Software-as-a-Service (SaaS) Challenges - Reliability and Trust

Posted by Hans de Ruiter

I have always had my reservations about Software-as-a-Service (SaaS) due to issues such as reliability and control over my own data. To date, no SaaS vendor has addressed my concerns, indeed some people have been openly agressive, to the point of suggesting that I'm so paranoid that I need my head checked. Well, last night I had a problem that highlighted my reliability concerns: the power supply to my home router broke, leaving me without internet until I could buy a replacement today. Due to Dick Smith electronics becoming increasingly poor in its electronics selection (it is now hopeless for the electronics enthusiast), I had to drive all the way into the other side of downtown wellington to Jaycar, in order to buy a 5VDC 3A power supply. One small failure knocked out my internet connectivity for half a day.

I'll get back to my power supply failure, and SaaS reliability soon, but,  for those who aren't familiar with the term, SaaS desrcibes software that is accessed as a service over the internet, rather than buying and installing it on ones own machine(s). From the SaaS vendor's perspective, it's great because:

• You have a continuous stream of revenue from subscribers rather than a one time revenue when people buy, and
• Pirating the software is almost impossible (bar security breaches) because customers never have the full application; the application's core functionality runs on the server, and the customer only gets the display/user-interface portion.

Customers also have certain advantages:

• Lower initial cost since the subscription fee is less than buying the product outright,
• Automatic upgrades without having to do anything, and
• Data backups are handled by the SaaS vendor (assuming that the vendor does this).

The advantages above sound like it's a mutually beneficial arrangement, so where's the problem? Well, there are several issues that I can think of:

• SaaS relies on a large number of systems, all of which
• SaaS customers have to be able to trust that the SaaS vendor:
  • Performs adequate backups of their data,
  • Maintains tight security of their data, and
  • Respects their privacy.

Reliability

Back to my power supply failure. The power supply is but one small part of the chain between me, and the SaaS system that have to work properly. Depending on where the servers are lkocated relative to me, there are

• my computer,
• the router (and its power supply),
• the DSL modem (if it's separate),
• the DSL hardware at the local exchange,
• the network connection from the local exchange to the ISP's nearest hub,
• the connection from the ISP's hub to the national backbone,
• the connections from the national backbone to the server's country (may go through multiple countries), and all routing equipment involved (possibly including satellites),
• the server's machines, and
• implicitly the power generators, power lines, sub-stations and power supplies that supplies all of the above with power.

If any of these systems fail, then so to does my connection to the server. Sure, each of these systems is very reliable, but the more serially connected systems that you have, the greater the likelyhood of overall system failure. Putting multiple systems in parallel, increases redundancy, and thus, reliability (which is why we backup our data).

Now, let us assume that I was using a service such as Xero, and/or PlanHQ as a critical part of my (fictitious) business. If any critical device fails between their severs, and my business fails, then I can no longer access and update my accounting data (Xero) and/or my business planning and collaboration data (PlanHQ). Both services allow you to save the data in some external format, but is this enough? It still won't be possible to update or modify the information. One could say, "just wait until it's back up," but that does not address the issue. If the failure lay outside of the business, then I would be able to do nothing to make the service come back faster, other than maybe yelling at the vendor, and hoping that this helps. Moreover, there would be that annoying realization that I would have had none of these issues if the server was running within your own organization (and if it did fail, I could fix it).

Things would be even worse if my company also used salesforce.com; then the entire sales team would be unable to do their work effectively. If the eCommerce website also used PayPal, or some other payment gateway then sales would also grind to a halt. The more external systems that the business relies upon, the more likely it will be that something fails, and takes part of the business down. Don't think that it can happen? My power supply failure is a small example of the many things that can go wrong. Other examples include:

• Earlier in this decade a major systems failure (I cannot find the details) at the moment) of one of the major data hubs on the USA's west-coast crippled New Zealand's main data link to the rest of the world for several days,
• In 2003 the entire north-east of Canada and the USA had a power blackout caused by one fault triggering a cascade of shutdowns (not directly data related, but servers need power); other blackouts have occured around the world and in New Zealand too, over the years,
• In 2008, a Pakistani telecommunications company inadvertently knocked youtube offline globally,
• In June 2009, Xero was taken offline by a massive data center failure in the USA, and
• In August 2009, Paypal went offline for several hours (for the second time this year),

Failures can, and do happen, despite the internet increasingly haing multiple connections and redundant systems.I do have to point out that, in the case of a failure, SaaS vendors may be in a better position to deal with it then a small company would, if that small company were maintaining its own systems. Nevertheless, there are still many more things that could go wrong, many of which are outside the control of both the customer, and the vendor (i.e., anything that happens on systems between the two).

