Hubspan Session at Cloud Expo

The benefits of doing things "as-a-Service" (aaS) and leveraging cloud-based technologies are well-known and documented, such as a low barrier to entry, reduced capital outlay and infrastructure, easy scalability, and device/location independence. Many companies also appreciate the reliability of service and the ability to leverage specialized domain knowledge expertise from an experienced aaS provider.

However, there is still a great deal of confusion about the many different types of aaS and questions remain over how much companies should rely on the cloud. Specifically, when is the right time to turn to aaS rather than build and manage in-house and what are some of the pitfalls that can be avoided when moving to an aaS-based solution?

Leveraging the cloud and delivered as a service, each aaS has the ability to help you do things faster, better, cheaper. The most attractive characteristic of the aaS movement is a flexibility that allows for an incremental or selective approach to deployments. You don't need to do it all at once, and you can mix and match.

The following is a brief synopsis of current aaS variants, when you should consider them, and what the future might hold for this technology.

First, here's a quick cheat sheet of three most common aaSes:

1. IaaS - stands for both Integration-as-a-Service and Infrastructure-as-a-Service
2. SaaS - Software-as-a-Service
3. PaaS - Platform-as-a-Service

Integration-as-a-Service (IaaS) is probably the oldest, and has historically been the most stagnant, of the aaSes. IaaS originally functioned as a connector, providing integration for businesses to transmit documents to each other, such as EDI (electronic data interchange) and VANs (value added networks). Examples of this type of business document interchange go back to as early as the 1960s and really took hold during the '70s and '80s when early service providers helped companies automate this exchange. IaaS improved substantially once documents could be sent digitally over the Internet.

Typically, IaaS provided a backbone network, routing services, monitoring, reporting, and a normalized format to transact messages between business partners. While effective, this first iteration of IaaS failed to exploit the full potential of a rapidly maturing Cloud Computing environment and does not attempt to align the integration with the broader business process, such as supply chain management.

Thus, we move next to Net2 IaaS, a more advanced version, that incorporates business processes. As the key to meeting the needs of your customers, business processes are the lifeblood of your enterprise and demand continuous management and improvement. Net2 IaaS moves you in this direction by building on the simple customer transaction messages of IaaS and extending it to provide data transformation and correlation services. It also enables more policy and business intelligence-based integration processes, including access control rules, exception handling and intelligent reporting, among other capabilities. This is where the technology is today with leading integration vendors.

The next logical step with this aaS we'll call Business Collaboration Integration as-a-Service (BC IaaS). The core component of BC IaaS is the establishment of governance across inter-business services. At this stage, integration, business process management and service-oriented architecture (SOA) come together in the cloud. BC IaaS adds the governance and management through SLAs, advanced compliance and security, and precise message exchange expectations. This approach strengthens customer and partner relationships by establishing firm rules and building trust through transparency - without sacrificing any of the efficiencies and automation of IaaS. The platform also offers the capability of building strong vertical solutions that apply to both specific businesses and industry sectors.

Another, yet different IaaS, Infrastructure-as-a-Service, is just what it sounds like, an outsourced infrastructure that replaces the need to build your own. This includes a secure premise with high throughput Internet backbone connectivity, a continuous power supply, dedicated computer hardware, basic router/firewall and backup services. A variant on this is Virtual Infrastructure-as-a-Service, which we'll call "VIaaS," which uses virtual provisioning to segregate multiple customers' applications on shared hardware. An example of this is the Amazon Elastic Compute Cloud that provides resizable computing capacity in the cloud, allowing customers to pay only for the capacity they use.

Software-as-a-Service (SaaS) is perhaps the best known aaS. This is when a specific piece of software or an application is delivered as a service and available on-demand via the Web for users. SaaS comes in two flavors: UI-based SaaS and Machine-to-Machine (M2M) SaaS.

Salesforce.com (a leading customer relationship management SaaS application) is a good example of UI-based SaaS. Salesforce.com is a pre-canned application exposed as a service, allowing the customer to interact with a Web site to access the application from anywhere. Web sessions are protected by an authentication login, and each company has its own view of the application.

M2M SaaS allows a customer's application to interface with a SaaS application to get information. This can range from basic queries, such as accessing a stock market quote to more complex services. One example would be an ERP procurement application that accesses airline flight pricing information and business rule data in response to an employee's travel request.

A Platform-as-a-Service (PaaS) can be used by customers to create and run Web-exposed applications (Windows Azure, Salesforce's Force.com, and Google Web Toolkit are examples). PaaS is typically presented as a design studio the provider makes available to you, where there are widgets you can use to create your own applications. You own the life cycle (including promotion/test) of the application and all intellectual property, even though you are building on the vendor's PaaS. It offers robust fault tolerance and a true virtual machine sandbox with strong data segregation.

The most attractive element of PaaS is that it is Web-exposed. You can create a vertical application and have people work with the application without building out your infrastructure or worrying about stability or performing back-ups. It's another example of faster, better, cheaper.

Clearly, there are a lot of aaSs in IT today. Combined with the power inherent in cloud computing, each of these aaSs holds immense potential. Determining how and when to utilize which technology requires a good grounding in what is available today, what is on the horizon, and, most important, how new deployments will advance your business objectives by anticipating, meeting and exceeding the needs of your customers.

