1 / 39

SaaS - Implications for Enterprise Infrastructures

SaaS - Implications for Enterprise Infrastructures. IT Complexity and Cost: a driver to SaaS?. IT Budgets. Enterprise Infrastructure Architecture Principal. I.T. Should be seamless to users and the business Infrastructure Applications Access Helpdesk Physical Location.

rosie
Download Presentation

SaaS - Implications for Enterprise Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SaaS - Implications for Enterprise Infrastructures

  2. IT Complexity and Cost: a driver to SaaS? IT Budgets

  3. Enterprise Infrastructure Architecture Principal • I.T. Should be seamless to users and the business • Infrastructure • Applications • Access • Helpdesk • Physical Location

  4. Comparing sourcing models Shared Resources Flexibility Outsourced Application In house Application ASP SaaS

  5. Comparing Outsourcing & SaaS

  6. Comparing Outsourcing & SaaS *Provider may negotiate individual contract/SLA for large enterprises, but this is not the normal model

  7. You SaaS Provider SaaS: Replacing Challenges • Integration • Identity Management • Data • Operations • Security • Contract Management • SLAs • Compliance • Service Delivery • Service Level Management • Capacity Management • Availability Management • IT Continuity Management • Financial Management • Service Support • Helpdesk • Training

  8. Why should you care? • Some people may be after your head What about our privacy policies: customer and partner data? Um, whatCRM application? Another username & password! Where is the training? CSO I can’t access the CRM application! Helpdesk Are we still in compliance with regulations? Sales Team Lawyers ‘R Us

  9. We are responsible for • Integration • Users: another username, training? • Helpdesk: another application, where is 2nd line, what about password resets.. • Contractual • Lawyers: regulatory compliance • Data ownership

  10. Integration • Infrastructure Integration • Identity Management • Data • Operations • Security

  11. Integration • Infrastructure Integration • Identity Management • Identity and Access Management • Role based access control • Data • Operations • Compliance

  12. Why integrate identity management? • Costs • Password resets • Cost $23 each* • Account for up to 30% of helpdesk calls* • Account provisioning / de-provisioning • Security • Forgetting to de-provision user accounts or reflect job changes • Architectural Principal • Move away from “IT getting in the way of business” *Gartner figures

  13. Identity Integration Options • Active Directory Trust • Widely adopted • Trusts well understood • No need for password sync • Single Sign-On possible • Operates in real time • Proprietary: requires AD in both organisations • Trust is broad: not constrained to certain users • Multiple ports need to be opened on firewall • SaaS provider needs to manage multiple AD trusts • Authorisation in SaaS application still a problem Good Bad

  14. Identity Integration Options • Meta directory (e.g. Microsoft Identity Integration Server) • Extremely flexible (constrained trust) • Password sync may be possible • Scheduled replication • SSO possible, but unlikely • You need to buy a metadirectory product €€ (SaaS provider does not) • May need integration code in SaaS provider • Metadirectory rules are complex and may break if you make changes to your internal directory service Good Bad

  15. Identity Integration Options • Federation (e.g. Active Directory Federation Services / ADFS) • Standards-based (WS-Federation) • Operates in real time • ADFS is part of Win2K3 R2 EE: no additional license • Extremely Flexible: constrained trust and more • Loosely coupled: allowing changes to be made to source and destination directories independently • Doesn’t require “identity” in SaaS application • Not widely adopted yet • Relatively new technology Good Bad

  16. You SaaS Provider Private Namespace Tennant Namespace(s) Active Directory Federation ServicesProjects AD Identities to other security realms User: Fred Job: Sales Employee: 166798 Manager: BobM Office: Oslo User: Fred Office: Oslo Subscriber: Yes Based in Oslo: Yes • Access Granted

  17. You SaaS Provider Private Namespace Tennant Namespace(s) Active Directory Federation ServicesProjects AD Identities to other security realms Federation Server Federation Server

  18. Integration • Infrastructure Integration • Identity Management • Identity and Access Management • Role based access control • Data • Operations • Compliance

  19. Portal Document Mgmt CRM Role Based Access Control (RBAC) Sales Role Author on Account Activity pages Owner for Sales Order Processing documents Manager for Eastern Europe sales teams Michal Sales Dept

