Software as a service (SaaS) is an extremely popular approach for managing applications from development to database to deployment. The benefits of SaaS include reduced hardware procurement expenses, less maintenance, and easy management with remote developers and users.
But there are hidden risks with SaaS applications. If your cloud service provider has not completely discussed contingency planning and disaster recovery with you, it may be time to have that discussion before it is too late.
The following are several key points to discuss with your SaaS provider and possibly include in your service level agreement:
Database integrity – if your application utilizes a database, your SaaS provider should have clustering or replication policies in place so that in the event of database corruption a restore can take place in a matter of minutes.
Recovery – most provider agreements will recover data without any additional expense if the error originated from the provider. However, if there is user or developer error that caused the corruption or deletion of data, your provider could charge for the recovery work. Make sure you are clear on the policy and any additional expenses that might be involved.
Backup frequency – understand clearly how often your software and data is backed up. Some backups are very frequent, while others may occur nightly or weekly. Clarify what data is most important and how often it should be backed up.
Storage of backups – a good benchmark for most software applications is to keep a rolling six months of backups filed. Depending on your specific situation, you may elect to keep more or less. Discuss with your provider the number of backups to retain and the period of time to keep.
Objects and other tertiary data elements – discuss with your provider all of the various data elements that could be needed including custom objects, metadata, report definitions, graphics and other pieces of data. All of these extra elements should be backed up – some more often than others.
Security – Understand the authentication process and what security measures are utilized by your SaaS provider. If important business intelligence is to be trusted in the cloud, there should be iron-clad security in place to make sure only authorized persons have access to your information.
Proprietary code – if you develop proprietary code that is integrated with application software, confirm with your SaaS provider that your code is owned by your company and is not available to be shared or copied.
Levels of support – most SaaS providers have different tiers of support that are available. Evaluate the levels of support and determine what you will need along with the resolution time expectations.
Upgrades – understand the procedures that your SaaS provider will follow for software upgrades and enhancements. You may need time to test an upgrade with any custom code before deploying to your production environment. Your provider should be flexible and allow ample notice before an upgrade is applied, but it is best to have the upgrade policy as part of your agreement.
As businesses become more dependent on cloud services and SaaS options the importance of solid disaster recovery practices becomes mandatory. Keep your business applications safe by covering all of the bases with your provider.