"The user's going to pick dancing pigs over security every time" - Bruce Schneier"
In this post I am publishing an article by a guest contributor - Rashed Khan (rash799@hotmail.com) who points out interesting study results...
Software as a service (SaaS) for application delivery is a hot topic when it comes to questions of security. Adding SaaS components in any form is something that seems to generate acute anxiety in anyone who takes the time to consider it. Fears about the loss of privacy and other related security issues top the list of current concerns.
On the other hand, those who are already using SaaS solutions or have added elements of SaaS to their systems are considerably more confident about security issues than non-users. When it comes right down to it, SaaS appears to be something that one must experience in order to trust.
Forrester Research has recently completed a study that supports this premise. In companies where SaaS was already in use, having replaced a complete solution, concerns over security are noticeably lessened. This is also true in companies where the decision to replace a complete solution with SaaS had already been made and was about to be implemented.
By contrast, companies that were only contemplating or planning to augment their solutions with SaaS, or in companies that were using just a few SaaS components, anxieties over safety were still running high.
Miroslaw Lisserman, analyst at Forrester Research, believes this to be a strong validation of the future of SaaS technology. Lisserman had this to say about the findings: “To me, this means the following: SaaS solutions are more secure than perceived by many, since once SaaS applications are deployed and used, the security concerns decrease.” Apparently, SaaS technology performs so well that it has to be experienced to be believed.
Analyst Krishnan Subramanian, an independent researcher, feels that the security concerns related to the SaaS technology itself have been overworked. He said that the real issue related to this application has more to do with people. Regarding these concerns, Subramanian had this to say: “It is the responsibility of the SaaS vendors to educate users about their people-centric security practices. It is the responsibility of the SaaS users to get to know these details from the vendors.”
Moving away from concerns about the security of SaaS technology and turning attention instead to security concerns related to the technology's providers and users is a measure of the maturing of this technology. It's a sign that SaaS is ultimately coming into its own.
The growth of the sector itself testifies to this belief. There has been rapid expansion of SaaS solutions with Enterprise Resource Planning (ERP) software functions. Additionally, there is growing use of the ERP system by both small and mid-sized manufacturers. The manufacturing software is also used more frequently by industry distributors and in job shops.
Small companies who are part of large supply chains, along with the supply chain members they deal with, are all discovering significant benefits and greater functionality in SaaS-based ERP when employed as a comprehensive manufacturing software solution. Home-grown and standalone applications fall short by comparison, making SaaS both the wave of the future and an increasingly intelligent choice.
Software-as-Service as a disruptive trend and how it affects the traditional, ISVs and IT moving to the Cloud. Considerations in the transition to the new model and expertise on SaaS Service Operations - STORM™ and DevOps
Monday, December 12, 2011
Thursday, December 01, 2011
The Black Swan Event in SaaS Operations
"I find that the harder I work the more luck I seem to have." - Thomas Jefferson
Nassim Taleb’s eye-opening books 'Black Swan' and (to a lesser extent) 'Fooled by Randomness' discuss the rare, unexpected and almost impossible to predict events that have a major impact (and usually tend to be disastrous). He calls these events Black Swan events, and gives samples such as World War I, stock market crashes, the PC, the Internet, and 9/11.
Interestingly enough, all the Black Swan events are easily rationalized after the event, by hindsight.
The Black Swan analogy is borrowed from the notion that while one can induce a hypothesis from observational data - e.g. all swans are white - one cannot prove that hypothesis, since after observing numerous white swans, it takes only a single black swan to refute it. Karl Popper, the science philosopher, made that notion popular in his discussion of the Scientific Method (The Logic of Scientific Discovery).
SaaS and the Black Swan
Have you ever lost your database only to find out that the backup files were deleted the previous day? Have you ever hit a major problem with a component in the system, only to find out that the support contract expired last month?
My own experience and the experience of the numerous companies I have worked with, have taught me that the next Black Swan is just around the corner, lurking in the dark and will hit you when you least expect it to. Heck, that’s the nature of a Black Swan.
The systems we deal with are so complex and interdependent that one could never analyze (let alone predict) the interconnections that govern the behavior of the services we offer. Luckily, statistics are on our side, so that most SaaS applications are stable most of the time and on average, we can predict the behavior over time. But that is just what creates a Black Swan – we observe a certain behavior for so long, that we tend to accept it as a scientific fact; until it bites us in the behind.
Running a complex SaaS operation with dozens (or hundreds) of servers, network boxes, configuration files, erratic software and all the dependencies we have on our infrastructure providers (power, internet, hardware, communications) is like driving a high speed car on a congested highway, blindfolded. We have no appreciation of how much Lady Luck is involved.
Keep in mind that the longer good things happen, the harder is the effect of the Black Swan event - remember the dot.com and the real-estate bubbles; most of us are still licking the wounds.
The Butterfly Effect
All it takes is an overflowing log file, that incapacitates the disk, that will bring the system down. Or a minor, forgotten gadget installed on one of the servers whose license has expired. A pipeline of requests starts filling up and there goes the system.
How about setting up an image of a new VM, whose IP and the DNS IP were reversed by mistake. Put it in production and slowly the wrong DNS IP starts propagating in the system. After a while the servers are not communicating with each other and the system freezes.
These tend to be catastrophic events, since they are so hard to detect and resolve. Many times, restarting the whole system is the chosen quick solution, praying that the problem will resolve itself. But in these cases, the system will behave just as badly, and by the time one realizes what is happening, major damage to the customers and your brand has been done.
Words of Wisdom
Do not despair. I am not suggesting that since a Black Swan event is unpredictable, there’s nothing you can do about it. The opposite is true.
The first step is to internalize the fact that it will occur, as the famous quote goes “s**t happens”.
“Prepare for Failure” is my motto. Take into account that at any given moment something might break.
A number of practices should be implemented early on:
Change Management: To ensure that the events are indeed rare and that one may recover quickly with the knowledge of what went wrong.
Event Management: To be able to detect early on, what is hitting the fan, and respond to it.
Availability Management: Analyze your Single Points of Failure and impact of component failure. Build your backups, your DRP and practice recovery.
