Posts Tagged ‘Cloud’

Digital and Mobile Magazines – What’s the business value? Are you ready?

August 6, 2011 18 comments

I commute to work by train every day, almost spending 2 hrs on the train. In winter, this may take 2.5 hrs. So I had to spend my time wisely. A year ago, my backpack was a bit heavy!! I carried my laptop, daily journal paper, a novel, a couple of magazines and all the mobile devices (personal & work). That’s a lot!!

Today, my backpack is almost 1/3rd the weight I used to have a year ago. My backpack is light and don’t have anymore back pains. Thanks to iPad, digital newspapers and digital magazines. Today, I just carry my iPad2 instead of all the newspapers and magazines. Not sure how long will I be carrying a laptop…maybe a year or two. I now read all my magazines and newspapers digitally in my iPad. I don’t even need to have strong network connection as I download all the updates at home.

Due to this convenience, I have subscribed to more magazines and newspapers….thereby increasing my knowledge base. Recently I added ‘Zite‘ magazine app to my iPad. This is one of the best digital magazine apps in the market place. You can customize and subscribe your magazine based on your interests and topics. Once you set your profile, this app does all the magic and pulls all the relevant content from all the digital sources in the world. You can share your favorite articles to your social network. This is the future!! I will not be surprised if these type of magazine apps enter the enterprise market soon (just like the Google search appliance). Check out this app!!.

On any given day in the train, I hardly see anyone reading from the “print” newspaper, novel or magazines. Everyone seems to be having either a Kindle, iPad or other mobile tablets and devices. It’s amazing to see how Kindle and iPad have changed the entire publication market in a year. I see kids (including mine) reading more books from iPad.

How can you leverage this digital and mobile technology for business needs? What value can you get?

Digital and mobile magazines offer publishers the advantages of higher circulation, increased revenue, stronger brands and readers coming back for more. With accessing the internet becoming as commonplace as using a smart phone, iPad.. industries of all kinds are finding ways to appeal to customers online. The publishing industry is no exception. Digital and mobile magazines also offer a tremendous experience and value to readers. Your readers will be happy and thank you as they don’t have a carry a heavy backpack!!!

As you may know, the mobile market is growing exponentially and as a result the number of digital and mobile readers is growing as well.

  • Gartner has predicted that by mid 2012, the number of users accessing web from mobile devices will surpass the PC. (My guess, this will happen by end of this year).
  • Gartner has recently decreased the forecast on the number of PC shipments for this year based on the exploding mobile device market and demand.
  • Gartner says by 2015, digital strategies, such as Social and Mobile Marketing, will influence at least 80 percent of consumers’ discretionary spending
  • Gartner says worldwide mobile device sales to end users reached 1.6 Billion units in 2010; smart phone sales grew 72 percent in 2010.
  • Forrester says that there will be 24 Million+ tablets that will be sold in 2011.
  • Nielsen predicts by end of 2011, majority of mobile subscribers in US will have a smart phone. Click here to view Nielsen’s “State of Mobile Apps” report. Great info on mobile trends and statistics.

We recently leveraged this new & emerging technology and launched a mobile magazine (action guide) powered by Texterity’s cloud based platform for ‘Hospitals in Pursuit of Excellence‘. This magazine is a compilation many action guides on various healthcare improvement topics. Check it out @

With the new digital and mobile edition, readers can:

  • Access the information via PC, mobile devices or from any mobile browser
  • Navigate easily throughout the issue via embedded search tools located within the top navigation bar
  • Download the guides, read offline and print
  • Share information with others through email and social networking sites
  • Keyword search of current and past guides quickly and easily
  • Bookmark pages for future references

This is a true example of how you can leverage a new & emerging technology to

enable and transform business

The following videos says it all…

Top Business Benefits and Value:

