SaaS and Business Continuity

From the Principal’s Office

In this issue we take a look at software as a service (SaaS) from the perspective of the SaaS software delivery architecture as an enabler to business continuity in the event of a shutdown of operations at a business corporate headquarters.

Bob Amster – Principal, RTG


SaaS and Business Continuity

By Bob Amster – RTG

How many retail company executives like to think about corporate headquarters going down in flames, or being wiped out by a tornado, or having the lights go out in an entire power grid?  Nobody.  Yet, following Murphy’s Law, it could happen and retail businesses need to be prepared to continue doing business in the face of such adversity.  How to be prepared varies from company to company and there are many factors to consider.  I will focus on an emerging software delivery architecture that mitigates the risk in case of a disaster to corporate headquarters: SaaS, which I easily assign as a sub-set of another emerging, and much written technology category; cloud computing.  Both complement business continuity planning.

One company, Techtarget, defines business continuity thus:

“Business continuance (sometimes referred to as business continuity) describes the processes and procedures an organization puts in place to ensure that essential functions can continue during and after a disaster. Business continuance planning seeks to prevent interruption of mission-critical services, and to reestablish full functioning as swiftly and smoothly as possible.”

And, according to articles in CIO Magazine:

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether an event might be a hurricane or simply a power outage caused by a backhoe in the parking lot. Management’s involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency.

Wikipedia further defines SaaS as follows:

Software as a service (SaaS; pronounced /sæs/ or /s??s/) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as “on-demand software”. SaaS is typically accessed by users using a thin client via a web browser.

While this may seem like motherhood and apple pie to some, it may be a revelation to many others.

I became a big fan of SaaS in the last five years for a number of reasons.  Rather than see it as a ‘loss of control over the software applications’, I initially saw SaaS as a way of providing software application solutions that are accessible from any device with a browser and some form of connectivity, which the IT department need not manage at its usual level of effort as if the application were on-site; whose cost can grow or shrink with the size of the enterprise, and whose upgrade path does not – in most instances – require a re-implementation of time-consuming, careful application of upgrades.  But for the purposes of this discussion, let us only concentrate on the first characteristic: accessibility from anywhere, on a multitude of widely-used devices.

While engaged with a retailer client to conduct a disaster recovery project, I also came to appreciate the benefit of SaaS as a way to mitigate the risk to business continuity by providing access to mission-critical applications from somewhere outside the affected geographic area.  In this respect, SaaS has the advantage over client/server solutions.  In an emergency such as those described above, key personnel can be dispatched (with an application such as  Send Word Now) to other, unaffected locations, including possibly their own home, in order to access critical applications remotely and provide even limited business continuity.  Picture a retail chain of 200 stores.  Should it close the doors of all its stores because something bad happened at, or to the company’s headquarters?

SaaS architecture makes it simple for designated key personnel to access applications with nothing more than broadband service, a home computer, tablet, or smartphone with a browser.  Obviously, these personnel would have to operate from an unaffected location, in which they have electricity, and cable, fiber or 4G cellular service through which to access the application’s site.

Similarly and importantly, when subscribing to SaaS, it is incumbent on the business to conduct its due diligence and understand the SaaS provider’s own redundancy capabilities, and to include in the service level agreements verbiage to the effect that the software provided as a service will be available within what the business accepts as a reasonable period of time in the event the software provider’s own data center fails.  When the pieces are in place, only a major disaster should disrupt a business materially, and that is why those events are called disasters.