Author: Imran Chaudhry Date: To: hampshire Subject: Re: [Hampshire] Due Diligence of Service Providers
> Hello all, >
> I think I'm getting old, since I read this thread with a growing sense of
> horror. If you outsource the total gamut of your IT infrastructure in a
> SaaS sense (fancy name for cloud-space), are you really saving in the long
> run?
Hi Jan,
As with anything, there are caveats and SaaS isn't appropriate for all
scenario's - but for a business of a certain type and size then I
think it makes a whole load of sense.
>> We're moving more towards SaaS for many things so this idea is out.
>
> Sorry to say this (I feel very old fashioned at the moment), but be very
> very careful. Having all your applications and data off-site is a security
> risk of almost incalculable proportions. The possibility of somebody
> cracking your encryption is the smallest risk, the biggest is not having
> access to your corporate data for whatever reason. I am very glad that I'm
> not the I.T. manager who has to work on this particular project. I was
> taught by my (quite conservative) parents that the further you are from
> your property, the closer you are to your calamity! :-)
Not all applications and data by any means - but quite a bit. We have
quite a few on-premises systems. I would advocate anyone trusting
business data to SaaS to have redundancy in ADSL providers and make
sure they have top-notch support and security credentials.
>
> Yes, off-site storage is cool, and if you use it in the right way, it's a
> great way to safeguard your data. But Saas? How are you going to access
> your data if all you have is a single candle burning in the middle of the
> room? I hope you have multiple contingency plans ready. I have to admit
> that I did not have time keeping up with the technical niceties of the
> specific SaaS offerings out there, but I cannot help but viewing it with
> intense distrust.
There is so much innovation going on in the SaaS field that it's hard
to keep up. We used to run co-located hardware running Linux servers
back in the day and now we don't think twice about trusting dedicated
hosted providers - I think SaaS is a natural extension but for
applications - Gmail being the most well known example. However there
is still a lot of complexity in administering them from a user point
of view and because you can't get at logfiles under the hood you have
to ensure the support from the SaaS provider is A+.
Personally, I'm excited by "Platform as a Service" PaaS such as Google
App Engine and "Infrastructure as a Service" IaaS - an example would
be the Amazon Web Services for scaling out MySQL. That is not to say
that good old fashioned sysadmin knowledge is unnecessary as one does
have to think about backup and security but a lot of the fiddly
scaling problems with availability and scaling have been thought out.