Increase readership and experience

  • Intuitive Navigation – No learning curve here: the omnipresent navigation bar is simple to master, with easily understood icons.
  • Scanning & Zoom – Quick and easy control features allow readers to scale content to their own comfort level.
  • Rich Multimedia – Offer readers a more robust experience than print can’t give them. Incorporate video, audio, animation and slide shows.
  • Video Channels – Show related videos and video channels without ever leaving the magazine.
  • Embed, Save, Clip & Share – Allow readers to embed, save articles and ads can be saved for future reference without damaging your print copy or accumulating piles of back issues.
  • Search – Readers can search for any key word or phrase in the current issue, all issues, or back issues.
  • Choice of various viewing modes – Let readers customize their viewing preferences.
  • Social Media – Allow readers to share pages instantly on common social media sites such as LinkedIn, Facebook, Twitter, Digg, etc. Readers can also get the latest updates from the publishers via RSS feeds.
  • Forums and Blogs – Integrate forums and blogs that relate to the issue or article, increasing reader engagement within the issue.
  • Off-line Reading – Readers can download one article or the entire magazine and conveniently take it with them.
  • Cover line Links – Super-fast searching and easy-access table of contents. Respect their time by helping readers find what they need.
  • Mobile Ready – Digital editions run on any modern, web-enabled mobile device like the Android, Blackberry and Apple. Access to Google Maps, live phone numbers for direct dialing, latest news, reviews, and videos, RSS feeds for between-issue updates, Community-building tools for conversations, Interactive modules, such as video, slide shows, 360-degree animation and Twitter integration.

Increase circulation

  • Sophisticated Tracking & Reporting – Know exactly which pages readers turn to, how much time they spend on each page, article, or video and where they are coming from.
  • Look Inside – Allows guests to view pages of the magazine to increase subscription revenue.
  • Virtual Blow-ins – Target blow-ins to new online readers to increase subscription rates or to target renewal offers to current subscribers.
  • Social Media & Integration – Get others engaged with your publication, the first step to converting them to subscribers.
  • Virtual Cover Wraps & Belly Bands – Reach pass-along readers with subscription information intact.
  • SEO & Enhanced search engine visibility – Ensures your publication and its content is seen by a wider audience.

Increase revenues

  • Tracking & Reporting – Offer advertisers the benefit of gathering valuable data on a subscriber level about time spent on their ads and click-through rates.
  • Ads/Sponsorships – Link readers directly to advertisers’ offers or videos, another revenue-generating benefit to attract new ad revenue. Provides integrated support for Dart, Atlas and other major ad-serving networks.

Decrease Costs

  • Printing – According to a BPA Worldwide study, over 40% of your current print subscribers may opt to receive your publication online, cutting your print costs accordingly.
  • Postage – Reach a worldwide audience without paying the high costs of postage or passing those costs on to your readers.

So get ready for the wave of digital magazines and publications. It is coming in full force!!

Want to know what the next wave is? Check out the following videos on how restaurants are leveraging this emerging mobile and digital technology to the menus!! (Not sure how the iPads will be kept clean!!)

Appreciate your feedback and comments.

Contact Info



Document Management & Collaboration over the Cloud – What’s the business value? Are you ready for the boomerang effect?

August 5, 2011 2 comments

Are you ready for the fast approaching Boomerang effect?

We are in the fast growing digital, social and mobile age. Consumer-oriented technologies are transforming the way that people communicate and accelerating the spread of information at the speed of light.  These  trends are driving the adoption of consumer oriented technologies in the business world. For example, BYOT (Bring Your Own Technology) is gaining more adoption. This is especially occurring in the mobile device space as more employees want to use their devices at work to get the same ease of use and flexibility.

Amazon recently launched a consumer oriented ‘Cloud Drive‘ solution that allows consumers to store anything digital and access it from anywhere, any device, any time. Apple recently announced their consumer oriented ‘iCloud‘ solution that allows Apple device owners to store anything digital and access it from anywhere, any device (only Apple though), any time. In a couple of months, the term ‘Cloud’ will be commonly used by consumers. Thanks to Apple!! When kids start talking about ‘Cloud’, then we can all say that Cloud is now fully mainstream. Consumers will create content, manage content, share content and collaborate on content through these solutions and will like the ease of use and flexibility to do so.

Cloud based document/content management solutions started within the business world to support various business functions and processes to attain great productivity, scalability and flexibility. This is now entering the consumer space (via Apple, Amazon and others) and will drive more adoption and use of these cloud solutions. Once this attains adoption and wide use in the consumer world, guess what? Consumers will expect to have the same ease of use and flexibility to create content (documents, files,media etc), manage content, share content and collaborate on content at work.

This will drive and increase the need to have a ‘Cloud based Document Management & Collaboration‘ tool in the business world. This is what I am calling it as the fast approaching Boomerang effect? Are you ready for this?

