SaaS is supposed to be ubiquitous, and never go down. But what if the SaaS you are using suddenly goes away, closes up shop, or places the part you are using in an unsupported mode? For some SaaS offerings (such as a game) this may not be a big deal, but for others (such as a CRM) it has huge consequences—ones that can affect your business in subtle and major ways.
Google, for example, has been known to disable SaaS offerings seemingly at whim. It dropped its RSS service for alerts and other options. Those using its RSS service had to find other alternatives. It caused many people to switch to a mail-only alerting scenario, while others scoured the network for other tools, all of which ended up wasting some time to perform. This was a subtle change.
However, if your CRM goes the way of the dodo, then you may have a bigger problem. Consider what would happen if Salesforce shuttered its doors. That would have a major and negative impact on many a business, but only if those businesses did not already back up their data in some fashion, did not have a contingency plan, and did not know how to handle the incident.
To protect yourself, you need three things:
- An incident response plan
- A backup of all data in a SaaS
- A contingency plan
Why an incident response plan? Aren’t those used for security incidents? Simply put, this is the plan you use when anything goes wrong, security or otherwise. More importantly, it is a set of plans covering other things related to outages (either temporary or permanent). We can fall back on our library of such plans to help us over hurdles such as “We tried to log in this morning and nothing happened.” That is an incident, or could be considered one. Or perhaps it is not an outage related to the SaaS, but one related to a hack. In that case, your incident response plan is your starting point.
Why a backup of all data in a SaaS? You would think this would be self-explanatory, but many people consider the backups the SaaS does to be sufficient. You really need a “there and back again” data protection mentality. Place it in the cloud, use it in the cloud, but backup your data on-premises or within a trusted location such as Iron Mountain or the like—a place that has rock-solid rules that allow you to get your data even if it goes out of business. This is your organization’s data; it should be controlled by your organization in some fashion. There are a number of backup tools that work with SaaS solutions, such as Asigra, Datto Backupify, Spanning, and others. Some tools, such as Salesforce, even make it easy to backup your part of their system for an extra fee; a fee well worth spending.
Why a contingency plan? You need to answer a few questions for each SaaS on an ongoing basis:
- Do we still need the SaaS offering?
- Are we satisfied with our SaaS backup?
Those two answers will help with any contingency plan. The pundits agree (see the image to the right) that planning will help if SaaS offerings disappear. If the SaaS offering is no longer needed, then an outage or the SaaS going away should not impact your business. You already planned to decommission it? You have the contingency in place and tools in place to remove access, etc? If, however, you do need that application, then you need to determine a secondary mechanism to handle what the SaaS offering did for you. Those contingencies could be:
- Use a competing SaaS offering, and determine the best way to import your data (you do have that backup?)
- Use an on-site tool instead.
- Determine how to decommission the functionality required in favor of something new and interesting.
- Determine if there is an alternative already in your hands to handle the necessary functionality. Perhaps instead of using a CRM to stay in touch between salespeople, you shift to just using SMS or an internal messaging service.
The goal of any plan is to determine how to keep your business going and growing, even if that requires a manual process. But that cannot be done if you do not have a contingency plan in place, if you do not have proper backups, and most importantly, if you do not pay attention to what is happening to your SaaS providers. Knowledge is your only tool for staying on top of the possibility of disappearing SaaS offerings.
What do you have in place to ensure business continuity if your SaaS provider closes up shop? Do you have such a plan?
Share this Article:
Latest posts by Edward Haletky (see all)
- Common Product Security Questions - November 23, 2016
- Sorry Support: Not Getting My Data - November 18, 2016
- Moving to the Future: Strategies for Handling Data Scale - November 14, 2016