Incident Management: Make sure you cover these practices: Detection, Recording, Classification, Notification, Escalation, Investigation, Diagnosis, Restoration and Closure.
The Wise and the Smart ones
I was approached by a few (emphasis on few) CEOs and COOs that felt uncomfortable about the fact everything was going smoothly. Some were on the verge of fast growth and wanted to assure themselves that they were better prepared to hit the highway. Others had a feeling in their bones that “too good for too long” was a recipe for disaster, even if they did not read Nasssim Taleb’s book.
But many potential customers I spoke with assured me that they really do not need my services since they are doing very well, thank you. Some are still doing very well and others had a large hat to eat and many letters of regret to write their customers.
Nassim Taleb’s eye-opening books 'Black Swan' and (to a lesser extent) 'Fooled by Randomness' discuss the rare, unexpected and almost impossible to predict events that have a major impact (and usually tend to be disastrous). He calls these events Black Swan events, and gives samples such as World War I, stock market crashes, the PC, the Internet, and 9/11.
Interestingly enough, all the Black Swan events are easily rationalized after the event, by hindsight.
The Black Swan analogy is borrowed from the notion that while one can induce a hypothesis from observational data - e.g. all swans are white - one cannot prove that hypothesis, since after observing numerous white swans, it takes only a single black swan to refute it. Karl Popper, the science philosopher, made that notion popular in his discussion of the Scientific Method (The Logic of Scientific Discovery).
SaaS and the Black Swan
Have you ever lost your database only to find out that the backup files were deleted the previous day? Have you ever hit a major problem with a component in the system, only to find out that the support contract expired last month?
My own experience and the experience of the numerous companies I have worked with, have taught me that the next Black Swan is just around the corner, lurking in the dark and will hit you when you least expect it to. Heck, that’s the nature of a Black Swan.
The systems we deal with are so complex and interdependent that one could never analyze (let alone predict) the interconnections that govern the behavior of the services we offer. Luckily, statistics are on our side, so that most SaaS applications are stable most of the time and on average, we can predict the behavior over time. But that is just what creates a Black Swan – we observe a certain behavior for so long, that we tend to accept it as a scientific fact; until it bites us in the behind.
Running a complex SaaS operation with dozens (or hundreds) of servers, network boxes, configuration files, erratic software and all the dependencies we have on our infrastructure providers (power, internet, hardware, communications) is like driving a high speed car on a congested highway, blindfolded. We have no appreciation of how much Lady Luck is involved.
Keep in mind that the longer good things happen, the harder is the effect of the Black Swan event - remember the dot.com and the real-estate bubbles; most of us are still licking the wounds.
The Butterfly Effect
All it takes is an overflowing log file, that incapacitates the disk, that will bring the system down. Or a minor, forgotten gadget installed on one of the servers whose license has expired. A pipeline of requests starts filling up and there goes the system.
How about setting up an image of a new VM, whose IP and the DNS IP were reversed by mistake. Put it in production and slowly the wrong DNS IP starts propagating in the system. After a while the servers are not communicating with each other and the system freezes.
These tend to be catastrophic events, since they are so hard to detect and resolve. Many times, restarting the whole system is the chosen quick solution, praying that the problem will resolve itself. But in these cases, the system will behave just as badly, and by the time one realizes what is happening, major damage to the customers and your brand has been done.
Words of Wisdom
Do not despair. I am not suggesting that since a Black Swan event is unpredictable, there’s nothing you can do about it. The opposite is true.
The first step is to internalize the fact that it will occur, as the famous quote goes “s**t happens”.
“Prepare for Failure” is my motto. Take into account that at any given moment something might break.
A number of practices should be implemented early on:
Change Management: To ensure that the events are indeed rare and that one may recover quickly with the knowledge of what went wrong.
Event Management: To be able to detect early on, what is hitting the fan, and respond to it.
Availability Management: Analyze your Single Points of Failure and impact of component failure. Build your backups, your DRP and practice recovery.
Incident Management: Make sure you cover these practices: Detection, Recording, Classification, Notification, Escalation, Investigation, Diagnosis, Restoration and Closure.
The Wise and the Smart ones
I was approached by a few (emphasis on few) CEOs and COOs that felt uncomfortable about the fact everything was going smoothly. Some were on the verge of fast growth and wanted to assure themselves that they were better prepared to hit the highway. Others had a feeling in their bones that “too good for too long” was a recipe for disaster, even if they did not read Nasssim Taleb’s book.
But many potential customers I spoke with assured me that they really do not need my services since they are doing very well, thank you. Some are still doing very well and others had a large hat to eat and many letters of regret to write their customers.
Monday, October 03, 2011
CAC, LTV, MRR - Translating SaaS Financials into Actions
“If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.” - John Louis von Neumann
I’m sure that most of you have seen the various metrics floating around with CMRR, CLTV, Churn Rate and ASC starring in equations that sometimes cause one to cringe while sipping the day’s first coffee.
Let’s look at one of the basic formulas for SaaS Financials:
CAC < CLTV
This simply says that if you want to become profitable one day, you must make sure that your Customer Acquisition Costs should be less than your Customer Lifetime Value. In other words, the total amount of revenue you will generate from a customer, throughout the years or months that they derive value from your SaaS offering, should be more than the cash you spend on acquiring that customer.
Simple? It almost doesn’t pass the DUH Test. But in this article we'll look more carefully at the implications.
Acquisition vs. Retention
There is a notion in the industry that the costs to acquire a new customer are 5 to 7 times more expensive than the costs to retain an existing customer. Whether one agrees with the numbers or not, it is widely accepted that acquisition is more expensive than retention, yet most SaaS companies will spend far more resources and executive attention on growth through new customers than keeping the current customers satisfied, or in other words, reducing the Churn and up-selling to the current base. In fact, in every company I have consulted, the issues of Churn Management and Operational Excellence were far down on the priority list.
I guess hunting is far more exciting than farming.
Therefore, we will examine on how to grow the right hand side of the equation - the CLTV, not on how to lower the left side - the CAC.
Breaking down the CLTV
CLTV = Lifetime * ARPU * Gross Margin.
I hope I am not losing you here. Take another sip from your Latte. It is not complicated – sixth grade math. Stick with me, the actionable items will follow shortly.