Following are some of the top requirements and challenges that many organizations face today to manage documents:

Top Business Requirements

  • Create & Manage – Create and manage any type of content in an online workspace easily and securely.
  • Access  – Access content from any location, any device, any time easily and securely.
  • Sync – Ability to sync content across content across access points, including offline access.
  • Mobility – Access content on “The Go”.
  • Connect – Connect with others on content and share ideas.
  • Collaborate – Share ideas and collaborate on content with others.
  • Security – Ability to secure content at all levels. Configure access privileges and permissions at all levels.
  • Size – No restrictions on content size limits.
  • Communication – Ability to share links via email instead of the actual files. Avoid the hassles of overloading the email and ftp server and other restriction limits.
  • Integrate – Ability to share and integrate across business applications (CRM, Intranet, Office tools etc)
  • Do more with your content and get the work done easily and quickly.
  • Less training, support and maintenance.

Top Business/IT Challenges

  • Manage file and FTP servers at all locations, 24×7 and within budget.
  • Manage backups and storage at all locations, 24×7.
  • Manage capacity efficiently to keep in pace with the rapid growth of content.
  • Manage network and security infrastructure to maintain integrity and privacy.
  • Comply with many regulations and procedures to safeguard the data.
  • Perform audit operations regularly and provide compliance reports.
  • Perform infrastructure and software upgrades, maintenance and support to all the above.
  • Have 24×7 support staff to manage all the above.

We had many of the above requirements and challenges. We addressed this by implementing a robust “Cloud Based Document Management & Collaboration” platform powered by Box.Net. (Click here for some cool videos). We have been using this solution for 2 years and achieved great business benefits and value across many business ares, functions and processes. I have a listed a few business use cases below that we have leveraged to the full extent.

This is a true example of how you can leverage a new & emerging technology to

enable and transform business

Project Management

Key to manage and complete a project successfully is to communicate and collaborate effectively and efficiently with all the stakeholders at all times. One of the major tasks in any project is to manage a lot of project related documents. Sharing these documents with all the stakeholders in time and accessing these documents quickly and easily anytime, any device and any location is a huge challenge both for the project manager and the project team.

But most of the times, project documents are managed in ftp sites and shared mainly via email as the main communication medium. Email ends up being the main repository for project related information and communication. This result in email overload, dis-organized communication, lack of version control, cannot search quickly, inability to manage action items etc. All this leads to project failures.

You can address this challenge by managing the project in a cloud based document management & collaboration platform and get the following value:

  • Create, manage and share all project related documents in one online workspace that can be accessed from any device, any location and anytime securely and easily.
  • Always view only the latest version of the document and still have the ability to see prior version.
  • Updates to project documents are automatically synced to all the access points.
  • Assign tasks to team members to take action items. User’s tasks are displayed in a Facebook style activity feed. This helps the team to see all the project activity in one simple format (instead of emails) and take the necessary actions.
  • Embed the entire project folder in the Enterprise Collaboration platform. This will provide team members to connect, share and collaborate on project related info, generate new ideas, solve challenges and be very effective. This results in Content + People + Collaboration which is key to a project’s success.
  • Put an end to the email and ftp overload and email as a primary medium for project communication.
  • Focus on the project rather than spending time and effort to manage and find project information.


In any publication industry, managing and sharing different types of content is a huge challenge especially when the file sizes are large. In addition to that, organizing the content, finding the latest files, searching/archiving old files are other challenges as well. Key to the publication industry is to publish the print/online edition in time and within budget.

You can address this challenge by managing all the publication related content/files and process flow in a cloud based document management & collaboration platform and get the following value:

  • Manage and organize content easily and quickly – by type, author, location, ads, logos, images, audio, video etc.
  • Share files with the team without overloading the email servers, ftp servers, senders and recipient’s inboxes.
  • Updates to files are automatically synced to all the access points.
  • Preview various files instantly from the browser, avoid the hassles of downloading the files and not worrying about having the right application on your desktop/mobile device to view the files.
  • Manage and collaborate on files with 3rd party applications through built-in integrations.
  • Provide access to advertisers and agencies to view the files securely and also provide them the ability to upload files back directly to the respective folders. (instead of sharing via CDs, flash drives, ftp etc)

Awards & Nominations

The process to manage and collect the nominations for different award categories is a huge laborious task. The nomination forms are typically hosted in the website. Users download the nomination forms and typically send it via email. This results in overloading the recipient’s email. The award team searches and downloads all the relevant attachments from the email. They then sort it out and send it via email to the award nomination committee members to review all the nomination forms. The award nomination committee team then send back the selected nominations back. All this is again a huge laborious task, consumes a lot of time end effort that doesn’t provide “any” value to the process.

