By Carol Hildebrand
Eavesdrop at a CIO networking event, and you’ll probably hear the term ‘SaaS’ before you can snag a shrimp off the nearest tray. It’s understandably top of mind—cloud computing and SaaS are boardroom-level topics at this point.
“Nearly all the CIOs I’ve spoken with are wrestling with how they can leverage cloud to deliver more value to the enterprise,” says Oracle CIO Mark Sunday. “In particular, I’m hearing a lot about what questions we need to be asking potential SaaS providers.”
Reimagine your business with Oracle Cloud applications.Find out how
Fortunately for Sunday, he has a direct line to an actual cloud provider: Tom Fisher, CIO of Oracle Cloud Services. The two sat down recently to hash out the tactics involved in choosing a SaaS provider.
Sunday: The digital economy relies on how well companies simplify information flow and access. In fact, today’s modern cloud has evolved specifically to support the need to share SaaS data across applications and platforms both on-premises and in the cloud. How do you make sure that any prospective SaaS provider can support transparent information flow?
Fisher: Well, to start, your questions should go beyond SaaS specifics. For example, can the provider clearly show you a standards-based and integrated technology stack? It directly affects the big questions involving information flow and sharing. You also want to find out how easy it is to share data between front-end and back-end systems—regardless of who owns the front end. The same question applies to sharing across multiple applications.
Sunday: Right, because as we know, applications tend to span multiple platforms.
Fisher: Yes, which is why you want to ask how well the SaaS provider can not only integrate across public and private clouds, but also easily move SaaS data into enterprise business workflows. Say that you need to pull that SaaS data to social or mobile components—how will that happen? Conversely, say some data from an older, on-premises system needs to be made available for a SaaS app. How easy is it to do that? How much work is involved from the customer versus the SaaS provider?
Sunday: As a corporate CIO, I frequently get asked by LOB colleagues about our level of security or how we are protecting our own internal data. How can I make sure that our SaaS provider meets our standards?
Fisher: You have to ask the very same things of your prospective provider. If they don’t have good, crisp, solid answers, then you really need to consider your level of exposure because of the limitations of the cloud provider. At this point, strong security ought to be table stakes. If they can’t show you how they extend security to mobile usage, or how they integrate security throughout the host stack, it’s cause for concern.
Sunday: We’ve all experienced the ‘forced march syndrome,’ where we had to conform to a SaaS provider’s upgrade schedule rather than the opposite. How can you avoid this going forward?
Fisher: You need to get very specific about how they will time their tech upgrades around not only your specific business processes, but also whatever geographic regions you operate in. For example, early May is a major holiday in Latin America, meaning that it would probably be fine to upgrade business systems but that e-commerce platforms would be in heavy demand.
Many SaaS providers stub their toes when they try to move into regions where the privacy laws are very different than we have in the United States.
—Tom Fisher, CIO of Oracle Cloud Services
Sunday: Good point. Since a lot of early SaaS providers focused on the North American marketplace, assuming a global presence is hardly a given. What should you be looking for from your cloud provider if you’re running a multinational or global business?
Fisher: A great question, and one that I don’t think customers often think of or ask enough. You and I both know that many SaaS providers stub their toes when they try to move into regions where the privacy laws are very different than we have in the United States. The reality is that your cloud provider needs to have a presence in each of those locations, particularly in areas like Europe, Africa, and the Middle East. The countries in those regions have specific regulatory requirements for data management.
In fact, you should also query your provider’s knowledge of global regulations pertaining to the specific functionality of their application. For example, the laws around HR data are even more restrictive than general data privacy rules in Europe, and your provider needs to be able to comply everywhere you do business.
Sunday: How about incident management? One of the worst feelings I experience as a CIO is to have a user say, “I’m having problems with my system,” and I have to respond with, “Hold on. Let me check with the provider.”
Fisher: You absolutely need to ask them about this, and they need to prove that they are ahead of the curve. Can they integrate into your company’s incident ticketing system, for example?
You aren’t just hiring the company for its technology—you are also hiring its people to represent your company’s IT organization.
—Mark Sunday, Oracle CIO
Sunday: You aren’t just hiring the company for its technology—you are also hiring its people to represent your company’s IT organization. How do you get a feel for the capabilities of their workforce?
Fisher: Great question. I treat it like it’s a job interview—I think about how I would manage that SaaS provider if they were a part of my IT organization, and lead with that. I want to know things like, what’s their domain expertise and does it dovetail with my needs? For example, can they support enterprise-level go-lives in the cloud? And how well does their communication style match with that of your company? At the end of the day, a good SaaS provider should function like an extension of your business. And to find organizations with those capabilities, you have to expand your thinking about what a SaaS provider should be able to do.