ARPU means the ‘Average Revenue Per User’ for the time period defined as Lifetime. So if you count by months, Lifetime would be the number of months the customer remains loyal, and the ARPU would be the average that the customer would pay per month. If your value is calculated by years (lucky bastard!) then Lifetime would be how many years you retain the customer and the ARPU is average revenue per year from the customer.
Gross Margin is the ratio of total Revenue to the Costs Of Goods Sold (COGS) – how much does it cost you to give service to your customer.
For the Gross Margin to grow, the COGS should shrink, or at least stay stable as your revenue grows. So the lower the COGS are, the more you retain for your Christmas party.
As a simple example, let’s assume that your average customer sticks around for 19 months, that the average monthly payment from a customer is $430 and that your gross margins are 72%, then the CLTV = 19 * $430 * 0.72 = $5882.4.
Just imagine that with a little effort you could cause the Lifetime to grow to 21, or the ARPU to $460 and multiply the new CLTV by the number of customers...
What can we do about it?
Without going into details of how the various numbers are calculated we can still learn much about these equations and derive actions from them.
The bottom line is that you want to have the highest CLTV value possible. Looking at the equation, it means that your Lifetime, Gross Margin and ARPU values should grow.
Needless to say that for each of these three values, books could be written. Nevertheless, the paragraphs below cover the main points and map the actions one can take, and their direct impact on the equation’s variables.
Lifetime
In order for this value to grow, a SaaS provider should invest managerial attention into customer retention, or lower Churn. That means improving your customer service and responsiveness. Meassure and monitor the support KPIs. Run a weekly Customer Success meeting with Support, Operations, Sales and PS. Build a community and best practices around your product to enhance loyalty.
Be as transparent with your service levels as you can. Award loyalty with small gifts. Document your Churn data and analyze it – understand the reasons customers leave you and determine the trends.
Provide meaningful SLAs and act on them.
Average Revenue Per User
Translate ARPU into: “up-selling you service”. This means a strong group of farmers in your sales team. Use software to monitor user behavior. Think of value-added services that you could sell for a fraction of the recurring cost. Identify and keep in touch with your champion inside the customer’s organization and seek opportunities to sell more services or branch out to new groups within the organization.
Gross Margin
Lowering COGS means an effective and efficient Service Operations. This starts with a good team of dedicated professionals, a rigorous set of practices such as Change Mgmt, Incident Mgmt, Event Mgmt, etc. and a robust monitoring and alerts infrastructure.
Automation and Delegation - maximize what silicon and your customers can do instead of having people on your end doing it. That means create as much automation as possible around manual processes. Provide self-help, self-registration and self-configuration for your customers to run.
Understand the financials of the hosting services you are using. Don’t stick to the current solution just because you have been doing it for a long time. Circumstances would have changed, new solutions are offered every month, and a fresh look might save a lot of recurring costs.
In conclusion, we looked at one of the equations that every venture capitalist (i.e. your board members) tells you to watch, and transformed it into actionable items that your company should deal with. To pass that threshold of profitability, it probably won’t happen with that “major deal we’re about to sign”, but with improvements across the board in every aspect that tilts the right side of the equation.
For some good readings on SaaS Financials there are Bessemer’s 5 Cs, and Joel York’s excellent articles on the financials of SaaS.
I’m sure that most of you have seen the various metrics floating around with CMRR, CLTV, Churn Rate and ASC starring in equations that sometimes cause one to cringe while sipping the day’s first coffee.
Let’s look at one of the basic formulas for SaaS Financials:
CAC < CLTV
This simply says that if you want to become profitable one day, you must make sure that your Customer Acquisition Costs should be less than your Customer Lifetime Value. In other words, the total amount of revenue you will generate from a customer, throughout the years or months that they derive value from your SaaS offering, should be more than the cash you spend on acquiring that customer.
Simple? It almost doesn’t pass the DUH Test. But in this article we'll look more carefully at the implications.
Acquisition vs. Retention
There is a notion in the industry that the costs to acquire a new customer are 5 to 7 times more expensive than the costs to retain an existing customer. Whether one agrees with the numbers or not, it is widely accepted that acquisition is more expensive than retention, yet most SaaS companies will spend far more resources and executive attention on growth through new customers than keeping the current customers satisfied, or in other words, reducing the Churn and up-selling to the current base. In fact, in every company I have consulted, the issues of Churn Management and Operational Excellence were far down on the priority list.
I guess hunting is far more exciting than farming.
Therefore, we will examine on how to grow the right hand side of the equation - the CLTV, not on how to lower the left side - the CAC.
Breaking down the CLTV
CLTV = Lifetime * ARPU * Gross Margin.
I hope I am not losing you here. Take another sip from your Latte. It is not complicated – sixth grade math. Stick with me, the actionable items will follow shortly.
ARPU means the ‘Average Revenue Per User’ for the time period defined as Lifetime. So if you count by months, Lifetime would be the number of months the customer remains loyal, and the ARPU would be the average that the customer would pay per month. If your value is calculated by years (lucky bastard!) then Lifetime would be how many years you retain the customer and the ARPU is average revenue per year from the customer.
Gross Margin is the ratio of total Revenue to the Costs Of Goods Sold (COGS) – how much does it cost you to give service to your customer.
For the Gross Margin to grow, the COGS should shrink, or at least stay stable as your revenue grows. So the lower the COGS are, the more you retain for your Christmas party.
As a simple example, let’s assume that your average customer sticks around for 19 months, that the average monthly payment from a customer is $430 and that your gross margins are 72%, then the CLTV = 19 * $430 * 0.72 = $5882.4.
Just imagine that with a little effort you could cause the Lifetime to grow to 21, or the ARPU to $460 and multiply the new CLTV by the number of customers...
What can we do about it?
Without going into details of how the various numbers are calculated we can still learn much about these equations and derive actions from them.
The bottom line is that you want to have the highest CLTV value possible. Looking at the equation, it means that your Lifetime, Gross Margin and ARPU values should grow.
Needless to say that for each of these three values, books could be written. Nevertheless, the paragraphs below cover the main points and map the actions one can take, and their direct impact on the equation’s variables.