You can address this challenge by managing the entire award nomination process in a cloud based document management & collaboration platform and get the following value:

  • Embed the nomination form in the award site and not sending the form to all via email.
  • Users can preview and download the nomination forms quickly and easily.
  • Create and organize folders by award category and nomination committee team in an online workspace.
  • Upload the completed nomination form directly into the respective folders in the online workspace.
  • Get notified whenever a nomination form is uploaded and see all the activity feed.
  • Share the nomination forms quickly and easily with the committee team via links.
  • No hassles of overloading the email.
  • Access the nomination forms from any device, any location and anytime easily and quickly.
  • Focus on the work rather than spending time in managing the nomination forms.

Mobile Applications

The need for sharing content via mobile applications (especially native apps) is a growing business need. The challenge here is to keep the size of the app to less than 20 MB in order for users to download the app via regular network. For conference based mobile applications, providing access to presentations, resources, case studies and product materials is a huge challenge.

You can address this challenge by managing all the mobile application resources in a cloud based document management  and get the following business value:

  • Create and organize the folders by presentations, resources, case studies and product materials in an online workspace.
  • Manage and find files quickly.
  • Updates to files are automatically synced to all the access points.
  • Embed the files or provide links in the mobile apps. Users can preview the files instantly.
  • Avoid the hassles of downloading the files and not worrying about having the right application on your mobile device to view the files.
  • Share files easily to others via social network tools.
  • Keep the mobile app size less than 20 MB and still provide easy and quick access to all the files.

Board Meetings

Getting all the work done for the next board meeting is a huge task and challenge. There are number of documents that have to be created, managed, shared and reviewed. Once the documents are ready, these needs to be shared to all board members and directors who are geographically dispersed in a quick and easy way. The last thing you want to do is send these documents via email, CDs, flash drives or the worst….print!!!

You can address this challenge by managing all the board related documents in a cloud based document management  and get the following business value:

  • Create and organize the folders by categories, agenda, action items, next steps etc
  • Manage and find board materials quickly and easily.
  • Updates to board materials are automatically synced to all the access points.
  • Provide easy way for board members to view the files. Avoid the hassles of downloading the files and not worrying about having the right application on laptop/device to view the documents.
  • View all the board materials via the native iPhone, iPad, Droid apps.
  • Access board materials from any location, any time and any device securely.
  • Search for information, keyword and tags across all board materials quickly and easily.
  • Get updates and notifications on board related materials.
  • Download materials in a secure offline repository and take notes.
  • Encrypt board materials to maintain privacy of sensitive information.
  • Access and view activity logs of all previews, downloads and updates to maintain integrity and perform audits.

The other business use cases are around legal review of contracts, knowledge base repository, resource library, integrated search capabilities in the websites (web content + documents), accessing documents from CRM and other business applications.

The business benefits and value of having a cloud based document management & collaboration platform is limitless. In business everything revolves around content, documents, files etc. Addressing and improving the management of this will enable and transform many processes and functions and generate true value to the business.

Get ready for the fast approaching adoption of the Boomerang effect!!!

Appreciate your feedback and comments.

Contact Info


Cloud Security, Identity Management & SaaS Single Sign-On – What’s the business value?

July 23, 2011 1 comment

Organizations are now implementing Cloud/SaaS based applications (including PaaS, IaaS, MaaS, BaaS etc) at a rapid pace within. It has become mainstream now!!!

According to Forrester and Gartner, enterprise-wide adoption of SaaS is widespread and has reached a tipping point. 62% of enterprises have multiple SaaS apps today, and that number is growing quickly. As enterprises turn to SaaS as a way to reduce IT costs, new security and compliance challenges are created as confidential data moves across the firewall onto 3rd party systems.

You may or will be facing the following questions/challenges soon…(I did)!!

