Best IT Practices for SaaS Deployments

IT has started to embrace the cloud, and users are ceding control and administration of those apps to them. These six best practices will maximize the safety, control, and effectiveness of SaaS deployments.

By Rob May

The current success of software-as-a-service (SaaS) has in many ways been a triumph of the sales process over I.T. best practices. SaaS vendors did an end-run around their clients' IT departments, touting the Web-based "benefit" (that SaaS products aren't installed on corporate hardware) and that IT doesn't need to approve them (or even be informed of the purchase).

In the last few years, the "IT-free cloud" trend has worsened. The consumerization of IT has made buying business applications as simple and easy as ordering a pizza online. Now, marketing departments can pull out their corporate credit card and pay $39 per month for any online tool. The problem with this behavior is that departments outside of IT rarely have established user management or data management best practices, so many of the old vulnerabilities and liabilities stamped out of on-premise IT have been reborn anew in the cloud.

Thankfully, the "I.T.-Free Cloud" is finally breaking. IT departments have started to embrace the cloud, and as companies adopt more SaaS applications, the control and administration of those apps is increasingly flowing through the IT department. Consequently, IT departments are bringing many of the best practices from the on-premise world to the cloud world, and that is a good thing. Here are six key tactics we have seen to maximize the safety, control, and effectiveness of SaaS deployments.

Best Practice #1: Set formal policies

Can anyone set up a new account on a free or paid service? Must IT be notified? Can employees connect their personal accounts to business accounts? Cloud-savvy IT departments should create policies for the new world of SaaS applications. Be sure to define how you protect data and manage access to that data when it resides on infrastructures you don't own.

Best Practice #2: Read the fine print

SaaS providers like to talk about their service-level agreements (SLAs), their disaster recovery capabilities, and all the other things they can take off your plate so that you never have to worry about application uptime or data-loss issues. However, you must read the fine print. Outages and losses do happen. What are your rights and responsibilities if your provider doesn't deliver? Take the time to read the complete subscription agreement and you will save yourself time and headaches down the road.

Best Practice #3: Create a backup plan

Your data is the lifeblood of your business, and while a SaaS provider has backups to recover from their own failures and outages, those backups may not solve your disasters. One-third of all data loss is caused by user error, and moving to the cloud doesn't prevent that. If accounts are hacked, or if data is accidentally deleted, can you get it back? Performing regular exports and backups was a smart tactic on-premise, and it is even smarter still in the cloud.

Best Practice #4: Don't forget user management

What happens when someone leaves the company? Is there a record of who has access to which SaaS applications? Is access appropriately revoked? One of the big benefits of SaaS is the collaborative aspects -- anyone can access data from any Web browser and share it with anyone the same way. Is data being shared outside your organization? Make sure you monitor who has access, and who is coming and going. Like backup, this was important on-premise, and it is still important in the cloud.

Best Practice #5: Prepare for compliance and e-discovery

If your company has compliance or e-discovery requirements, can your needs be met in the cloud? Many SaaS applications have messaging functions built in, and those messages could be subject to discovery demands in the near future. Look for SaaS applications that support audit trails and similar compliance functionality, or find third-party vendors that can provide it as a service.

Best Practice #6. Don't skimp on training

Many companies think they save money by adopting SaaS, only to squander those savings in lost productivity. Many employees never receive the equivalent training for SaaS applications that they enjoyed for other on-premise software, and thus they fumble through their workflow trying to learn on their own. Make the investment in application training for employees to be sure you get the maximum benefit from your SaaS investment.

A Final Word

IT best practices for SaaS aren't significantly different from what they were in the on-premise world. As you move to the cloud, keeping your tools and workflows in place -- or tweaking them as necessary for a cloud environment -- is a good way to perpetuate the best practices you already adopted.

Rob May is the CEO and co-founder of Backupify, a provider of online backup services for cloud application data including Google Apps, Salesforce, Twitter, and Facebook. You can contact the author at rob@backupify.com.