Lifetime
In order for this value to grow, a SaaS provider should invest managerial attention into customer retention, or lower Churn. That means improving your customer service and responsiveness. Meassure and monitor the support KPIs. Run a weekly Customer Success meeting with Support, Operations, Sales and PS. Build a community and best practices around your product to enhance loyalty.
Be as transparent with your service levels as you can. Award loyalty with small gifts. Document your Churn data and analyze it – understand the reasons customers leave you and determine the trends.
Provide meaningful SLAs and act on them.
Average Revenue Per User
Translate ARPU into: “up-selling you service”. This means a strong group of farmers in your sales team. Use software to monitor user behavior. Think of value-added services that you could sell for a fraction of the recurring cost. Identify and keep in touch with your champion inside the customer’s organization and seek opportunities to sell more services or branch out to new groups within the organization.
Gross Margin
Lowering COGS means an effective and efficient Service Operations. This starts with a good team of dedicated professionals, a rigorous set of practices such as Change Mgmt, Incident Mgmt, Event Mgmt, etc. and a robust monitoring and alerts infrastructure.
Automation and Delegation - maximize what silicon and your customers can do instead of having people on your end doing it. That means create as much automation as possible around manual processes. Provide self-help, self-registration and self-configuration for your customers to run.
Understand the financials of the hosting services you are using. Don’t stick to the current solution just because you have been doing it for a long time. Circumstances would have changed, new solutions are offered every month, and a fresh look might save a lot of recurring costs.
In conclusion, we looked at one of the equations that every venture capitalist (i.e. your board members) tells you to watch, and transformed it into actionable items that your company should deal with. To pass that threshold of profitability, it probably won’t happen with that “major deal we’re about to sign”, but with improvements across the board in every aspect that tilts the right side of the equation.
For some good readings on SaaS Financials there are Bessemer’s 5 Cs, and Joel York’s excellent articles on the financials of SaaS.
Sunday, August 21, 2011
SaaS and SLA - State of the Art
"You can get assent to almost any proposition so long as you are not going to do anything about it." (Chapman, John Jay)
Lately, I have been approached by a number of frustrated CIOs, asking me about what can be expected from a typical SLA in the industry and which provider offers an SLA with some beef.
A Typical SLA
Let’s see what a basic SaaS SLA should look like:
• Service Availability
• System Response Time
• Customer Service Response Time
• Customer Service Availability
• Service Outage Resolution Time
• Failover Window For Disaster Recovery
• Reclaiming Customer Data
• Maintenance Notification
• Proactive Service Outage Notification
• RFO (Reason for Outage)
Nice. Now let’s see what a typical SLA in the SaaS industry looks like:
• Service Availability
Is that it? Yeah, that’s about it. (Sometimes you may find Customer Support response time as well, the Lord be praised). The standard SLA in the industry only discusses ‘uptime’ and even that is usually very iffy, with mostly zero or negligible penalties.
Recently I have been meeting with CXOs of successful SaaS companies and asking them what their SLAs offer. Not surprisingly, their answers were reflective of the typical SLA above. Some did not even offer an SLA and one said, half jokingly, that they (the customers) should say ‘thank you’ for even having the service available. When asked about the future of SLA in the industry, the collective answer was that nothing will probably change, customers will not demand better SLOs (Service Level Objectives) and that the whole issue was quite irrelevant. One CEO suggested that the only concern of the CIO is ease of integration.
Is that so? Or are these guys burying their heads in the sand? When I asked about how many dealt with CIOs (as compared to business units), only one said that he did, and that it was an unpleasant experience.
How would you explain this discrepancy between what CIOs want and what SaaS CXOs would offer? And why is the state of SLAs in the industry is so pitiful?
A Quick Historical Review
I think the answers lie in the history of SaaS and how it penetrated the market. Around 12 years ago we started seeing the first SaaS applications (although no one came up with the name until a few years later). SaaS mostly targeted the SMBs who had no access to the enterprise software that was available to the larger companies. Either from a cost, or complexity or support point of view, the on-premise applications were out of reach for the smaller companies. When they started becoming available over the Web, the SMB were so delighted to even have a solution they were not going to bitch about the service levels being offered in the contracts. They were just happy that the apps were available. So, SaaS companies offered a 99% uptime which seemed pretty good (except that it translated into four days of downtime!). Nobody could talk about performance, as the dependency on the customers’ own network and on their ISPs allowed the providers an easy escape from accountability.
The Corporate Business Unit
Even though SaaS initially targeted the SMB, the big breakthrough came from the business units that found freedom in circumventing IT and getting their needs answered quickly (and in the process, flipping a bird to IT). The heads of the business units were mostly concerned with features and did not care much about SLAs. Even if they did, they did not have the experience and knowledge, that IT has accumulated over the years, on what to demand, how to verify that their service levels are met, etc.
The New IT Manager
More than ten years have passed with SaaS slowly establishing itself as mainstream, and conquering more and more territories. Old habits die hard and the sad state of SLAs remained where it had been a decade ago. Now, SaaS is finally entering the enterprise through the front door. There is a new generation of CIOs that are not threatened by SaaS and understand the freedom it offers them. They want to get back into the driver’s seat, clean up the mess that a decentralized SaaS policy created and control what is entering their domain.
As for the CIOs with the old-timer’s attitude, the Cloud hype has forced them to pay attention. When the CEOs caught on (hey, we can save a lot of money here) the pressure was on the CIOs to start acquiring Cloud Applications – SaaS. And, like it or not, there are numerous integration issues that demand that IT be in the picture.
Slowly, we are seeing a shift in the market. More and more CIOs and IT managers are in the picture. And when they see the lack of real certification or the famished SLAs offered by the vendors, they are probably baffled, at best, if not furious.
I believe that gradually, as more CIOs enter the picture, the SaaS providers will have to prove themselves as more mature, attentive and accountable vendors. I think that the IT customers will step-up the pressure and changes will occur. SaaS providers will succumb to provide a serious document with real numbers and repercussions.
Lately, I have been approached by a number of frustrated CIOs, asking me about what can be expected from a typical SLA in the industry and which provider offers an SLA with some beef.