  1. How do you efficiently manage user access (authentication) to SaaS apps based on their roles & responsibilities?
  2. How do you efficiently manage data access (authorization) based on the roles & responsibilities?
  3. How do you manage authentication and authorization differently for Private vs Public Cloud/SaaS apps?
  4. How do you prevent behind the door access or from an unsecured environment?
  5. How do you centrally authenticate users?
  6. How do you provide a simple and efficient Single Sign-On (SSO) to all SaaS apps from any place, any location and more important from any device?
  7. How do you extend your organization’s access/data policies and procedures to the cloud?
  8. How do you monitor, audit, report and log all access activity for all the SaaS apps – to comply with organization policies & procedures, regulations etc?
  9. How do you leverage existing user identity/infrastructure such as Active Directory, LDAP etc to manage identity management for all the SaaS apps?
  10. How do you bring in and implement more SaaS apps into the environment?
  11. How do you build and manage SSO adapters (both SAML and HTTPS) for SaaS apps quickly & easily?
  12. How do you minimize the maintenance, administration & support of all the above – especially for new employees or when they leave?

You are not alone, we faced this when we reached 10 SaaS apps. We addressed all the above challenges by implementing a robust Hybrid Cloud based Identity & SSO Management solution (from Symplified) for both internal and external SaaS apps (see related case study).

Why Hybrid? It bridges the benefits of SaaS and on-premise security – behind the firewall and close proximity to network security, AD, Private Cloud SaaS based apps.

See related post on SaaS Vendor Evaluation and Selection Process – Framework, Reference architectures, SaaS identity Management

We built and integrated an SSO widget within our Enterprise Collaboration Platform dashboard (see related architecture). This provided an easy and quick way for employees to access SaaS apps based using the network (AD) credentials.

Following is the typical “in the flow” process:

  1. Employees access the Enterprise Collaboration platform from their desktop/Citrix/Blackberry and this sends an encrypted identity of their profile via a NTLM (similar to IWA) challenge. (As the Collaboration platform is listed in the employee’s browser as a trusted site)
  2. The Collaboration platform validates the NTML challenge. This then authenticates the employees to access the platform automatically.
  3. By default employees land on the Collaboration’s dashboard page. (The external SaaS SSO widget  is part of the dashboard).
  4. Employees enter their network/AD credentials into the SaaS SSO widget to access SaaS apps.
  5. This request is then processed by the Cloud Identity/Access Management solution and authenticates employee’s credentials (again) against  the AD server. (This ensures  secuity and integrity)
  6. Employees then see all the SaaS applications to which they have been granted access privileges. (This is achieved via AD policy management).
  7. Employees can select any of the SaaS applications and they are automatically logged into them.
  8. All the above steps are logged and audited for future reporting and compliance requirements.

Benefits & Value

  1. Seamless auto single sign-on to Enterprise Collaboration platform (Social Intranet, Social Business platform) from employee’s desktop/Citrix.
  2. Provided employee’s with a one stop “hub” to single sign-on and access internal and external SaaS applications seamlessly, both SAML-supported and non-SAML.
  3. Increased user adoption of the Enterprise Collaboration platform.
  4. Reduced number of password resets/forgotten passwords for SaaS apps.
  5. Leveraged existing network security (AD) for authentication and authorization. So when employees leave, you can just disable their identity in AD and that cuts-off access to SaaS apps.
  6. Ability to extend SSO & Identity Management to new SaaS apps quickly and easily.
  7. Less or no internal maintenance and support for the entire cloud security & identity management infrastructure – “A true Hybrid Cloud Solution”.
  8. Strong foundation architecture ready to enable access to SaaS apps from employee’s new & shiny mobile devices – iPad, iPhone, Droid etc.
  9. Meet audit and regulatory compliance, policies & procedures.
  10. Met the goal of a robust central user identity repository, access and identity management to address current and future requirements.

A common question that many have raised or may be thinking about – What’s the trade-off between easy access to SaaS apps Vs risk? What are the compelling reasons? The following 5 “value” points should help answer this question.

