Kogan says. “When you own the infrastructure, you can’t do that.”

“People want to be able to scale up and scale down really fast. When you own the infrastructure, you can’t do that.”

—John Kogan,

CEO,

Proformative

Another report by IT research firm Gartner supports those claims. The report found that global cloud services revenue is expected to reach $68.3 billion in 2010, a 16.6 percent increase from the $58.6 billion in revenue reached in 2009. Worldwide revenue for SaaS delivery, meanwhile, topped $7.5 billion in 2009, an 18 percent jump from the previous year. Growth rates are only expected to accelerate, the Gartner report said. The industry is poised for strong growth through 2014, when worldwide cloud services revenue is projected to reach $148.8 billion.

Pring

“The financial turbulence of the last 18 months has meant every organization has been scrutinizing every expenditure,” says Ben Pring, research vice president at Gartner. “An IT solution that can deliver functionality less expensively and with more agility is hard to ignore against this backdrop.”

Cloud Risks

Both reports stress, however, that while interest in cloud computing is increasing, many companies still have strong—and legitimate—concerns about the technology. The top concern overall is security risk; two-thirds of respondents in the Proformative survey respondents cited it as their number one fear.

CLOUD CONCERNS

Top Concerns in Moving to the Cloud and relevant signficance:

Concern

High

Medium

Low

May put company or customer data at greater risk

30%

40%

30%

May increase my company’s IT risk

17%

46%

37%

May increase my cost of doing business

10%

40%

49%

May increase my company’s downtime

6%

39%

55%

Source

Proformative Survey on Cloud Computing (Sept. 16, 2010)

Other worries include availability of service and vendor viability and maturity, Pring says. Large companies are particularly concerned about the size and maturity of vendors and how robust their security measures are. “Large companies feel like they can protect their companies’ data and their customers’ data maybe better than some start-up [vendor],” Kogan says.

Larger companies have also already built up both massive IT infrastructures and large IT staffs. “So for them to move to any new system—in the cloud or not—is almost heretical,” Kogan says.

Little surprise, then, that small and mid-sized companies are adopting cloud computing more quickly than larger companies. Not only do they not have as large of an IT infrastructure as large companies, but they also don’t often have the same security concerns.

Some industries are also more suited to move into the cloud than others. Industries that have more inherent security issues, Kogan says, are likely to be slower and later adopters. A prime example would be the healthcare sector, which creates oceans of data but has huge privacy and security concerns. Another might be companies that handle lots of intellectual property—small biotech companies, for instance. “They may feel that controlling their own network makes them more secure,” Kogan says.

SAAS CONCERNS

Top SaaS Concerns and relevant significance:

Concern

High

Medium

Low

Lack of integration with legacy systems

28%

45%

27%

May increase my company’s business risk

14%

44%

42%

May increase my cost of doing business

12%

43%

45%

May reduce compliance (policies/regulations)

10%

33%

57%

May increase my company’s downtime

6%

36%

58%

Source

Proformative Survey on Cloud Computing (Sept. 16, 2010)

At the other extreme, Pring says the financial-services and manufacturing industries tend to be the largest early adopters of cloud services. “Communications and high-tech industries are also leveraging the cloud in significant volume,” he says.

Because cloud computing and SaaS don’t fit every business, Kogan recommends that companies take the time to ask themselves several questions: How much is the company spending on its IT infrastructure right now? Is there a cheaper alternative? How many servers does the company need, and how much manpower does it need to manage that infrastructure?

Companies should also consider how to craft contracts and service level agreements to extricate themselves from a cloud vendor in the event of a “provider divorce,” Kogan says. At the very least, the service agreement should address:

1. Data ownership;

2. Intellectual property rights around data;

3. Scope of software license (fixed terms versus perpetuity);

4. Effect of mergers and acquisitions;

5. Right of contract termination;

6. Cancellation fees; and

7. Migration time and costs.

“In essence, the legal agreement and [service agreement] should form a ‘pre-nuptial’ agreement with a provider to protect the value and integrity of data in the event of a break up,” says Kogan.