A Typical SLA
Let’s see what a basic SaaS SLA should look like:
• Service Availability
• System Response Time
• Customer Service Response Time
• Customer Service Availability
• Service Outage Resolution Time
• Failover Window For Disaster Recovery
• Reclaiming Customer Data
• Maintenance Notification
• Proactive Service Outage Notification
• RFO (Reason for Outage)
Nice. Now let’s see what a typical SLA in the SaaS industry looks like:
• Service Availability
Is that it? Yeah, that’s about it. (Sometimes you may find Customer Support response time as well, the Lord be praised). The standard SLA in the industry only discusses ‘uptime’ and even that is usually very iffy, with mostly zero or negligible penalties.
Recently I have been meeting with CXOs of successful SaaS companies and asking them what their SLAs offer. Not surprisingly, their answers were reflective of the typical SLA above. Some did not even offer an SLA and one said, half jokingly, that they (the customers) should say ‘thank you’ for even having the service available. When asked about the future of SLA in the industry, the collective answer was that nothing will probably change, customers will not demand better SLOs (Service Level Objectives) and that the whole issue was quite irrelevant. One CEO suggested that the only concern of the CIO is ease of integration.
Is that so? Or are these guys burying their heads in the sand? When I asked about how many dealt with CIOs (as compared to business units), only one said that he did, and that it was an unpleasant experience.
How would you explain this discrepancy between what CIOs want and what SaaS CXOs would offer? And why is the state of SLAs in the industry is so pitiful?
A Quick Historical Review
I think the answers lie in the history of SaaS and how it penetrated the market. Around 12 years ago we started seeing the first SaaS applications (although no one came up with the name until a few years later). SaaS mostly targeted the SMBs who had no access to the enterprise software that was available to the larger companies. Either from a cost, or complexity or support point of view, the on-premise applications were out of reach for the smaller companies. When they started becoming available over the Web, the SMB were so delighted to even have a solution they were not going to bitch about the service levels being offered in the contracts. They were just happy that the apps were available. So, SaaS companies offered a 99% uptime which seemed pretty good (except that it translated into four days of downtime!). Nobody could talk about performance, as the dependency on the customers’ own network and on their ISPs allowed the providers an easy escape from accountability.
The Corporate Business Unit
Even though SaaS initially targeted the SMB, the big breakthrough came from the business units that found freedom in circumventing IT and getting their needs answered quickly (and in the process, flipping a bird to IT). The heads of the business units were mostly concerned with features and did not care much about SLAs. Even if they did, they did not have the experience and knowledge, that IT has accumulated over the years, on what to demand, how to verify that their service levels are met, etc.
The New IT Manager
More than ten years have passed with SaaS slowly establishing itself as mainstream, and conquering more and more territories. Old habits die hard and the sad state of SLAs remained where it had been a decade ago. Now, SaaS is finally entering the enterprise through the front door. There is a new generation of CIOs that are not threatened by SaaS and understand the freedom it offers them. They want to get back into the driver’s seat, clean up the mess that a decentralized SaaS policy created and control what is entering their domain.
As for the CIOs with the old-timer’s attitude, the Cloud hype has forced them to pay attention. When the CEOs caught on (hey, we can save a lot of money here) the pressure was on the CIOs to start acquiring Cloud Applications – SaaS. And, like it or not, there are numerous integration issues that demand that IT be in the picture.
Slowly, we are seeing a shift in the market. More and more CIOs and IT managers are in the picture. And when they see the lack of real certification or the famished SLAs offered by the vendors, they are probably baffled, at best, if not furious.
I believe that gradually, as more CIOs enter the picture, the SaaS providers will have to prove themselves as more mature, attentive and accountable vendors. I think that the IT customers will step-up the pressure and changes will occur. SaaS providers will succumb to provide a serious document with real numbers and repercussions.
In short, the differentiator is no longer the fact that a vendor offers SaaS, nor the feature set, nor the pricing. To distinguish oneself, a SaaS vendor will have to excel in every aspect of the service and provide the assurances for the service levels that CIOs are expecting.
Monday, July 04, 2011
The CIO's Dilemma – Adopting SaaS as a Strategy
“Luke, you're going to find that many of the truths we cling to depend greatly on our own point of view” (Obi-Wan, Star Wars, episode VI)
'IT-Avoidance' Mechanism
SaaS adoption has become an outstanding success, not in the only SMB which it targeted originally, but at the business-unit level in the larger corporations. SaaS became the ultimate IT-avoidance mechanism for the business department heads that were tired of waiting for many months (or years) for their IT needs, weary of investing huge budgets just to find out that the software did not deliver what was expected, or was outdated by the time it was implemented. With SaaS, they could start a free trial immediately and gain value of the solution with minutes, hours or days. IT managers sometimes found out that their internal customers were using SaaS software many months after it was a done deal.
It’s All About Control
This paradigm shift from transitional on-premise to SaaS (which is somewhat reminiscent of the PC revolution that empowered the end users and removed some of the dependency they had on IT), was not looked upon favorably by IT managers.
I believe that the main reason for IT's resentment towards SaaS, is the loss of control partly based on real problems caused by IT-Avoidance and partly is based on an emotional response to the notion of various business units not “needing” IT as much as before.
My premise is that CIO’s must adopt SaaS – it delivers the goods and it is happening anyway – but for the adoption to be successful, they must regain control of the situation.
Security
IT usually brings up the ‘security’ excuse to kill SaaS deals, but I believe that many times the ‘security’ they are talking about is their 'job security', afraid to let go of assets that everyone is dependent on.
So let’s examine the real security issue. As I have mentioned in numerous talks and presentations, Cloud companies, as a rule, will do a much better job at data security and privacy than a hospital or a car manufacturer (or a bank, credit card company or NASA judging by the publications on the subject).
Still, there is a major issue regarding SaaS accounts when they are not controlled by IT. Any business manager can swipe a credit card, and order 40 seats for her staff to start using an HR app. The manager knows nothing of security, nor does she bother much with it - the point is to get productivity up. The users are provisioned, not by IT, but by the business unit. When an employee leaves the company to work for the competition, IT is supposed to disconnect that employee from all the assets in the company. But how can they de-provision the employee if they have no access (or knowledge) of the various SaaS applications that person was using? Who can guarantee that this employee will not access company data from home or from the new employer’s premises?...