  1. A single point for access and identity control. Enable (new hire) and disable (termination) access for SaaS apps for employees, temps, consultants etc. quickly and easily.
  2. A single point to log, report and audit all access activities. This helps meet regulatory and compliance requirements easily.
  3. A single point for authentication to all SaaS apps. This helps to leverage the existing AD/LDAP infrastructure.
  4. A single point for authorization to all SaaS apps. This again helps to leverage the existing AD/LDAP authorization policies and extend them to SaaS apps.
  5. Last but not least – be/get ready for the world of “2.0” platforms coming in to the enterprise – web, collaboration, mobile (BYOT – iPad, iPhone, Droid), identity, social etc.

Appreciate your feedback and comments.

Contact Info


Top 12 Questions and Requirements for SaaS & Cloud Vendors – Technology, Security, Identity Management, Compliance, Standards**

July 20, 2011 2 comments

Evaluating, selecting and implementing a SaaS or a Cloud based application goes beyond just the application functionality. This is just 50% of the equation or value proposition. Looking into the other technology aspects of the SaaS vendor is very very important such as Security, Compliance, Data, Identity Management, Integration, Standards, Support, Hosting facility, SLAs etc.

Business has a lot of urgency and temptation to select and implement SaaS applications. As IT we need to help them in choosing the right solution that meets both business and technology requirements. This is where IT can partner with the Business to provide additional value in evaluating and selecting the right SaaS vendors that meets both business and technology objectives. By doing this you can avoid the pitfalls of business selecting and implementing SaaS applications outside of IT.

Following are the Top 12 questions & requirements you will need to ask SaaS and Cloud vendors. This is based on my experience in evaluating, selecting and implementing 12+ SaaS applications and 3 cloud environments over the past 4 plus years.

**See related detailed post on SaaS Vendor Evaluation and Selection Process – Framework, Reference architectures, SaaS identity Management)**

**See Cloud ROI framework from Forrester**

1. Hosting Provider & Data Location

  • Who is the hosting provider?
  • Where is the hosting location? Country, State?
  • What type of infrastructure is used? Hardware, software, operating system, technology platform?
  • Ask for the architecture diagrams for all layers? Business, Application, Integration, Data & infrastructure layer diagrams?
  • Where is the primary data being stored? In order to comply with local jurisdiction, privacy and regulation requirements
  • Where is the backup data being stored?
  • What type of virtualization software is used? VM Ware, Hyper-V?
  • What type of network bandwidth is available (min 100 Mbps) ? What options are available for dedicated bandwidth?
  • What type of scalability is provided for additional computing power – CPU, RAM, Storage? Costs? Time to implement?

2. Data Access, Security, Segregation & Encryption

  • Is it a dedicated or a shared environment?
  • If it a shared environment, how is the data segregated from other shared environments?
  • What type of data architecture is implemented? Diagrams?
  • How is security managed in the shared environment? What controls are in place?
  • Who has access to the infrastructure, hardware, software, data? Ask for specific info on the roles & responsibilities of administrators, profiles, hiring practices etc
  • What application & data access audit logs are available? How often can you get this?
  • How is the primary data encrypted? What encryption schemes are used? Who has access to the decryption keys? How often is this tested?
  • How is the backup data stored? Is the data in raw files or encrypted format? What locations are the backup data stored? Who has access to this backup data?
  • What type of investigative support is provided in cases of breach?
  • Is the vendor is acquired, sold or dissolved? What options are available to get the data? Costs? How is the data wiped out of the environment?

3. Regulatory Compliance

Business is responsible for the data security, integrity and privacy even if it is a SaaS app that is management by the vendor.

  • What types of regulations are being followed complied?
  • PCI & HIPPA compliance? What options are available? How is this managed?
  • How often is this audited?
  • How is this enforced?
  • Ask for availability & access to the audit reports on a regular basis

4. Hosting Facility Security & Compliance

  • Is the hosting facility SAS 70 II (Statement of Auditing Standards) compliant? This is an important requirement as this encompasses all security and regulations compliance?
  • How often is this compliance audited?
  • Auditing and compliance is just 50% of the requirement. It is important to find out how the hosting vendor actively enforcing SAS 70 II controls is & requirements in to their work processes. Ask for this info in detail.

5. Business Continuity & Disaster Recovery

  • What type of business continuity & disaster recovery options are available? Is this part of the standard services?
  • Where are the DR (disaster recovery) data centers locations located?
  • What type of infrastructure exists to replicate and synchronize data between the primary and DR data centers? Is this available in real-time, daily?
  • If the primary environment is down?  How quickly can the DR environment be made active either in the primary or the DR data center?