  20. Portal Document Mgmt CRM Role Based Access Control (RBAC) Sales Role Author on Account Activity pages Owner for Sales Order Processing documents Manager for Eastern Europe sales teams

  21. Portal Document Mgmt CRM SaaS Role Based Access Control (RBAC) Sales Role Author on Account Activity pages Owner for Sales Order Processing documents Manager for Eastern Europe sales teams Reader on Sales Order Processing pipeline

  22. Role Based Access Control (RBAC) • RBAC + Federation approach • Configure Federation to transform group claims to SaaS Application Cookie: User Group: Org1 Managers Database: Org1 North East Cookie: Group: Managers Region: NE P Authorisation AD Group Member: Sales Managers North East Region SaaS Application

  23. Alternative to Role Based Access Control • Implemented only in SaaS Application • Another (external) application in which you need to perform admin • Do the business get delegated admin of users inside the SaaS app? • How do they include enterprise users in the SaaS app as Federation won't necessarily reveal users in SaaS app?

  24. Integration • Infrastructure Integration • Identity Management • Data • Operations • Compliance

  25. Data Integration • LoB apps are typically islands, but need to share data • EAI • Do you have another application which needs this data? (CRM & Accounting) • Is the data used in a workflow? • ETL • Do you want to do data mining in house? (CRM) • How do you get the data into the “Universal Business Management Tool” (Excel) 

  26. Integration • Infrastructure Integration • Identity Management • Data • Operations • Compliance

  27. Operations Replace text w/drawings • How are helpdesk going to treat the SaaS App? • Not involved at all • Then how do you measure quality? • Ideally add the SaaS Vendor as a 2nd line in the Trouble Ticketing system • Trending/metrics for decision support:- • Is user training needed? • Bugs/poor performance or availability: challenge the SaaS provider • Helps with SLA measurement • “Light weight” integration with the enterprise monitoring system • Helpdesk know of a problem before your users

  28. Integration • Infrastructure Integration • Identity Management • Data • Operations • Compliance

  29. Security / Compliance • Are you subject to regulations? These extend to the SaaS Provider • Industry regulations • SoX, ECB, BASEL II, EMV • Data Protection • EU & USA incompatible • Common Criteria to at least EAL 3 on all layers of the SaaS stack – network, OS, application, Database etc.  

  30. SaaS Infrastructure Integration Checklist (SiiC) • Define and implement an Identity Management strategy • Obtain skills in Federation technology and products • Create an architecture for operations and data integration which supports SaaS Applications • Doing it one by one = quick path to chaos

  31. We are responsible for • Integration • Users: another username, training? • Helpdesk: another app, where is 2nd line, what about password resets.. • Contractual • Lawyers: regulatory compliance • Data ownership

  32. We (IT) are responsible for • Contractual • Operations, operations, operations • Data ownership

  33. Operations, operations, operations • Does the provider follow formal operations frameworks? • Security accreditations? • User training? • Ability to turn on/off functionality • Can you define when upgrades occur

  34. Operations, operations, operations • Impact on business continuity • Can you make brick-level restores? • Is there a charge for this? • What Disaster Recovery or Business Continuity level do they offer?

  35. Data ownership & Compliance • What is “data”? • Do you have any internal policies about customers data • Microsoft policy for Personally Identifiable Information (PII) = no vendor has access to PII without adopting our policy (legal agreement)

  36. Summary • Consuming SaaS in the Enterprise = Integration • Infrastructure • Operations • SaaS has similar challenges to outsourcing • Contracts • SLAs • Multiple SaaS applications introduce a new set of complexities we need to address

  37. SaaS “Keep My Job” Checklist • Identity Integration • RBAC • Operations Integration • Security Accreditations • Contractual SLAs • Data Ownership • WS Data Access Pain/effort • Data Ownership LoB Application Tactical Application

  38. Conclusion • Enterprise LoB Applications delivered as SaaS • Paradigm not yet mature • SaaS Providers • Technology • Software plus Services • Established technology patterns • Windows Update, Hosted Email, Spam filtering.. • Established business model • Reuters, Bloomberg, Antivirus..

  39. Questions?

More Related