Lack of Visibility
Not only does the IT manager have incomplete knowledge of who is using what, even if they know that an employee has a SaaS account, there is no way to know if that user is accessing the software, how it is being used and what, if any problems are there. There is no visibility into performance issues. IT also has no knowledge of what part of the organizations’ data is stored where. And could it be that some of the same data is residing at different SaaS providers, and could it be that information at one provider is inconsistent with some information at another provider?
Vendor Selection
One of the areas of expertise of IT is the ability to select software solutions and evaluate the vendors. The business units do not have that ability, and frankly, they don’t give a damn. They want quick solutions within their monthly budgets and all other topics regarding security, integration, service continuity, financial viability, and SLAs are stuff that IT traditionally dealt with (and hence took forever to make a decision). So, IT is not involved in the solution/vendor selection process exposing the enterpise to bad choices and their consequences.
Lack of Efficiency
It is not uncommon in large, distributed companies, that different departments are consuming the service from the same SaaS vendor (or different departments are using similar solutions from different vendors) with multiple contracts in place, and perhaps different integration schemes. Of course this reduces the chances for bulk discounts and is inefficient in all aspects of organizational learning and business intelligence.
Another aspect of control is the lack of ability to access, backup and analyze the company’s data or to impose regulatory constraints on the user.
Lack of Strategic Planning
The fact that each department is an independent SaaS consumer and that IT is not driving and controlling the company’s solution is a great impediment to multiyear strategic planning. The individual business units do not have a high-level view of the company’s needs and strategy.
The lack of strategic planning reduces the company’s ability to ensure security and to employ cross company data analysis (the data is distributed across multiple vendors) and may cause compliance and regulatory issues in the future.
What to do, what to do?
A following article will outline strategies to employ in order to get hold the SaaS situation. But it will suffice to say that IT needs to restore control and bring itself to the forefront. This means that, first and foremost, the CIO has to embrace SaaS and not fear it. Start by defining the strategic goals of Cloud computing in the organization. Understand who is consuming what in the organization. Review your upcoming upgrades and begin a process of considering SaaS to replace your on-premise solutions.
SaaS is not a threat but a wonderful opportunity for the enterprise and the IT organization. Don’t play a defensive game; rather, become a leader in this area for your company.
'IT-Avoidance' Mechanism
SaaS adoption has become an outstanding success, not in the only SMB which it targeted originally, but at the business-unit level in the larger corporations. SaaS became the ultimate IT-avoidance mechanism for the business department heads that were tired of waiting for many months (or years) for their IT needs, weary of investing huge budgets just to find out that the software did not deliver what was expected, or was outdated by the time it was implemented. With SaaS, they could start a free trial immediately and gain value of the solution with minutes, hours or days. IT managers sometimes found out that their internal customers were using SaaS software many months after it was a done deal.
It’s All About Control
This paradigm shift from transitional on-premise to SaaS (which is somewhat reminiscent of the PC revolution that empowered the end users and removed some of the dependency they had on IT), was not looked upon favorably by IT managers.
I believe that the main reason for IT's resentment towards SaaS, is the loss of control partly based on real problems caused by IT-Avoidance and partly is based on an emotional response to the notion of various business units not “needing” IT as much as before.
My premise is that CIO’s must adopt SaaS – it delivers the goods and it is happening anyway – but for the adoption to be successful, they must regain control of the situation.
Security
IT usually brings up the ‘security’ excuse to kill SaaS deals, but I believe that many times the ‘security’ they are talking about is their 'job security', afraid to let go of assets that everyone is dependent on.
So let’s examine the real security issue. As I have mentioned in numerous talks and presentations, Cloud companies, as a rule, will do a much better job at data security and privacy than a hospital or a car manufacturer (or a bank, credit card company or NASA judging by the publications on the subject).
Still, there is a major issue regarding SaaS accounts when they are not controlled by IT. Any business manager can swipe a credit card, and order 40 seats for her staff to start using an HR app. The manager knows nothing of security, nor does she bother much with it - the point is to get productivity up. The users are provisioned, not by IT, but by the business unit. When an employee leaves the company to work for the competition, IT is supposed to disconnect that employee from all the assets in the company. But how can they de-provision the employee if they have no access (or knowledge) of the various SaaS applications that person was using? Who can guarantee that this employee will not access company data from home or from the new employer’s premises?...
Lack of Visibility
Not only does the IT manager have incomplete knowledge of who is using what, even if they know that an employee has a SaaS account, there is no way to know if that user is accessing the software, how it is being used and what, if any problems are there. There is no visibility into performance issues. IT also has no knowledge of what part of the organizations’ data is stored where. And could it be that some of the same data is residing at different SaaS providers, and could it be that information at one provider is inconsistent with some information at another provider?
Vendor Selection
One of the areas of expertise of IT is the ability to select software solutions and evaluate the vendors. The business units do not have that ability, and frankly, they don’t give a damn. They want quick solutions within their monthly budgets and all other topics regarding security, integration, service continuity, financial viability, and SLAs are stuff that IT traditionally dealt with (and hence took forever to make a decision). So, IT is not involved in the solution/vendor selection process exposing the enterpise to bad choices and their consequences.
Lack of Efficiency
It is not uncommon in large, distributed companies, that different departments are consuming the service from the same SaaS vendor (or different departments are using similar solutions from different vendors) with multiple contracts in place, and perhaps different integration schemes. Of course this reduces the chances for bulk discounts and is inefficient in all aspects of organizational learning and business intelligence.
Another aspect of control is the lack of ability to access, backup and analyze the company’s data or to impose regulatory constraints on the user.
Lack of Strategic Planning
The fact that each department is an independent SaaS consumer and that IT is not driving and controlling the company’s solution is a great impediment to multiyear strategic planning. The individual business units do not have a high-level view of the company’s needs and strategy.
The lack of strategic planning reduces the company’s ability to ensure security and to employ cross company data analysis (the data is distributed across multiple vendors) and may cause compliance and regulatory issues in the future.
What to do, what to do?
