Save content
Have you found this content useful? Use the button above to save it to your profile.

Opinion: Don’t overlook the risks of Cloud Computing

8th Jul 2009
Save content
Have you found this content useful? Use the button above to save it to your profile.

Cloud Computing or software as a service (SaaS) is being touted as the pay-as-you-grow solution to the current economic problems. But Haseet Sanghrajka of ST Consulting urges prospective users to look more carefully at issues such as security, data ownership and service level agreements.

Small and medium-size companies are being lured by the promise of a software delivery approach that removes capital expenditure and promises consistent monthly bills. But how can they ensure they are getting the service they are paying for?

Financial incentive

Good quality broadband internet provision has made it possible to offer software as a service - or what is now known as the Cloud Computing model. Organisations no longer need in-house IT expertise as they can offload their on-premises applications to hosted providers. This approach gives users web-based access to programs that would previously have been beyond their financial reach.

Taking capital expenditure out of the equation and paying a fixed monthly fee is understandably attractive at a time when organisations of every size are looking to retrench and cut down costs. With SaaS, companies no longer need to pay for unused licenses if people are made redundant. There is also no need to worry about unexpected costs or disruption from software upgrades as the application host will ensure that all users are supported on the latest technology.

However, life, and technology, is never that simple. The Cloud Computing market is in its infancy. Suddenly organisations that would never normally be at the forefront of technology adoption are rushing headlong into SaaS - often with suppliers that have no pedigree or experience. Organisations that usually adopt a low risk approach to IT are embracing the hosted model without undertaking in depth evaluation of the strategy.

Without a doubt, this is recession-led decision making that appears to equate low cost with low risk.

Understanding service

But just how low risk is SaaS? Any emerging market, without clear standards and expectations, will have its problems. To fully appreciate the risks, companies need to evaluate a range of financial, technical and service-based issues.

Underpinning the move to SaaS must be an understanding of the “service” that is being delivered. Often the service will be bought from a value added reseller who will then use a hosted supplier to manage the data.

User organisations need to consider the distinct aspects of the service, from data centre uptime to application break/fix procedures. Does the service provider also offer consultancy and training – and at what price? If additional facilities such as test area are required, can these be provided and, again, how much will they cost?

Which supplier is responsible for which components of the service? And what about the link between the customer organisation and the hosting centre? This link needs to be secure and resilient. Users will also need a service level agreement (SLA) with the communications provider, and possibly two providers to ensure there is some built-in redundancy; this facility is unlikely to be included in the SaaS cost quoted.

In addition, many of these hosted centres are located across the world, creating issues of data protection. What is the business implication of storing customer and supplier data on another continent? If the application is hosted in the US, has the US government the right to look at that data? If problems do occur, would the contract only apply in the UK, or come under the jurisdiction of the hosting centre? 

These are complex issues that small businesses simply will not have the time or resources to thoroughly research. Yet failing to understand the implications of a move to a service-led contract could be extremely damaging.

Losing control

Information security risk assessments typically flag up concerns about security and reliability, but some Cloud Computing customers may not realise that the data could be owned by the hosting provider. So any problems with payment, for example, could result in either temporary or permanent loss of essential data.

The issue is particularly important when it comes to ending a hosting arrangement. Few organisations will contemplate exit strategies when signing up with a new supplier, but it is important to understand just how data will be extracted at the end of the agreement. Will the company be required to invest in expensive extraction tools or simply have to resort to dumping reports into text files just to retain the data?

The online upgrade routine also takes control away from the user. While SaaS ensures the system is always up to date, this may well cause more problems than it solves for many smaller companies, who probably won’t actually need the additional functionality.

Upgrades may occur at inconvenient times of the month or year for that business – creating the risk of downtime as a result of poor change management processes. It is increasingly common to hear news reports of incidents where software upgrades and patches have had a knock-on effect on reliability at Cloud hosting centres.

In addition, under this model the software cannot be changed, making it more difficult to customise an application or integrate it with other systems in the business.


The idea that smaller organisations can now run the business without internal IT expertise is compelling, especially when Cloud Computing provides access to finance, ERP and CRM applications that would have been far too expensive under the on premises model. With growing numbers of vendors and their partners moving in this direction, the options for renting software are growing rapidly.

But this is a market in its infancy. There are moves to develop standards in data hosting, which is good, but until the SaaS model has gone through a few development cycles, the market will not clearly understand the pitfalls, or work out just how to address them.

From bandwidth redundancy to the strengths of service providers, organisations cannot afford to underestimate the complexity of this model. This is Cloud Computing and an understanding of the components and quality of the underlying service should determine whether or not SaaS is the right direction for each business.

