Posts tagged ‘NCC Group’

Denial ain’t just a river in Egypt…#CloudWF

Guest Blog with NCC Group

Author: John Parkinson, NCC Group

During the Cloud World Forum event in London on 24 July, we discussed the opportunities for Software as a Service businesses to become more successful. Focussing on the neglected issue of commercial security, we asked how the SaaS market can provide answers to potential supply failure in the market.  By anticipating, understanding and addressing the risks for customers who rely on outsourced application services, we argued that providers can contribute more to enhancing trust and confidence in the Software as a Service market.

How are SaaS businesses reacting to the issue?  In our experience, there are three broadly different attitudes:

  1. It was Mark Twain who perceptively wrote that ‘Denial ain’t just a river in Egypt’. The Risk Deniers perform according to type in asserting that it just won’t happen. ‘I haven’t failed yet and have no plans to do so’. Said with conviction it is likely that they have convinced themselves. As Isaac Asimov once wrote, they cling to the view that the easiest way to solve a problem is to deny it exists
  2. The largest group, the Agnostics, take a more considered view. They concede the possibility and see the wisdom of having a plan, but only if someone raises the question.  Whether hoping against hope, firmly in the wait and see camp or just too busy with other stuff, they generally accord with the opinion elucidated by TS Eliot that humankind cannot bear too much reality.
  3. Last but by no means least are the Innovators. They align instinctively to the perspective of Peter Drucker that innovation is the specific instrument of entrepreneurship. Salmon Software is one good example of a business that recognises this. John Byrne, the Salmon MD says ‘we understand the needs of our customers and the potential impacts of them not having access to the application’. Similarly Wazuko MD, Simon Hill asserts that the objective is ‘to show our existing customers and prospects that stepping into the cloud with Wazuko is simple and secure.’ Operating in a highly regulated sector of finance is Banking system provider, Mambu. MD Eugene Danilkis in a blog article commented: ‘Regulators have rightly recognised the critical role that technology providers play to support key business processes.  In turn, technology providers need to ensure consistent and reliable delivery of these services that financial institutions depend on to reinforce trust and extend the potential for future innovation and growth.’

As a SaaS Provider, which category do you fall into – a Denier, an Agnostic or an Innovator And which type of business would you trust when outsourcing your software services?

Original NCC Group blog here

———————————————————————————————————-

NCC Group were a Visionary Sponsor at the Cloud World Forum 2015, which took place on the 24th – 25th June.

The Cloud & DevOps World Forum delivers speed and continuous delivery to Europe’s Digital Enterprises, and will take place on the 21st – 22nd June 2016, at Olympia in London.

Register your interest for 2016 here

Advertisements

Risks of SaaS supplier failure & how to effectively mitigate them #CloudWF

Guest Blog with Kemp Little Consulting & NCC Group

The cloud is here to stay and according to a recent survey, organisations are going to be investing more in cloud services to support their core business operations.

But have companies properly considered the risks of SaaS supplier failure if the software is supporting their core processes?

The Kemp Little Consulting (KLC) team has been working with NCC Group to identify some of the risks of SaaS supplier failure and to identify the main problems that end user organisations would need to solve to effectively mitigate these risks.

In the on-premise world, the main way of mitigating against software supplier failure is Software Escrow. This was designed as a means of gaining access to source code for an application in the event of supplier failure.

If a supplier goes bust, there is no short term problem as the application and the business processes supported by the application continue to work and the corporate data remains within the control of the end user.

However, the end user company has a  problem as they will not be able to maintain the application long term and this issue is effectively solved by Software Escrow and related services such as verification.

In the cloud arena, however, the situation is different. If the supplier fails there is potentially an immediate problem of the SaaS service being switched off almost straightaway because the software supplier no longer has the cash to continue to pay for its hosting service or to pay its key staff.

For the end user, this means that they no longer have access to the application; the business process supported by the application can no longer operate and the end user organisation loses access to their data.

The business impact of this loss will vary depending upon the type of application affected:

  • Business Process Critical (e.g. finance, HR, sales and supply chain)
  • Data Critical (e.g. analytics or document collaboration)
  • Utility (e.g. web filtering, MDM, presentational or derived data)

In our research, we found that both suppliers of cloud solutions and end user organisations had not properly thought through the implications of these new risks, nor the services they would require to mitigate against the risk of supplier failure.

The primary concerns that end user customers had were around their business critical data. They were concerned by lack of access to data; loss of data; the risk of compliance breach by losing control of their data and how they might re-build their data into usable form if they could get it back. There was also concern about access to funding to keep the infrastructure running in the SaaS vendor in order to buy time to make alternative arrangements.

They were much less concerned about access to the application or getting access to the source code.

This is understandable as their primary concern would be getting their data back and porting it to another solution to get the business back up and running.

In a separate part of our study, the Kemp Little commercial team looked at the state of the market of the provisions generally found in SaaS contracts to deal with the event of supplier failure.  The team found that even if appropriate clauses were negotiated into the contract at the outset, there may be real difficulties in practically enforcing those terms in an insolvency situation.

End user organisations were more concerned than SaaS suppliers about their capability to deal with all of these problems and were amenable to procuring services from third parties to help them mitigate the risks and solve the problems they could not solve purely by contractual means.

End users were also concerned that many SaaS solutions are initially procured by “Shadow-IT” departments as part of rapid business improvement projects and deployed as pilots where the business risks of failure are low.

However, these solutions can often end up being rolled out globally quite quickly and key parts of the business become dependent upon them by stealth.

It is therefore considered important for companies to develop a deep understanding of their SaaS estate and regularly review the risks of supplier failure and put in place appropriate risk mitigation measures.

KLC recently worked with global information assurance specialist NCC Group to help it enhance the service model for its SaaS Assured service.

This article was originally posted on the Kemp Little Blog and can be found here.

…………………………………………………………………………………………………………………

John Parkinson, Global SaaS Business Leader at NCC Group will be speaking at the Cloud World Forum on 24th June 2015 at 12.45pm.

His talk will take place in Theatre D: Cloud, Data Governance & Cyber Security on ‘Outsourcing to Software as a Service? Don’t Overlook the Critical Commercial Security Risks.’

REGISTER YOUR FREE EXHIBITION PASS HERE.

CWF static banner

Tag Cloud

%d bloggers like this: