SaaS data loss: The problem you didn’t know you had

Sysadmin blog Software as a Service (SaaS) combined with Virtual Desktop Infrastructure (VDI)-style technologies promise to free us from vendor lock-in once and for all. The consumerisation of IT, Bring Your Own Device (BYOD) and hybrid cloud-based applications are additional marketing buzzwords relevant to this discussion.

Each concept is (on its own) overused mumbo jumbo. At one point or another, these have all been used as a talisman by marketing wonks to promise us the moon on a stick for only $24.99 per user per month. Register readers rightly turn their noses up at the lot of it. Individually these concepts are at best poorly quantified, at worst, career suicide.

Any attempt on my part to discuss these concepts with large enterprise practitioners is met with derision. They will have none of it in their departments; technical discussions aside, they have empires to protect. Consultants working the government, military and enterprise space tell similar tales; they just don't hear of any demand for any of this stuff. If they don't see it, it isn't happening.

Yet unlike previous changes in computing, the cloudy, consumerised BYOD revolution isn't occurring in big biz. Large enterprises, governments and the military already have the ear of the tech sector's established monopolies. When they encounter a problem, their voices are actually heard.

No, the revolution is happening in the trenches. Small and medium enterprises, even consumers are turning their backs on the titans of tech.

Despite the prevailing "wisdom" of both business and IT types alike; most people are entirely smart enough to realize when they are getting a raw deal. More often than not however, they feel powerless to alter their circumstances. In IT at least, this is starting to change.

Individuals and companies are asking themselves: "why upgrade? What I have works fine." A decade ago, we reached the point where desktop PCs had enough horsepower to do nearly anything that the average individual or SME could ask. Sure, the latest software won't run smoothly ... but the latest software doesn't offer a noticeable improvement over what already exists. The vendor push to upgrade is continual, but the rationale is simply lacking.

"Security" is trotted out, but with every version of every operating system, browser and application eventually breached, people just aren't buying that anymore. That dog just won't hunt.

Worse, despite all the best efforts of marketing companies the world over, SMEs are finally learning that it isn't the operating system – nor even the application – that matters. It's the data.

Tech startups just don't cost what they used to. I am seeing SMEs – and even individuals, through organisations like Kickstarter – band together to fund the development of bespoke applications.

If a handful of companies can front the money to pay some programmers, they can start their own software company and spin the code up on Amazon or Rackspace. Payroll, email, productivity apps and so forth are services you can simply sign up for online. Company-in-a-can: just add people.

SMEs have learned the hard way not to get locked down to any particular vendor, so they can write their software in such a way that it can be moved from provider to provider as needed, or hosted locally if it really comes down to it. The data from their newly coded bespoke apps is designed to be portable, and by now keeping a well-documented API is standard practice.

There is always the niggling issue of "What do you do when the network goes out?" In a pure SaaS environment, you're out of luck. Not so good for mission-critical applications where a few hours outage can mean tens of thousands in lost revenue.

Typically, industry-specific applications fall into this category. They are almost always Windows-based, and the development companies are usually hostile to the concept of porting the codebase to something a little more open. These legacy software applications are a worry, but that's where VDI comes in. Toss these in a virtual container of some sort and provide access as needed over RDP, VDI, HDX or what-have you.

Obviously anything served up in this manner is a priority to recode. Microsoft isn't particularly rational about virtual desktop licensing; in the long term these costs will add up to more than the costs of rolling your own.

Hybrid cloud-based apps are the eventual compromise. Applications that can be installed on the local device, but which virtualise user-experience elements such as configuration and data and synchronize that all to some cloudy service somewhere.

Increasingly these are browser-based. Offline HTML-5, javascript, a local temporary data storage backend of some variety and suddenly your application is cross platform. What device you use and from which vendor no longer matters.

Sure, these applications won't be as fast as a native app. They might even be feature-limited in some ways. Yet in nearly every instance this handicap is one that I see SMEs willing to accept.

SMEs have grown tired of vendor recalcitrance, refusal to engage and outright apathy. They are tired of being held hostage by one set of vendors, completely ignored by another and treated as the enemy by all.

A revolution has begun. How it will play out, and who will ultimate capitalise upon it, remain open questions. ®

Steps to Take Before Choosing a Business Continuity Partner