An Overview of SaaS – And some privacy questions Based on work by Julie Smith David and Michael T. Lee, sponsored CABIT and the Society for Information Management
Feb 25, 2016
An Overview of SaaS –And some privacy questions
Based on work by Julie Smith David and Michael T. Lee, sponsored byCABIT and the Society for Information Management
AgendaGathering for the perfect storm?
frustrationeconomy acceptance
Stage 1: Introduction to SaaS
Stage 2: Privacy Issues
Gathering for the “Perfect SaaS Storm”?
the economy
the economyfrustration
End-user frustration with ERP applications often drives a business' first post-ERP projects. At Amoco's chemical intermediates group, for example, the need to channel SAP R/3 information into more user-friendly applications became apparent as the ERP system was being implemented early last year, says Kerry Given, IT manager for the unit. "Managers found SAP so unfriendly they refused to use it," he says. "Few [of our] people use SAP directly because you have to be an expert." November 30, 1998
the economyfrustration
acceptance
the economyfrustration
acceptance
the economyfrustration
acceptance
It’s time to take SaaS seriously!
Photo is by LeibDich, available at http://www.flickr.com/photos/liebedich/3679711527/, and used under the CreativeCommons license
Gathering for the perfect storm?
Let’s go deeper into SaaS
frustrationeconomy acceptance
Stage 1: Introduction to SaaS
Supply Chain Representation:Traditional Model
Your Company
HardwareCompany
SoftwareCompany
PC’s, Servers, Network Devices, …
Operating systems, ERP, CRM…
SaaS Company
Supply Chain Representation:SaaS Model
Your Company
HardwareCompany
SoftwareCompany
Servers, Network Devices…
Operating systems
PCs (with Browsers)
ERP, CRMService
Client Company
Client Company
Client Company
A Quick Review:SaaS Characteristics
• Technical– Browser based:
• Reduced upgrade issues• Lower cost hardware
– Hardware acquisition, operations, maintenance
– Multi-tenant– Agile development
• Maintenance experience• Innovation
• Strategic– Low initial acquisition
costs– Quicker Implementations– Predictable pricing– Reduced support staff
needed– Potentially more agile
environment with significant innovation
How Multi-Tenancy works
Source: Peter Coffee, Salesforce.com
Source: Peter Coffee, Salesforce.com
PaaS Company
PaaS Model
Your Company
HardwareCompany
SoftwareCompany
Servers, Network Devices…
Operating systems, ERP, CRM…
PCs (with Browsers)
Service
Client Company
Client Company
Client Company
NativeDevelopers
CompositeCompany
PaaS to Preferred PlatformDe
velo
pmen
t Effo
rts
Size of Adopting Organization
Indi
vidu
alAp
psCo
mpl
exSu
ites
Individuals Small Mid-Tier Large
Inte
g.Ap
psN
iche
Suite
sSm
allDevel.
Major
SW Co.
Ind-M
idInd. Leader,N
iche SW
Software Developm
ent Organizations
Created with Brian Sommer
Proposition: SaaS is a Disruptive Technology
Source: Mann and David, 2007. For more, see:Harrigan, K. R. 1984. Formulating Vertical Integration Strategies The Academy of Management Review 9 (4):15.Rothaermel, F. T., M. A. Hitt, and L. A. Jobe. 2006. Balancing vertical integration and strategic outsourcing: Effects on product portfolio, product
success, and firm performance. Strategic Management Journal 27:1033-1056.
When/Why to Select SaaS (Updated)
Source: http://blogs.idc.com/ie/wp-content/uploads/2009/12/idc_cloud_benefits_2009.jpg
New Reasons• Commoditization of IT
– IT applications are available for almost anything
– Leave it to the hands of experts– Comes down to the decisions and how it
is used• New leverage for knowledge
– SaaS can be used to push out legacy data and information to create and distribute knowledge globally at minimal incremental cost
• Upgrades– Small time window, cost included in
subscription– No hardware, software, patches, space
requirements– Upgrade process
• Elastic scalability– Instant– Integratability/
Interoperability– Customizable/Programmable
• Shared infrastructure– Functions are at the
metadata level, not at the code level (airline model)
– Industrial strength infrastructure, allowing customization at the metadata level
Issues/Challenges
http://blogs.idc.com/ie/wp-content/uploads/2009/12/idc_cloud_challenges_2009.jpg
AgendaGathering for the perfect storm?
frustrationeconomy acceptance
Stage 1: Introduction to SaaS
Stage 2: Privacy Issues
What we already touched on:
Source: Prosch, M. and J.S. David. 2009. Extending the Value Chain to Incorporate Privacy by Design Principles
An integrated “X as a Service” stack
Source: Linthicum, D. 2009. Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. Addison-Wesley Information Technology Series.
With XaaS Proliferation
Source: Prosch, M. and J.S. David. 2009. Extending the Value Chain to Incorporate Privacy by Design Principles
OPERATIONALMODALITIES Programs Goals Resource
Allocations
Corporate Culture
Fiscal Viability
Expectations
Compliance
Community Involvement
Environmental Improvements
Economic Benefits
Education SupportOUTCOMES
Create a Privacy Culture, Cavoukian, 2008
Privacy Payoff,Cavoukian & Hamilton, 2008Customer Churnrate, Ponemon 2007
Privacy Cultural Lag Theory, Prosch 2008
FTC SanctionsState Attorney GeneralsEU Safe Harbor
Privacy Policies Chief Privacy OfficerPrivacy Enhancing Technologies
Privacy AuditPrivacy Maturity Lifecycle, Prosch 2008
Privacy Payoff, Cavoukian & Hamilton, 2008
Reducing data pollution:Reducing identify theft risk,Unnecessary workplaceMonitoring, cyberbullying, etc.Educating customers/employees
Rights & obligations in process
Allowing constituents a “voice” in privacy design
Nehmer & Prosch 2009Model of Privacy Corporate ResponsibilityBased on Dillard & Layzell’s 2008 Model
MOTIVATINGFORCES
Privacy by Design Principles
Respect for User Privacy
Visibility and Trans-
parency
End – to – End
Lifecycle
Positive Sum –
Not Zero Sum
Privacy Embedded into Design
Privacy as the Default
Proactive vReactive
Questions -
For Ben!
Please Keep In [email protected]
Really?• Security?
– Compared to what?– Facility/network– Privileges– SAS 70, SysTrust, ISO 27001
• Availability/Performance?– Operational reporting– Dealing with abnormalities– Uptime reality– Transparency: Dashboards
• Cost more?– Predictable– Hardware, software, upgrades,
recovery, security, space– Up to 5X faster development
• Integration difficulty?– Proliferation of integratable and
customizable applications – Standard development platform– IaaS, PaaS
• Customizability?– Proliferation of customizable
applications – Comprehensive tool sets– Shared infrastructure– Upgrade process
• Vendor lock in? Survivability?– Proprietary languages/technologies– Switching costs– API’s, ETL tools– How different from ABAP?
Source: Peter Coffee, Salesforce.com