Data Security and Trust

The next major issue is whether or not one wishes to entrust private data to a third party's care. When I mention this, invariably someone pipes in with "if you're doing nothing illegal, then what is the issue?" Cue, accusations of paranoia. This is very easy to say if we're talking about a few personal photos and you live in a country with freedom of speech, and in which persecution of political or religious views is illegal, but it misses the wider picture; maintaining access to ones own data is just as critical as preventing others from reading and using it. Here the reliability issue raises its head again; all that personal/business data is of no use to me if I cannot access it myself. Moreover, Microsoft's computing cloud demonstrated vividly that a computing cloud can lose data when its Sidekick service lost T-Mobile's customers emails, and personal data. A computing cloud is supposed to be highly redundant, and robust to failure, yet here was a massive data failure that no doubt resulted in the loss of highly critical information. This is not the only data failure that has occurred.

Next is the issue of protecting sensitive information. For many businesses their information is a critical part of their competitive edge, so maintaining privacy is critical. Customer's personal details are particularly sensitive, and having that data stolen has serious consequences. Fortunately, this also applies to SaaS companies, so it is in their best interests to make sure that no-one - not even they - can access your data. SaaS companies typically have stringent privacy policies, but this does not necessarily translate to technological barriers such as encrypting customer data. For example, Xero's privacy policy is good, but it does not explicitly say how securely the data is stored; it states that Xero employees cannot access usernames and passwords, and so cannot access customer data without the customer's administrator explicitly giving them permission, but would someone with physical access to the server be able to read the data. Why would someone want to do this? Well, if your company developed some technology that a competitor felt would bankrupt them, then there would be ample motive to have a go at the data center that it was stored on. Most of us will never be in a position where this matters, but it is still something that SaaS companies have to address. One only has to look at the myriad of credit card number theft reports to realize that privacy policies does not equal data security.

I have to point out that data on an in-house server is just as susceptible to theft as data on an SaaS company's servers; in fact, it may be even more so if your company lacks data security experties. However, this is another issue that makes people like me more reluctant to use SaaS software. Plus, keeping the applications and data in-house just feels better, because then I know where it is stored, and I'm in charge of looking after it.

Possible Solution - A Shadow Server

Here is an idea that would address the issue of data reliability and access during a server/internet outage: a shadow server. This would be a local server within a business that maintained its own copy of all data on the SaaS server, and provide access during any external outages. It would also act as a redundant copy of the data should a Sidekick type data loss occur.

Google Gears would be another alternative, but while it works well for things such as Google Docs that operates on single files, it probably wouldn't work well for applications with large databases; you are unlikely to want to cache a company's entire database on every machine, especially using an SQLite database (which is what Gears uses).

The few times that I suggested something like a shadow server to an SaaS company (I can't remember to whom), they never replied. Allowing their server software to run on a customer's machine isn't something that most of them wish to contemplate, given piracy issues, and the many different server configurations that customers could have. However, it could be run on a virtual machine, allowing them to use a standardized installation, to administer it remotely, and lock down the server as much as possible as an anti-piracy measure. Virtual private servers have been around for a while now, so the technology is there. Not everything could be run on the shadow server, e.g., PayPal would be unwise to allow a shadow server to perform transactions, but having full access to their data locally would generally put customer's minds at ease, and make people less reluctant to use SaaS.

There is one major technical issue for a shadow server, data synchronization. Let us say that a company's data link goes down, but the main server is still running. The CEO makes changes which are stored in the shadow server, and so does the sales manager, who is currently remotely accessing the main server whilst on a business trip. When the data link is restored, the servers would have to be resynchronized, and any conflicts (e.g., two people edit the same item) resolved.

I know that at least one person is going to say "ah, but your power supply failure would take down your local network, and cut you off from the shadow server." True, until I plug my machine into the server directly, or into another hub (assuming that I have multiple units). Moreover, I can get up and do something about it instead of waiting and hoping for someone somewhere to do it and, that, is more satisfying.

Final Comments

Everything in life has an element of risk, so the issues above are no reason to reject SaaS.  I personally use a few of them myself. However, I do hope that SaaS vendors will consider allowing customers to have a shadow server, or provide some other form of offline capability that is functional; allowing customers to save their data to a text file, PDF, or a report, is not good enough. Cloud computing may sound cool, but there is something reassuring knowing that your data is on a disk next to you, rather than on a disk (set of disks) somewhere on this planet.

I'd be interested to know what others think of these issues, including the opinions of SaaS companies. Feel free to comment below.

Comments (0) | 18 November 2009