Haseet Sanghrajka is managing director of ST Consulting, a Microsoft Gold Certified Partner which specialises in the delilvery, implementation and support of Microsoft Dynamics GP and CRM applications.

Replies (12)

Please login or register to join the discussion.

By jasonholden
08th Jul 2009 15:05

This argument is no different to when affordable desktop software first became available to the SME in the late 80s.

The same scaremongering was used although in a different way when trying to move clients from pen and paper to desktop based software, what if what if …

As a lot who move onto SaaS will do so with their accountants then I assume their accountants like us will have gone into all the issues raised:
• Server uptime agreements
• Access to data etc should vendor go out of business
• Access to data should client leave
• Where servers are held and therefore data protection
• Security of data, etc etc

The list goes on and I can assure you we went through it with the assistance of IT client companies and then got assurances from the CEO of WinWeb Stefan Töpfer.

I do agree though there may be others out there who are not so seasoned and therefore you could fall foul.


Holden Associates
A Blog for Small Business

Thanks (0)
By tcrowhurst
08th Jul 2009 16:30

Risks of Cloud Computing
I couldn't agree more - due dilligence is key. Dealing with upgrades and the like are always disruptive but they can be managed by a strong service level agreement. There are obvious questions you need to ask like: Where does your data reside? If it's in the US and an upgrade is done outside office hours when is that - UK time or US time? Check also whether you can have the data hosted by an independent hosting provider such as Rackspace which means that if you have an issue with your provider you have you application and your data separate. Some providers offer hosted and on premise solutions where you can test the software in a hosted environment and then move to an on premise solution.

Thanks (0)
By mkcdavies
08th Jul 2009 23:04

Is this helpful or spreading FUD (fear, uncertainty, doubt)?
The headline is FUD because it gives the impression that cloud computing is inherently high risk. What about a comparison with the risks associated with installing and managing your own software? Especially for smaller organisations who can't afford the level of infrastructure and security offered by a good quality cloud computing provider.

Undertaking due diligence on prospective suppliers always makes sense, so to that extent the article is helpful in stating some important things to consider, but none of these are new and they are written about regularly.

The FUD factor rises again with the statement that "this is a market in its infancy", again giving the impression that it's yet to be properly tried and tested. That's patently untrue! There are many suppliers who have been delivering their solutions using cloud computing for over 10 years and they've built up a proven track record through many "development cycles".

This article needs more balance in order to avoid misleading the reader into believing that cloud computing is scary/risky/unproven. In reality cloud computing is based on real software, running on a real server farm, in a real secure environment, using real high performance hardware and a real high availability infrastructure, with real backup hardware and power supplies. Best of all, you can really use it via the internet from wherever you happen to be at any time, and it's often provided at an outrageously low cost compared to traditional software.

The relatively recent availability of ubiquitous broadband internet access at reasonable cost has helped to fan the flames of cloud computing, with many new entrants in the market. These new suppliers may be in their infancy, but cloud computing is not an infant, it came of age a long time ago. If you are risk averse, simply look for evidence that the supplier has been around long enough to build up a credible customer base and a proven track record.

Thanks (0)
By jasonstamper
09th Jul 2009 12:19

Cloud is not SaaS
Cloud computing and SaaS are not interchangable terms, in my opinion. I set out exactly what cloud is and what it is not in this special report I wrote for CBR magazine:

I believe it behoves the consulting industry to get these terms right, because using them as if they are the same only adds to the confusion surrounding cloud computing.

Thanks (0)
09th Jul 2009 13:24

"The scarecow" by Michael Connolly
Anyone read this. it is an excellent read - but it has a disturbing sub plot concerning cloud computing.!!

Thanks (0)
By BryanS1958
14th Jul 2009 15:57

And don't forget user friendliness!
I've only tried one SaaS, this is at the smaller end of the market - Kashflow, but it hasn't been a very good experience:
- Pages take ages to load compared with desktop software such as QuickBooks, so you need to make sure your broadband is fast. Ours is quite fast for most purposes.
- Reports are limited, no pre-set report dates such as last month, last financial year, etc,
- endless going in and out of pages because you can only have one page open at a time. So if you are doing a bank rec you and notice an error you have to go out of the bank rec, into the bank payments/bank receipts/supplier payments/customer receipts, amend and then go back to the bank rec., go to the next error and so on and on and on. Without multiple windows it's like going back to the dark ages!

I've had a look at a couple of other SaaS programs, they look as if they suffer from the same problems, but I cannot confirm because I have not used in practice.

Thanks (0)
By redsq01
14th Jul 2009 16:42

Saas and Cloud Computing
Why on earth would anybody in their right mind outsource a key support of their business operations to somebody in Timbuktoo.

You might as well give Fred Goodwin the keys to the Bank of England.

