Imagine this scenario.  You’re an IT manager and you want one of your sys admins to set up a new server in your data center.  To accomplish this you do three things:

1. Give the sys admin the root password to every other system in the data center.
2. Rent a wrecking ball, put it in front of the data center and give them the keys.
3. Give them an Open Purchase Order with the ability to buy unlimited amounts of equipment!

Now, no IT Manager would ever do this  with their current data centers, but it’s pretty much what every IT manager has to do with most of today’s cloud environment.  That’s because the vast majority of clouds today are built to be used by one person with one password.  If you want multiple people to access the account, they each have to use the same user-name and password!

That’s like having every single person in your IT department using the same password for every system.  I’m not a security paranoid, but even I shudder at the thought.  Every single system with the same user name and password?  You have no way of tracking who’s made what changes to the systems or who is even allowed to make changes to the systems.  Someone could install a virus across your environment and there would be no checking on who did it because everyone uses the same user name and password!

But with cloud it’s even worse than that.  Not only could they infect all of your systems, they could wipe them out with a few clicks of the mouse (hence the Virtual Wrecking Ball.)  You could log in to find hundreds of systems and years of work completely destroyed in about 3 minutes by one windows admin with a grudge.   But of course you wouldn’t know who did it because everyone uses the same user name and password!

Finally, even assuming your staff has the best intentions (and most of them do), you are also giving them unlimited access to add as many systems and as much storage as they like.  That’s liking me giving my 7th grade daughter unlimited text without a plan (like this Dad did.) You’re going to get a 500 page bill at the end of the month.  10 cents an hour sounds cheap, but it adds up fast.  That’s doubly true  when it’s not your credit card where you have to make the payments.  And of course unlike the mega-texting teen, you wouldn’t know who spent all the money  because everyone uses the same user name and password!

By the way, if that’s not risky enough for you, one major cloud provider doesn’t differentiate between web services user names and passwords and e-commerce user names and passwords.  On their cloud, the sys admin could even buy themselves a LED flat screen and an Xbox with your cloud password and you’d have no idea who bought it  because everyone uses the same user name and password!

Now there are third party applications out there that allow you to add multiple user names and passwords to your underlying cloud, but the security holes still exist.  Let’s be blunt; should people have to pay extra for basics like separate user names and passwords for each user?  Shouldn’t that be table stakes by now?

Let’s hope it happens soon, so we can start tackling the real enterprise issues around SSO, policy based management, and federated authority (I love jargon.)  Plus we can stop worrying about where we left the keys to the wrecking ball.

Posted: September 23rd, 2009 under Cloud, Web Services.
Comments: none

Often the two biggest concerns about using Cloud resources today is the lack of latency SLA’s and the difficulty of locking down sensitive data in cloud environments.  These issues of performance and security are often cited as the most common reasons users either don’t adopt the cloud, or if they do use cloud resources, the reason they only use them for test/dev environments.

Interesting enough, the base reason for the inability of cloud providers to SLA latency between different systems in the cloud and the difficulty in locking down data in the cloud  is the same.  It is what I call the flat network problem.  The flat network problem is the underlying structural defect of the first generation of cloud systems.  Essentially in order to make the cloud as flexible as possible, all of the systems within a cloud sit on the same network.

This is fine if you want to add lots of front end systems doing the same thing.  But in a traditional two tier architecture, putting your databases on the same network as your front end web traffic creates all sorts of headaches.  First of all, while you can secure the servers it’s generally best not to directly connect sensitive database servers to the internet.

Secondly, since all traffic between your web/application servers and your database servers must be routed over the front end network it is difficult if not impossible to guaranty latency between those systems.  Even if they sit in the same data center, the latency can often be microseconds instead of milliseconds.  That just won’t work for most traditional two tier architectures.

Now their have been many ingenious work arounds to the increased latency between cloud based systems.  That said, what would make the cloud much more accessible for enterprise is a way to create what I call Virtual Private Clouds within the public cloud.  Essentially it gives cloud users network level as well as systems level control on how their infrastructure is managed.  Cloud infrastructures would look much more like this:

By creating true layer two connections between systems within the public cloud we solve three issues.

1. Security - Any database servers can be disconnected from the public net.  This makes securing and locking down data much easier to do.
2. Performance - By creating a VLAN within the Virtual Private Cloud, users can ensure layer two access between systems that sit on that VLAN.  That alloows for millisecond access times between systems and performance that mimics traditional hosted architectures.
3. Network Based Management - This is the last benefit.  Right now to achieve functions like VPN’s, Clustering, and custom Access Control Firewalls, cloud users have to provision open source “servers” to do the trick.  Virtual Private Clouds allow these functions to be migrated back in to the networking gear where the performance is much higher and the management is much simpler.

While we are seeing some of the elements of virtual private clouds in the cloud offering out there (GoGrid does allow you to configure network based clustering) most of the solutions are not truly cloud based, flexible, API driven offerings.  Instead they are virtual farms you order where the networks can be configured.  For the cloud to truly take off with corporate users, we’ll need to see true cloud offerings with this type of network configurations.

Posted: June 22nd, 2009 under Cloud, Web Services.
Comments: none

A couple of posts ago, I spoke to the busting of the SaaS Silo with Web Services and the impact that was having on the SaaS industry.  The last post spoke specifically about using Web Services to add functionality to your app.  While adding cool new functionality to the app is big for the product guys and the marketing guys, the interest from the sales side seems to be driven by a whole separate set of concerns, chief among them… Integration.