A following article will outline strategies to employ in order to get hold the SaaS situation. But it will suffice to say that IT needs to restore control and bring itself to the forefront. This means that, first and foremost, the CIO has to embrace SaaS and not fear it. Start by defining the strategic goals of Cloud computing in the organization. Understand who is consuming what in the organization. Review your upcoming upgrades and begin a process of considering SaaS to replace your on-premise solutions.
SaaS is not a threat but a wonderful opportunity for the enterprise and the IT organization. Don’t play a defensive game; rather, become a leader in this area for your company.
Monday, May 30, 2011
Organizational Culture and Company DNA – What Makes a Successful SaaS Company.
“No people come into possession of a culture without having paid a heavy price for it” (James A. Baldwin)
It was always clear to me that success with SaaS was not about technology, but about execution. This week I got a clear reminder.
The SaaS CEO Forum
For the past few months I have been running a SaaS CEO Forum that meets every six weeks or so, each time hosted at a different SaaS company, by a member of the Forum . The forum consists of a select group of successful SaaS companies, that have been selling their service for a number of years and are dealing with issues such as growth, operations, sales, marketing and customer satisfaction. Every meeting has a theme such as running a fabulous inside sales teams, SaaS Service Operations, knowledge-as-a-service, etc.. Yesterday the forum was hosted by Avinoam Nowogrodski, founder and CEO of Clarizen, a fast growing, market leader on collaborative project management. Beyond the very interesting review of the company’s clockwork marketing and sales operation, Avinoam gave a presentation on what makes a SaaS company successful.
Successful SaaS Company
No one can argue with the success of Clarizen, having grown 400% year over year, with an ever-growing community of happy customers, so it was worthwhile listening to Avinoam’s credo.
Clarizen’s CEO was talking about managing a company where execution is paramount and where Customer Success always comes first. He has been careful selecting an executive team that he regards as ‘A’ players and nurturing a culture of Respect, Modesty, Openness, and Accountability.
Among the factors Avinoam mentioned was “checking your ego at the door”, willingness to take risks, and acceptance of mistakes as part of the ever changing environment and conditions. Delegating Authority, Hands-on in your domain, Transparency and above all – Measure, Measure, Measure every aspect of the company’s operation; sales, marketing, conversion between each stage of the pipeline, responsiveness, costs.
The SaaS Angle – Fast Forward
While I agree wholeheartedly with all the above criteria being critical for a successful company, I asked for the SaaS angle. The answer was obvious even before I finished asking the question: “Pace”. In a SaaS company everything is fast-forwarded. The cycles in almost every aspect shorten and therefore the margins of error are ever so narrow. In a company that caters for the SMB in a low-touch model, the sales cycles are measured in days, not quarters, the software releases are shortened to weeks. The discovery of bugs usually occur within hours (or minutes) after a new version is introduced. Hence, Openness and Transparency are paramount and there is no time for ego games or controlling vital information (I have written about these aspects in the past: Transparency & Communications).
To reiterate – in a fast-pace, ever-changing, 24X7 environment, the need to feel the operational pulse, the need for responsiveness and open communications, the need for a listening ability and accountability are vital for success. Time spent on BS, on analysis-paralysis, on political games, on territorial squabbles, is time spent away from making sure your customers are successful, and that will be evident on the company’s bottom line and eventually, on the quarterly bonuses.
It was always clear to me that success with SaaS was not about technology, but about execution. This week I got a clear reminder.
The SaaS CEO Forum
For the past few months I have been running a SaaS CEO Forum that meets every six weeks or so, each time hosted at a different SaaS company, by a member of the Forum . The forum consists of a select group of successful SaaS companies, that have been selling their service for a number of years and are dealing with issues such as growth, operations, sales, marketing and customer satisfaction. Every meeting has a theme such as running a fabulous inside sales teams, SaaS Service Operations, knowledge-as-a-service, etc.. Yesterday the forum was hosted by Avinoam Nowogrodski, founder and CEO of Clarizen, a fast growing, market leader on collaborative project management. Beyond the very interesting review of the company’s clockwork marketing and sales operation, Avinoam gave a presentation on what makes a SaaS company successful.
Successful SaaS Company
No one can argue with the success of Clarizen, having grown 400% year over year, with an ever-growing community of happy customers, so it was worthwhile listening to Avinoam’s credo.
Clarizen’s CEO was talking about managing a company where execution is paramount and where Customer Success always comes first. He has been careful selecting an executive team that he regards as ‘A’ players and nurturing a culture of Respect, Modesty, Openness, and Accountability.
Among the factors Avinoam mentioned was “checking your ego at the door”, willingness to take risks, and acceptance of mistakes as part of the ever changing environment and conditions. Delegating Authority, Hands-on in your domain, Transparency and above all – Measure, Measure, Measure every aspect of the company’s operation; sales, marketing, conversion between each stage of the pipeline, responsiveness, costs.
The SaaS Angle – Fast Forward
While I agree wholeheartedly with all the above criteria being critical for a successful company, I asked for the SaaS angle. The answer was obvious even before I finished asking the question: “Pace”. In a SaaS company everything is fast-forwarded. The cycles in almost every aspect shorten and therefore the margins of error are ever so narrow. In a company that caters for the SMB in a low-touch model, the sales cycles are measured in days, not quarters, the software releases are shortened to weeks. The discovery of bugs usually occur within hours (or minutes) after a new version is introduced. Hence, Openness and Transparency are paramount and there is no time for ego games or controlling vital information (I have written about these aspects in the past: Transparency & Communications).
To reiterate – in a fast-pace, ever-changing, 24X7 environment, the need to feel the operational pulse, the need for responsiveness and open communications, the need for a listening ability and accountability are vital for success. Time spent on BS, on analysis-paralysis, on political games, on territorial squabbles, is time spent away from making sure your customers are successful, and that will be evident on the company’s bottom line and eventually, on the quarterly bonuses.
Saturday, May 07, 2011
System Integrators’ Cloud Strategies – React or Lead?
“A leader takes people where they want to go. A great leader takes people where they don’t necessarily want to go, but ought to be.” (Rosalynn Carter)
Recently a number of medium-sized System Integrators (SIs) have approached me to help them either define their SaaS/Cloud strategy, validate their strategy or help them with the realization of their strategy.
