Jeff Kaplan, Managing Director of THINKstrategies ( and founder of the Cloud Computing Showplace (, says:

Moving your legacy application to an on-demand, Software-as-a-Service SaaS model has never been easier, but it is still isn’t simple. In fact, with the proliferation of cloud alternatives the options have become even more confusing. And, if you make the wrong choices it could adversely affect your SaaS solution performance, hurt your company reputation and make it even more difficult to succeed in an increasingly competitive marketplace.

So, here are the top eight things you should consider when evaluating your cloud alternatives:

1. Public, Private and Managed Cloud Services

The first consideration is what level of Infrastructure-as-a-Service (IaaS) is necessary to support your SaaS app. For some applications, which don’t demand stringent security safeguards, basic public cloud services might suffice. For others that involve storing sensitive data, more secure private cloud services might be a better fit. Flexibility is an important consideration as most SaaS apps are not written with a cloud infrastructure architecture in mind. Therefore, SaaS vendors should be able to host their offerings on whichever type of IaaS option best fits their business needs. And, SaaS vendors needing extra help monitoring and managing their IaaS operations should consider managed cloud services.

2. IaaS Architecture

Underlying the three primary cloud service alternatives is service delivery architecture which supports the IaaS. This architecture must be highly elastic, scalable and resilient to enable the service provider to support a widening array of SaaS apps in a cost-effective fashion, and to pass these economies along to the SaaS vendors. The IaaS architecture should leverage the latest innovations in virtualization, multi-tenancy, load-balancing, etc.; permit self-provisioning of the public cloud services; and enable rapid deployment of the private and managed cloud services.

3. Manageability

The cloud service provider should utilize a management platform to monitor its operations and optimize its performance, which gives the SaaS vendor equal visibility into the availability, security and cost of its service delivery systems. This management dashboard should report issues and provide real-time status reports to ensure the cloud service provider is meeting its SLA obligations and to demonstrate its service transparency. This same reporting system should also be extensible to enable the SaaS vendor to report its performance to its customers as well.

4. Security & Certification

The biggest fear and objection to SaaS solutions is security among corporate decision-makers, both on the business and IT sides of the organization. Their security fears generally fall into three areas:

  • Is my data safe from hackers?
  • Is my data partitioned from other SaaS customers?
  • Can I get my data back if my cloud service provider has a problem or I decide to change providers?

The cloud provider should have the latest security protection systems in place and an automated method to continuously update its anti-virus and other security software applications. It should also have state-of-the-industry encryption, single sign-on (SSO), authentication, monitoring, alarm/alert and reporting systems. These software security systems should be augmented with appropriate physical security measures which ensure that the cloud service provider’s facilities are also properly protected. The cloud provider must also have trained staff to administer these security systems, and formal policies in place to govern how they operate.

The most important way to prove that the cloud service provider possesses the right security systems, skills, policies and procedures is through testing and documentation which are verified by a series of industry recognized certifications. These certifications start with SAS 70 which affirms that the cloud service provider has the appropriate policies and procedures in place to provide reliable security on a continuous basis. PCI certification is essential to safeguard credit card transactions. And, HIPAA is an example of an industry-specific certification which is critical in the healthcare environment.

5. Disaster Recovery, Back-up and Recovery

Regardless of the IaaS architecture and the number of certifications in place, every cloud service provider can potentially experience a disruption to their operations that can adversely impact the SaaS vendors that rely on their services. Sometimes these disruptions are caused by natural disasters or other outside causes not in the vendor’s control. In either case, it is essential that the cloud service provider has sufficient disaster recovery, back-up and recovery systems in place, and has properly instructed and encouraged SaaS vendors to take advantage of these safeguards. Once again, successfully activating these systems requires more than software automation. It also relies on skilled and experienced staff to quickly deploy and implement the disaster recovery, back-up and recovery systems.

6. Technical Skills and Support Services

While many cloud service providers can boast about their technical architectures and service delivery technologies, few can demonstrate that they have the necessary support systems and qualified staff to guide SaaS vendors through the migration process, work with them on a daily basis to ensure that their specific IaaS requirements are being met and quickly respond to and resolve issues as they arise. In fact, THINKstrategies firmly believes that IaaS architecture and service delivery systems are becoming commoditized and it is the quality of a cloud service provider’s tech support that is the key differentiator that sets one provider apart from another.

7. SaaS Ecosystem

THINKstrategies also believes that the best cloud service providers are creating partner ecosystems which encourages them to share innovations and best practices. This type of ecosystem can accelerate their software development processes, strengthen their service delivery capabilities and strengthen their position in the market. The best type of partner ecosystem is that which is built around open rather than proprietary architectures and operating models.

8. Sales and Channels to Market

And, one of the most important benefits that a cloud service provider can offer SaaS vendors is a vibrant channel to market for their solutions. Most cloud service providers serve three constituents: small and mid-size businesses (SMBs), enterprise organizations and SaaS vendors. Smart cloud service providers are creating online marketplaces which enable their SaaS vendors to sell their solutions to the cloud service providers’ SMB and enterprise customers.