According to recent research by both Saugatuck and Forrester, integration has surpassed security as the main concern for enterprise implementations of SaaS.  This is actually a great sign for SaaS vendors.  It means that SaaS is extending beyond the departmental sale and making true progress into the enterprise.  It also means that in order to get past this increasingly common sales objection, companies need to figure out how to use Web Services to integrate their SaaS application.

While enterprise adoption of SaaS has been quite good, it’s usually done at the departmental level initially.  That means good SaaS apps appeal to business users with specific problems.  As the adoption of those applications spreads from the department to the whole enterprise, IT gets involved.  And it’s logical to think IT wouldn’t want a separate employee record in its Taleo system than it has in its payroll system.  Solutions such as Boomi’s Atoms help IT shops avoid that problem.

Besides integrating with legacy applications, Web Services are beginning to help companies integrate multiple SaaS applications.  Up to now the most ubiquitous integration problem, user management, has either been ignored by companies using SaaS or has had to be cobbled together by in house teams.  I can tell you, we use everything from SalesForce to NetSuite to RightNow and we’ve had to put some pretty tricky things in to (imperfectly) manage users.  Now we are seeing ready built solutions from TriCipher and Symplified that are making this easier and easier for both the SaaS vendor and the enterprise.

Finally, the integration piece is allowing companies like Astadia to go beyond SalesForce customizations in to the world of really creating custom applications out of many different SaaS apps.   Astadia’s acquisition of Theikos indicates that pre-built custom applications are going to be a big part of their future.

So while integration may be listed as a concern on SaaS adoption in the enterprise, it’s really an opportunity.  An opportunity to expand your app by tying it in to other SaaS apps, to legacy apps, and to even see it as the basis for custom apps.  Next post, we’ll talk about using Web Services to not only to break down customer objections but to actually create new opportunities.

Posted: June 30th, 2008 under Cloud, SaaS - Software As A Service, Uncategorized, Web Services, Web applications.
Comments: 1

Probably the simplest thing SaaS apps can do to improve their business is to use web services to improve the functionality of their application. By integrating third party applications in “Corporate Mash-Ups” SaaS companies can have the best of both worlds; a robust feature set and a complete focus on their core product.

Companies like SalesForce and WebEx have all shown the value of doing things like offering on-line ordering and billing, tracking site usage, and adding strong reporting and user management features. The problem with all of these additional features take programming time away from the core value of the apps, sales force automation and collaboration. That’s fine if you have 100’s of million in funding and 8 years of development. What’s the new SaaS app to do?

Fortunately, we have a new world of apps available to add that functionality. No longer is it just Google Maps and Hoover information. There is a ton of new apps you can integrate via api’s or web services. Examples include:

• TriCipher - For strong identity management and integration with corporate directories.
• Sabrix - For tax calculations.
• PivotLink - For graphs and pivot tables.
• OpSource Billing - If I don’t get one corporate plug in, Richard, Kim, and Christina get mad.
• Business Objects - For Crystal Reports and others.
• Ribbit - For integrating Cell Phones in to your app. If that doesn’t make sense, go to their site. It’s extremely cool.

This list could be ten times as long and it’s growing daily. Needless to say, a lot of the “extraneous” work of creating the app can now be integrated instead of programmed, allowing your precious coders to focus on the core value you are selling to your customers. This not only keeps the R&D costs down, it allows for more robust apps to hit the market sooner.

Up next, Silo Busting 3 - web services for enterprise integration.

Posted: May 30th, 2008 under SaaS - Software As A Service, Web Services, Web applications.
Comments: 2

It’s time to grow up….and learn to play nice with others.

SaaS adoption in the enterprise has definitely increased. But with that organizations are increasingly asking SaaS applications to start working with both other SaaS applications and the company’s legacy applications as well. According to recent studies by both Saugatuck and Forrester suggest that integration has surpassed security and compliance as Enterprise IT’s chief concern with implementing (or growing) SaaS applications.

This is an extremely encouraging sign. It shows the acceptance of SaaS as a legitimate enterprise software solution by the majority of Enterprise IT shops. Up to now, SaaS has been primarily a departmental sale. HR departments buy Taleo for human capital management, Marketing buys Marketo for marketing analysis, and call centers buy SupportSoft to manage their ticketing. As you know from past posts, selling immediately recognizable value at the departmental level is key to a strong success story in SaaS andwe can see how that has happened.

But now these apps are growing up and reaching across the organization (growing your app is another key SaaS sales strategy.) When that happens, IT is willing to accept the app’s growth, but needs it to do more now. Enterprise IT doesn’t want a separate employee record in Taleo from their payroll system. The want to be able to correlate all this marketing data back to their sales productivity, and they want to use the same master customer record for their ERP system as for their ticketing system. And they don’t want to have different log-ins for each employee, they want a single sign-on solution for all of their SaaS as well as on-premise apps (ala TriCipher.)

So SaaS applications have to stop being Silo’s that work just inside themselves. They need to start using web services to integrate with other SaaS apps and with legacy applications. By doing so, they’ll open up three great new areas for growth

1. Increased Functionality by working with other Apps
2. Enterprise Growth by integrating with existing Apps
3. The Opening of New Sales Channels

Their is so much to talk about in each of those three areas, they will get their own posts in the coming weeks.

In the meantime, think about adding web services, playing nice with others and growing up. It’s a great time to be an adult.

Posted: May 22nd, 2008 under SaaS - Software As A Service, Uncategorized, Web Services, Web applications.
Comments: 2