The options are two fold. If the service provider has a service that creates a CD or tape that they can send you, then it is just a 24 hour recovery issue. Or, even better, if you have a hybrid approach where you have local data protection on disks, but use the service provider only as your disaster site, then you can do most recoveries off of a local disk. Again, you can get up and running quickly with backup as a service, but you need to ensure that you can recover.
With respect to access controls, if the data is to be shared among users, then it will be important to have levels of access control beyond just “administrator” and “user”. Granularity of access control is one of the areas where online services differ from each other so up front investigation is important.
As for security, it’s generally not an issue but always a question to ask. The data, at a minimum, needs to be encrypted both in transit and at the service provider site. There also has to be security so that other organizations do not have any way of accessing your data. Again, this is generally taken care of, but it is always important to ask and be comfortable with the answer.
Many of the services available offer encryption. Fewer offer integrated authentication, or single sign-on (SSO). Simplifying authentication is important for any high utilization service. Otherwise, the login complexity can cause help desk calls and poor adoption of the service.
Finally, a discussion on SaaS would not be complete without mentioning Web 2.0. Most Web 2.0 sites are a form of SaaS. The key here is collaboration. A great example of this is a Wiki, a website that can be quickly edited by its visitors with simple formatting rules. Someone can create a Wiki for a purpose (such as writing this article) and others can comment, make changes or provide background information. Everyone has access to this information anytime and from any location.
The beauty of using a Wiki from a service provider is that it can be up and running for a new project in minutes and no special access or VPNs (virtual private network) need to be created. SaaS will move from being a more efficient way for SMBs to run complex software to being a more efficient way to collaborate as Web 2.0 solutions take shape.
So does SaaS make sense for SMBs? The answer is yes—at least for certain types of applications. Applications that are expensive to configure, manage and keep up to date are ideal candidates for SaaS offerings. However, for applications that have high data transfer requirements, such as backup where you may need to get a large amount of data back quickly, SaaS solutions are not always a good fit, unless you have local and guaranteed access to the data. SaaS will continue to grow and should be evaluated carefully for each application.
George Symons currently serves as CEO of Yosemite Technologies. Mr. Symons joined Yosemite from EMC, where he served as chief technology officer for Information Management, responsible for defining EMC’s product and technical strategy. He also played key roles in the integration of Legato enterprise backup and recovery products and Documentum content management software into EMC.