Successful Implementations of Software as a Service (SaaS).
Presented in 2nd year of Bachelor of Science in Software Engineering (BSSE) course at Institute of Information Technology, University of Dhaka (IIT, DU).
2. Group 2
BSSE 0502 – Jobayer Ahmmed
BSSE 0509 – Minhas Kamal
BSSE 0518 – Sauvik Bhowmik Anik
BSSE 0521 – Md. Atikur Rahman
BSSE 0523 – Shahriar Mohammed Ishmam
BSSE 0535 – Khandaker Mamun Ahmed
November 18, 2015 2
3. General Electric
•A multinational conglomerate corporation
•Builds appliances, lighting, power systems and many other
products
• Supplies healthcare technology like medical equipment,
diagnostic tools
• Maintains an enormous supply chain with almost 500,000
suppliers around the globe
November 18, 2015 3
4. H. B. Fuller Co.
•A Chemical Manufacturer Company
•Inherits a payroll system which required expensive
customization
November 18, 2015 4
5. Need of the Company
• Accurately track and make sense of all of the supply chain
interactions with the suppliers
• Critical data (like- contracts, compliance initiatives and
certifications) need to be stored and managed centrally
• All data need to be accessible across the globe
• Ensure the security of the data
• Create a common supplier base
November 18, 2015 5
6. Need of the Company (continued)
•A system that is easy to use and install
•Unite all data into one central repository
• A system of Multilanguage capabilities
• A system of self-service functionality to the suppliers to
manage their own data
• A cheaper system
•Configuration instead of customization
November 18, 2015 6
7. Existing System and Its Problem
• Rudimentary capability
• Did not provide one central repository of data
• Could not offer Multilanguage capabilities
• Did not have self-service functionality to the suppliers to
manage their data
• Was expensive and hard to operate
November 18, 2015 7
9. What is SaaS?
• A software distribution model in which applications are
hosted by a vendor or service provider and made available to
customers over a network, typically the Internet.
• Applications are hosted in the cloud.
• Vendor is responsible for security, maintenance and
reliability.
November 18, 2015 9
10. How SaaS Solves the Problem?
• Keep track of all suppliers and products
• Does not need to concern about data security
• Provide multilingual capability
• Common supplier base view
• Global Access
• Suppliers can manage their own data
November 18, 2015 10
11. Benefits of Using SaaS
• High Adoption
• Lower Initial Costs
• Pay as You Go
• Painless Upgrades
• Seamless Integration
• Scalability
November 18, 2015 11
12. Risks of Using SaaS
• Usage Risk
• Data Security Risk
• Regulatory Risks
• Operational Reliability
• Vendor Viability
• Legal Risks
November 18, 2015 12
13. Impact
• Improved Service Standard
• Increased Managing Capability
• Developed Level of Control
• Opportunity of Expansion
November 18, 2015 13
Accurately track and make sense of all of the supply chain interactions with the suppliers.
Critical data like contracts, compliance initiatives, certifications need to be stored and managed centrally.
All data need to be accessible across the globe.
Ensure the security of the data.
Create a common supplier base.
A system that is easy to use and install.
Unite all data into one central repository.
A system of Multilanguage capabilities.
A system of self-service functionality to the suppliers to manage their own data.
A cheaper system.
High Adoption
SaaS applications are available from any computer or any device—any time, anywhere. Because most people are familiar with using the Internet to find what they need, SaaS apps tend to have high adoption rates, with a lower learning curve.
Lower Initial Costs
SaaS applications are subscription based. No license fees mean lower initial costs. Having the SaaS provider manage the IT infrastructure means lower IT costs for hardware, software, and the people needed to manage it all.
Painless Upgrades
Because the SaaS provider manages all updates and upgrades, there are no patches for customers to download or install. The SaaS provider also manages availability, so there’s no need for customers to add hardware, software, or bandwidth as the user base grows.
Seamless Integration
SaaS vendors with true multitenant architectures can scale indefinitely to meet customer demand. Many SaaS providers also offer customization capabilities to meet specific needs. Plus, many provide APIs that let you integrate with existing ERP systems or other business productivity systems.
1. Usage Risk
Usage Risk refers to the risk your organization is incurring based on how you are utilizing a specific SaaS app. The 2 (and perhaps most important) considerations are:
Is your organization using this cloud app for a critical business function?
Does this app store sensitive data?
If no to both of these, this specific app can immediately go on the 'low risk' list. For example, if an app is being used to manage get-togethers for employees with pets, and it stores pictures of kittens playing with yarn...move on to the next app.
2. Data Security Risk
Once you understand how your organization is using the SaaS app, you can move on to data security risk. While Usage Risk focuses on how your organization is using the app, Data Security Risk focuses on how theservice provider is handling your data.
Here are some pertinent questions in this risk area: How is the SaaS provider handling your data? Is it encrypted in transit? At rest? Are there app controls in place that determine how your data is stored and who can view it? (For a more comprehensive list of questions, download this 50 point security checklist for SaaS apps)
3. Regulatory Risks
Companies that are subject to the Sarbanes Oxley rules must be careful that adequate controls are in place by SaaS vendors to satisfy regulatory requirements. Failure to do so can leave a company open to fines, lawsuits, and other penalties that can result.
Combating the regulatory risks usually involves getting a SAS 70 Type I or Type II audit report. A type I report documents the security practices of an SaaS provider that are intended to safeguard corporate data. The Type II actually tests the controls that are in place by SaaS companies.
A SAS 70 audit report that documents adequate security practices on the part of an SaaS company can usually satisfy reporting requirements under Sarbanes Oxley.
4. Operational Reliability
With SaaS, users are at the mercy of their service provider. This means that risks with SaaS can involve inadequate uptime performance, service degradation during vendor maintenance, inadequate disaster recovery capabilities, software quality issues and security procedures, all of which should be addressed during contract negotiations.
5. Vendor Viability
SaaS customers should not overlook one of the most significant risks with SaaS—service provider viability. SaaS customers depend on the existence of their providers for virtually every routine business operation, meaning that if an SaaS company is financially volatile or encounters civil or criminal legal complications, all that company's customers can potentially go down the drain.
While operational reliability issues can usually be addressed through contractual agreement, the effects of a failed SaaS partner are more difficult to mitigate. Many companies seek to create an escrow agreement that allows the customer to store backups of their software and data to guard against the danger of service provider failure.
The only problem with an escrow agreement is the downtime an SaaS customer faces while scrambling to put the servers and other infrastructure in place necessary to operate their software.
Perhaps the best way to deal with the SaaS provider survivability issue is to thoroughly investigate the provider's legal and financial standing prior to signing a deal.
6. Legal Risks
When implementing SaaS, the legal risks should be fully understood and addressed. For example, jurisdictional control over data transmitted across state lines or international boundaries must be understood. Similarly, when an SaaS client is found liable for damages resulting from the unavailability of corporate data, the compromise of client information, the dissemination of malware, etc., the degree of that liability can be passed on to the service provider should be clearly understood.