IT guys are a skeptical lot and with good reason. It would be naïve to assume the opinion of an aaS vendor comes without its share of bias; however, an assiduous vendor (such as Hubspan) will have done its homework, studied all available materials and is able to present key facts. While each company should do its own research and find solutions and vendors that best meet its specific requirements and budget, there are some universal, key points to keep in mind:

1. Start small: One of the great aspects of aaS is the ease of scalability; you can to start with one application, one integration project or one business process and grow as needed once you're ready. Carefully choose your first foray into incorporating any aaS. Make sure it's the most likely to succeed and will bring visible, quantifiable returns, and is aligned with business goals. Also, make certain it represents the most logical path toward the full adoption of your strategy. For example, your company's best bet might be moving storage and back-up data to the cloud, utilizing the cloud for some of your development environment or leveraging one of the well-known SaaS-based applications for CRM.

2. Watch out for aaS pitfalls: While the benefits are great, there are still pitfalls to avoid. For example, sometimes the services offered are too granular or focused too narrowly on one area; they don't expand or provide for integration with other applications or services. Imagine the pain around managing several dispersed but tightly interconnected services. Debugging becomes a huge challenge and vendors can try to blame each other, requiring you to log into and analyze several different management sites. Password management can also be cumbersome.

3. Beware the hidden costs: Make sure you understand the pricing tiers and any potential additional costs that can be added to your fees. For example, if your service is payload-size based, you will need to carefully watch the size of your transactions. Or there might be a premium fee for any unexpected spikes in throughput, which you may or may not be able to forecast. Areas such as these should be negotiated and built into the contract so you do not end up with billing surprises.

4. Look for best practices: Do some research to understand how other companies like yours are using the cloud and aaS solutions. Also, there are some good rules of thumb out there you can follow. For example, Gartner has laid out how different types of users are taking advantage of different cloud architectures and why.[1] Gartner views every aaS as fitting into one of three fundamental layers: Application Services, Application Infrastructure Services and System Infrastructure Services. Application Services are attractive to large enterprises as the best path to acquiring unique applications. For the SMB, it's a way to reduce the work-load and capex costs of internal IT departments. Similar capex cost concerns compel smaller ISVs to utilize Application Infrastructure Services, while large enterprises can use them to accelerate time-to-market. System Infrastructure Services are used by large enterprises as a way to reduce costs and as a good way to take care of time-boxed projects such as development work and testing.

5. Choose the right third-party vendor: Forrester Research has delineated important characteristics to look for when choosing a SaaS vendor, which is applicable to any aaS.[2] Forrester's list includes everything from making sure the SaaS vendor is financially stable to security, architecture and roadmap, among others.

• Vendor finances (profitability, cash and investors): Make sure they are viable for the long term. This entails committed investors, as well as a strong existing customer base. Forrester notes that just because many SaaS vendors are small does not mean they don't have a strong financial footing.
• Dedication to SaaS: Many vendors are 100% dedicated to SaaS, while others use this as one of many delivery models. There are tradeoffs with each approach, but some of the benefits for those focused on the cloud and services are agility and more frequent product updates. However, hybrid models that combine on-premise with the cloud are potentially an attractive feature from vendors that offer both.
• Customer base / Subscriber base: What is interesting about this category is Forrester notes that having a few large customers or many smaller ones can be good economics for a SaaS vendor.
• Strong architecture: A truly cloud-based architecture capable of getting you started quickly and providing excess capacity as you grow are crucial. Watch out for small maximum user limits or single tenancy design.
• Security and privacy: Ensure that your company's and related industry security standards extend to your aaS provider. Review the vendor's capabilities around data protection, identity management, physical and personnel security, and others. Vendors should be able to provide audit documentation around key mandates, such as PCI or SAS 70. This is obviously a top priority and can be the determining factor between moving forward with an aaS in the cloud in the first place. One question to keep in mind is whether the security you can provide yourself is superior and more cost-effective than the security provided by a third party who has the experience and expertise that comes from providing security to many customers over many years?
• Back-up and redundancy: Ask the vendor where the SaaS solution is hosted and how they manage back-up. Also, vendors should be able to clearly state their recovery point objective (RPO).
• Roadmap for new functionality: Upgrading traditional software applications is cumbersome, costly, and inconvenient. An aaS vendor should be able to add new features and services with minimal interruption on a regular basis. In addition, your vendor should anticipate your needs and help you grow by innovating as the industry matures.
  And we would add:
• Look for strong SLAs: While not in Forrester's list, this is important. Any aaS vendor should have clear Service Level Agreements (SLAs) in their contracts around uptime, maintenance downtime, performance response times, support levels, etc.

6. Ensure the highest level of security: As mentioned briefly above, security in the cloud is paramount. A cloud platform should adhere to the highest levels of network security, physical security and data protection. When evaluating cloud vendors, here are some key questions we recommend you ask:

• How does the vendor plan on securing your data and segregating the data from other customers?
• Is the data encrypted both in motion and at rest and what key management policies do they employ?
• What access control do they enforce for the application and physical security?
• What third-party groups audit their security? What compliance or other certifications do they possess?
• What is their disaster recovery plan and how does data security figure into those plans?
• What visibility do you have into the process?
• What is their network topology? Are they consistent with best practice tiered networking?

The benefits of cloud and "aaS" are real and quantifiable. With the right research, plan and vendor, your company can reduce costs, improve operational efficiencies, become more agile, achieve business and IT alignment, and increase levels of customer and partner satisfaction.

References

1. Gartner presentation: "Application Platforms for Cloud Computing: Who, Why and When". Yefim Natis. December 2009
2. Forrester Research: SaaS Valuation Criteria. Liz Herbert. February 22, 2010.