It seems that, the shoe has dropped. It took two years of relentless Cloud hype for the System Integrators to finally understand that major changes are occurring which will impact their customers and therefore – them.
New Breed of System Integrators
There is a new breed of Cloud System Integrators (up to a year ago they were called “SaaS System Integrators”) including companies such as Appirio, Astadia, Bluewolf & Model Metrics, that are dedicated to providing SaaS based services. Being newcomers, they are quite small compared to the large players, but their growth rates are phenomenal (e.g. Appirio has been growing in triple digits since 2008). So far they are have not been big enough to pose a visible threat to the old timers, but I suspect that the Dinosaurs are starting to feel a bit uncomfortable with the quick mammals that are infiltrating their territories.
Lack of Strategy – Tactical Approach
Having studied approaches of the major players in the market I have come to some interesting observations:
Accenture is a Salesforce.com partner. Ernst & Young are helping implement EmployU and HumanWave. Deloitte is with Workday and Genpact is a Netsuite implementor.
Capgemini is working with AWS to provide a Cloud Computing COE.
Considering the size and nature of the business of these players, it seems that these services are not high on the priority lists of the big SIs. It is quite obvious (to me) that these giants have not defined a SaaS strategy, rather they are reacting in an opportunistic manner to the market - akin to a “me too” tactic, just to have something 'Cloudy' or 'SaaSy' on their web site.
Cloud Strategy – React or Lead
As mentioned, many SIs have adopted tactical approaches, at the Cloud Service level, rather than a strategic approach. Further analysis led us to the conclusion that by zooming out, grouping and mapping the above Cloud Services. we can define five Cloud Strategies for System Integrators:
Using this prism, we could say that a number of players have chosen a strategic path:
IBM’s GBS and Wipro are offering services that we define as SaaS One-stop-shop for ISVs (strategy 3). KPMG is offering Roadmap for SaaS Adoption (strategy 5) while Infosys is acting as a SaaS Aggregator for enterprise IT (strategy 1). Smaller players such as iProcess are offering BpassS (Strategy 2)
Even though adoption rates are growing very fast, the hype of Cloud Computing is a couple of years ahead of reality, especially in the larger organizations that are the natural customers of the leading SIs. Some SIs have chosen to play it safe: not invest up front in new technologies and methodologies and watch the market carefully. Since they will still be milking many fat cows for a few years to come, the decision not to decide could be considered a smart, conservative strategy.
Others, though, have taken leadership positions, risking investments without a clear date on the ROI. They have the advantage of defining the market trends and have a better chance of emerging as the de-facto leaders in a few years when all the players, that are currently sitting on the fence, will have to define their strategy and see what bones are left to pick.
Recently a number of medium-sized System Integrators (SIs) have approached me to help them either define their SaaS/Cloud strategy, validate their strategy or help them with the realization of their strategy.
It seems that, the shoe has dropped. It took two years of relentless Cloud hype for the System Integrators to finally understand that major changes are occurring which will impact their customers and therefore – them.
New Breed of System Integrators
There is a new breed of Cloud System Integrators (up to a year ago they were called “SaaS System Integrators”) including companies such as Appirio, Astadia, Bluewolf & Model Metrics, that are dedicated to providing SaaS based services. Being newcomers, they are quite small compared to the large players, but their growth rates are phenomenal (e.g. Appirio has been growing in triple digits since 2008). So far they are have not been big enough to pose a visible threat to the old timers, but I suspect that the Dinosaurs are starting to feel a bit uncomfortable with the quick mammals that are infiltrating their territories.
Lack of Strategy – Tactical Approach
Having studied approaches of the major players in the market I have come to some interesting observations:
- There are around 15 Cloud services that SIs could offer their customers. Examples are: billing/integration/SSO services, PaaS development (Azure, Google Apps Engine, Force.com), SaaS-oriented testing, training, 24X7 NOC, etc.
- Judging by my engagement with some of the SIs, most are not even aware of what those services are, and are therefore concentrating on a few obvious choices.
- Most of the SIs are offering only one or two Cloud services from the list, and therefore:
- Most large SIs do not have a SaaS/Cloud strategy, or, their strategy is to wait and see how the market develops.
Accenture is a Salesforce.com partner. Ernst & Young are helping implement EmployU and HumanWave. Deloitte is with Workday and Genpact is a Netsuite implementor.
Capgemini is working with AWS to provide a Cloud Computing COE.
Considering the size and nature of the business of these players, it seems that these services are not high on the priority lists of the big SIs. It is quite obvious (to me) that these giants have not defined a SaaS strategy, rather they are reacting in an opportunistic manner to the market - akin to a “me too” tactic, just to have something 'Cloudy' or 'SaaSy' on their web site.
Cloud Strategy – React or Lead
As mentioned, many SIs have adopted tactical approaches, at the Cloud Service level, rather than a strategic approach. Further analysis led us to the conclusion that by zooming out, grouping and mapping the above Cloud Services. we can define five Cloud Strategies for System Integrators:
- SaaS Aggregator – Provide Applications on the cloud
- SaaS One-stop-Shop for Software Vendors
- Cloud/SaaS Adoption for IT
- Private cloud technologies
- BPasS - Could Integration
Using this prism, we could say that a number of players have chosen a strategic path:
IBM’s GBS and Wipro are offering services that we define as SaaS One-stop-shop for ISVs (strategy 3). KPMG is offering Roadmap for SaaS Adoption (strategy 5) while Infosys is acting as a SaaS Aggregator for enterprise IT (strategy 1). Smaller players such as iProcess are offering BpassS (Strategy 2)
Even though adoption rates are growing very fast, the hype of Cloud Computing is a couple of years ahead of reality, especially in the larger organizations that are the natural customers of the leading SIs. Some SIs have chosen to play it safe: not invest up front in new technologies and methodologies and watch the market carefully. Since they will still be milking many fat cows for a few years to come, the decision not to decide could be considered a smart, conservative strategy.
Others, though, have taken leadership positions, risking investments without a clear date on the ROI. They have the advantage of defining the market trends and have a better chance of emerging as the de-facto leaders in a few years when all the players, that are currently sitting on the fence, will have to define their strategy and see what bones are left to pick.
Subscribe to:
Posts (Atom)