(1) What happens when your data gets sold to the mafia?
(2) What happens when the broadband is down for the whole afternoon? Invoicing and Dispatch afternoon for example.
(3) What happens when somebody else hacks into the server architecture and starts using it as a DVD distribution network
(4) What do you do when the HMRC says - hey lets just hover up all these accounts in this cloud and see how they stack up against the tax returns. Run a quick bot over them and "step this way"

I hope all you little business guys know a good class-action lawyer

Thanks (0)
By Mark Hutchinson
14th Jul 2009 18:30

Balanced view - SaaS Vs Traditional Hardware/Software Vs AbSD (A
There are currently 3 main application delivery models available...

Traditional Hardware/Software........e.g. on site
SaaS (Software as a Service)........e.g. managed hosted applications delivered as a service
AbSD (Appliance based Software Delivery)............on site managed applications delivered as a service

The following article on our blog explains the benefits/advantages/risks of each approach.

I agree with the majority of comments above and this isn't a straight forward case of SaaS is bad and Onsite is good......I have dealt with many SME's who have had insecure, unreliable, not fit-for-purpose, out of date on-site solutions.......however for many as long as they can see the server in the corner of the office there is a false sense of security.

Hope the article helps.

Best Regards

Mark Hutchinson

Thanks (0)
By roysharp
15th Jul 2009 09:24

Just another thought
As with most "new" ideas there are lessons which can be learned from older technologies and previous experience.
In terms of cloud and saas, they are basically moving processing, data or both to a remote location. So your telecoms (broadband) and networking move up the priority list.
Things to bear in mind are: the speed and reliability of the broadband connection; do you have any limitation on usage; what's the contention ratio (how many users does the telecoms company route through your connection).
When server-based processing became the big thing (many moons ago) suddenly companies found that their networks weren't powerful enough or took more managing.

These are not negatives, just an indication of some of the changes to your 'critical' list when considering operating reliability, business continuity, and speed.

Roy Sharp

Thanks (0)
By redsq01
15th Jul 2009 09:42

Loss of Control and the initiation of another cost process
As Mr Sharp suggests it is always valuable to learn from history.

As he suggests there are many technological impediments to the successful implementation of remote computing, a number of which I experienced a recent visit to a client in such a predicament.

I wonder where this ubiquitious broadband fantasy comes from for example? There are simply too many variables involved for SAAS.

If you regard your business data has any value at all, why would you let somebody else look after it? Like giving Bernie Madoff your money.

I have some experience of the fad for corporate "outsourcing". This has not proved to be terribly successful. Why?

(1) Innovation is severely constrained over time
(2) Cost savings prove illusory as a new cost set is incurred in the management the relationship between the outsourcer and the outsourcee, a process which eventually becomes parasitic on the resources of both parties.

Step this way for large legal bills over contractual disputes.

Thanks (0)
By mkcdavies
15th Jul 2009 23:06

Too extreme to be believable
Some of the comments made above, in particular those made by redsq01 (whoever you are - could be Sage?) are past their sell by date. If everyone thought the same, innovation and progress would be stifled.

The fact of the matter is that things have moved on. The ubiquitous availability of broadband at reasonable cost, allied to modern day application development techniques and up-to-date security protocols, mean that web-based systems are completely viable and reliable.

Ah, but what about the vendors themselves? What if they were to go bust? All of this has been covered elsewhere. I, for one, have given a detailed comment here. Look at it this way, the likes of E&Y, KPMG and Vantis would not rely on us if they considered us to be a risky proposition.

The reality is: Many thousands of companies and practices are already using web-based accounting and getting a lot of benefit from it. They have lower costs and find the tools and accessibility to client data give them greater efficiency than traditional software, enabling them improve the bottom line and offer a better service to the market.

The good online accounting suppliers provide an operational and support infrastructure that no SME could ever match. Put simply, their data is safer in the data centre than it is on their own computer.

It really is a "no brainer" for most SME's to go down this route instead of taking on the overheads of buying, installing, maintaining their own software and data.

Mark Davies

Thanks (0)
By Richard Messik
16th Jul 2009 10:51

FUD to the nth degree
I agree with Mark. As a major user of SaaS and Cloud Computing, I don't recognise any of the concerns raised above. The essential issues for any system whether it is in the cloud or on premise are that:
1. It does what it is meant to do efficiently and effectively.
2. The cost is commensurate with the return and
3. As far as Cloud computing in all its forms is concerned, proper due diligence is undertaken as regards the security and reliability of the provider.

There is no doubt that a proper SaaS system is both cost effective and efficient and provides for far better interaction with ones clients than onpremise software can.

If there have been less than satisfactory experiences with SaaS providers that is more down to the nature of the software than fault with the concept.

Thanks (0)