Questions about SaaS
When evaluating SaaS for your business, you need to understand each provider’s approach to service delivery infrastructure, policies, and procedures. You also need to ensure that the providers you’re considering can deliver 24/7 service with high performance and availability.
SaaS applications from top service providers are built on an infrastructure that provides the security, performance, and reliability normally found in only the most sophisticated IT departments. The SaaS model allows companies of all shapes and sizes to leverage this infrastructure, which would otherwise be out of reach for most.
Software-as-a-service vendors must be able to provide a compelling, proven answer to all the following questions:
- Is my data secure?
- Can I track performance?
- Is the service truly multitenant?
- Will this application scale?
- Is this application high performance?
- Is there a disaster recovery plan?
- Will the application always be available?
Security is more than just user privileges and password policies. It’s a multidimensional business imperative, especially for vendors responsible for customer data. Make sure any provider you’re considering has detailed, rock-solid policies and procedures in place to guarantee the highest possible levels of:
- Physical security
- Network security
- Application security
- Internal systems security
- Operating systems security
- Third-party certification
Can I track performance?
With on-demand applications, customers rely on their providers to keep systems and data available. Vendors should provide detailed information about service delivery and performance, in real time. You need to trust your SaaS provider to meet your business requirements, so expect them to communicate with you as a partner in your business. Look for:
- Timely and detailed information on a vendor’s service performance data
- A calendar of planned maintenance activities
- Daily data on service availability and transaction performance
- Proactive communications regarding maintenance activities
Is the service truly multitenant?
Leading Web applications such as Gmail and eBay run on a single code base and infrastructure shared by all users. Multitenant architecture allows for quick deployment, lower cost, and faster innovation. Single-tenant systems are not designed for large-scale on-demand success. The internal inefficiencies of maintaining separate physical infrastructure for each customer makes it impossible for vendors to deliver a quality service and innovate quickly. Make sure the vendor’s architecture enables:
- Efficient service delivery, with low maintenance and upgrade burden
- Consistent performance and reliability based on manageable multitenant architecture
- Rapid product release cycles
Will this application scale?
With any utility, customers benefit from the scale of the supplier. Scale provides a larger customer community that can deliver more and higher-quality feedback to the vendor to drive future innovation. And a larger customer community provides rich opportunities for collaboration between customers. Make sure the vendors you’re evaluating provide:
- Proof of scalability to many hundreds of thousand of users
- Resources to guarantee the highest standards for service quality, performance, and security
- The ability to grow systems and infrastructure to meet changing demands
- Support that responds quickly and accurately to every customer
- Proven performance and reliability as customer numbers grow
Is this application high-performance?
SaaS vendors need to deliver consistent, high-speed system performance on a worldwide basis, and they should have detailed historical statistics to back up any performance claims. Look for data that demonstrates:
- Average transaction processing speed
- Average number of transactions supported
- Web page delivery times
- Average query response times
Is there a disaster recovery plan?
Any vendor providing on-demand services should be professionally paranoid, considering every potential disaster, and being prepared for anything. Ask whether the provider has:
- Data backup procedures that create multiple backup copies of customers’ data in near real time at the disk level.
- A multilevel backup strategy that includes disk-to-disk-to-tape data backup where tape backups serve as a secondary level of backup, not as their primary disaster recovery data source.
- Failover that cascades from server to server and from data center to data center in the event of a regional disaster, such as a hurricane or flood.
Will the application always be available?
Any provider offering SaaS applications needs to be able to deliver very high availability. Some of the factors to look for:
- Facilities with reliable power, cooling, and network infrastructure
- High-availability infrastructure, including networking, server infrastructure, and software
- N+1 redundancy
- Detailed historical availability data. Vendors should provide availability data on the entire service, not just on individual servers.
The Truth About SaaS Security
Many companies have thoroughly examined salesforce.com’s security provisions and found them to meet or exceed their requirements, even in regulated industries such as financial services and healthcare. To find out how salesforce.com addresses security, click on one of the links above or visit www.trust.salesforce.com
Monitoring SaaS Security
Leading SaaS providers not only make the security of customer data their number one priority, they go a step further: They offer transparency into the ongoing status of their systems. Salesforce.com’s Trust Web site provides tips on identifying phishing scams, security best practices, and up-to-the-minute system status at www.trust.salesforce.com/trust/status