How to Succeed at SaaS – Part 1
With cloud computing gaining more trust and therefore more popularity, so have SaaS based software solutions. These solutions deliver software via the internet with cost and flexibility advantages, making SaaS solutions attractive for software products delivered online.
SaaS solutions bring their own challenges. Due to the nature of the internet and its inherent risks, SaaS solutions need to be specially designed to withstand a variety of risks ranging from unpredictive performance to security concerns.
When it comes to SaaS solutions, security must not be an afterthought. In my opinion, security must be designed and implemented first, then the solution’s business functionality. Never the other way around. By building the security into the solution, you mitigate risks inherited with the use of the internet before they arise.
The mention of security risks is not meant to discourage you from creating a SaaS solution, but rather to prepare you and your application for sustainable success by not underestimating one of the most important areas of SaaS. Your application will be attacked and exposed to performance issues beyond your control, prepare for it.
Unsurprisingly, the advantages of SaaS bear much resemblance to the advantages of the cloud, including:
• Ability to push updates continuously without noticeable interruptions.
• Many SaaS solutions include self-tuning features, reducing maintenance and support costs.
• Under normal circumstances, SaaS solutions provide predictable spend.
• When designed properly, SaaS solutions are elastic and scalable.
• Little to no installation issues.
Disadvantages of SaaS solutions include:
• SaaS requires external connectivity
• You need to surrender some control. SaaS applications inevitably experience performance issues and possible outages related to the cloud infrastructure, and these will be out of your control to mitigate
• Security issues and potential attacks inherent to internet may now affect your business
• Continuous review of your cloud configuration options and pricing is required to ensure you are using the optimum cloud provider products and configurations for your SaaS solution
Throughout my countless experiences creating custom SaaS solutions, I have discovered the following approaches to be best practices:
1. Security is first, business functionality is second – encrypt all passwords, configuration files, data and settings. Secure it as you code it.
2. Secure your network data transport. Avoid self-signed certificates and always use a reputable and commercial digital certificate with public and private keys. Use client certificates for authentication and identity management.
3. Secure your on-premise end points. Ensure all deployed end points, components, and agents are as secured as your SaaS code.
4. Secure your source code. Ensure your source code is in a secured location with restricted access. Your SaaS security secrets will be easily revealed if unauthorized persons gain access to your source code.
5. Properly design your cloud infrastructure. Consult with an expert to design your cloud infrastructure including security that spans to all cloud components .
6. Design for high availability and add disaster recovery options. Most cloud providers will offer products and services which allow you to host your SaaS solution on high availability platforms. Also, when properly designed, it is often easy to add a disaster recovery option to your SaaS and avoid unplanned outages.
7. Harden the code. The cloud is unpredictable and so will be your SaaS application’s performance and reliability. Never assume things will go as planned. Ensure your code is hardened by implementing retry, delay, and wait algorithms to minimize surprises and maximize user experience.
8. Leverage other SaaS services such as databases, message buses, web services, etc. When using a cloud provider such as Microsoft Azure, many available PaaS and SaaS services are available which make it much easier to use by another SaaS solution. Many of these solutions are self tuning and therefore require very little to no maintenance. Examples of these services include Azure SQL Server, Azure Service Bus, Azure Security, etc.
9. Reduce any dependencies on virtual servers, with Functions or Containers. I recommend the use of functions such as Azure Functions and or containers to reduce the server administration and maintenance burden.
10. Log all activity and capture all metrics. As with any traditional application solution, it is important to maintain application logs and record all metrics to identify issues and bottlenecks.
11. Configure your SaaS solution as dynamic as possible and not just hard code it like a traditional application solution. By pushing dynamic configurations, you can easily add, change or remove application functionality.
12. Use DevOps tools and methodologies. Ensure you fully automate your build and deployment environments for your SaaS solutions. Also, I recommend implementing an agile style development methodology to allow deployment of continuous updates.
In conclusion, I think SaaS solutions are the way to go if your application requires an architecture that is accessible from anywhere. SaaS leverages the cloud to achieve scalability, performance and low need for support. Going SaaS creates a tradeoff by which you leverage the features of the cloud, but you also inherit its risks. I believe the risks are mitigated by following best practices, especially in security. SaaS solutions, when properly architected, can keep up with usage demand and can also be accessed from anywhere. SaaS also eliminates installation and file versioning issues as opposed to deploying on premise. Just know that not all applications are good SaaS candidates. I will discuss this topic in more detail in Part 2.
Emilio Chemali, Director of Business Intelligence & Analytics, MRE Consulting, Ltd.
Emilio is a technology subject matter expert, respected thought leader and CIO100 Award Winner. With over 18 years of experience, Emilio has helped clients in multiple industries create business value through Business Intelligence, Data Analytics, DataOps, DevOps, IoT, Application Integration, Enterprise Mobility, Enterprise Architecture, Software Development, Infrastructure Management, Cloud Strategies, Server Virtualization, and Application Performance Tuning initiatives.
Click the link below to download the PDF version.