6. Identity Management, Security & Single Sign-On

  • What type of identity management solution is provided? (See related post on Identity management)
  • Is Single Sign-On (SSO) provided? What types of SSO options are available? SAML, HTTP-Fed, Open Auth etc?
  • Can the SaaS app be integrated with an existing Identity Management system?
  • What type of user store is available? Can this user store be integrated with Active Directory or any other user store database?
  • What type of user security, authentication and authorization options are available?

7. Standards, Policies, Procedures & Frameworks

  • What architecture and technology standards, policies and procedures do you follow and comply?
  • What architecture frameworks do you follow? TOGAF?
  • How do you manage the projects internally? Agile, PMP?
  • What type of professional services do you offer to implement and support the SaaS application? What type of PM resources do you have? Skills, experience, certifications etc?

8. Integration, APIs & Reports

  • What type of APIs and web-services are available to pull and push data?
  • Are the APIs secured and encrypted?
  • Is there an option to access the data directly from the database?
  • What type of reports can be generated or created?

9. Support & Maintenance

  • What type of support is provided? Self-service, email, phone?
  • What are the support times? 24×7, 5 days a week?
  • What are the support response times? Critical, Urgent, High & Low issues/requests?
  • Who provides the support desk and where are they located? How many employees is part of the support desk? Dedicated or shared with projects?
  • Is there a premium support model?
  • What type of monitoring and alerting does the vendor provide?
  • What type of migration and integration support does the vendor provide?
  • Is there a dedicated support manager and account rep?
  • How do you support and manage integration with the customer’s existing SaaS apps?
  • How are upgrades, patches and other maintenance performed?
  • What type of change management & risk management procedures do you follow? How often is this communicated to the customers?
  • Does the customer have any control on applying patches, upgrades and changes to the SaaS app? (this is very important to know especially if the SaaS app is integrated with other SaaS apps).

10 Service Level Agreements (SLAs)

  • What SLAs are available – reliability, availability, performance, issues, requests etc? Penalties?
  • What types of credits are available if SLAs are not met?
  • Are the terms & conditions of the contract tied to the SLAs?
  • Is the exit strategy tied to the SLAs?
  • Is there a regular meeting (monthly/quarterly) to review the SLAs, issues, requests?
  • Who will be part of the SLAs meetings?
  • How are the issues escalated if the SLAs are not complied? Who can we escalate to in the management team?

11. Vendor Management, Product Road-map & Viability

  • Who is the management? What is their experience?
  • Is it funded by a VC firm? Who is it?
  • What are their financials? How many customers do they have?
  • What is the organization structure? How many employees? Where are they located?
  • How many employees are there in the product development & support team?
  • What is their product road-map and strategy?
  • How are they managing their product strategy? Competition, Market, Positioning, Customer requirements? How is this communicated and how often?
  • How do they accommodate customer requirements into their product strategy? Is there a customer advisory council?
  • Do you provide a trial or proof of concept for your product including new features?

12. Pricing & Contract

  • After reviewing the above 11 items, the prices may vary from your initial analysis/requirements (this always happened in my case!!). Understanding the true pricing is very important.
  • What is included and excluded in the pricing? Will you charge for new product features?
  • Are you open to contract negotiations that meet the company legal needs & requirements?
  • What is the minimum contract period? Are there any discounts for long-term contract? Is there an option to exit during the contract and what are the terms & conditions, penalties?
  • See sample SaaS legal addendum

By doing the above, IT can play a valuable partner with business to evaluate, select and implement SaaS or Cloud based applications.

Contact Info


SaaS Vendor Evaluation and Selection Process – Framework, Reference architectures, SaaS identity Management

July 6, 2011 2 comments

Evaluating and selecting a SaaS vendor is more of an “Art” than “Science”. Each SaaS vendor has an unique identity and offers different products and services for different industries.

I am an early adopter of SaaS….back in early 2006 when the SaaS concept was taking shape and new terms such as IaaS, PaaS were popping up. I was truly amazed with the whole concept as it was “truly” different than its predecessor “ASP” model and a “true” pay as you go model.

For every business/IT initiative, I see whether we can go the SaaS way. So far I have evaluated, selected and implemented 12+ SaaS applications across various business functions and processes – Enterprise Collaboration (Socialtext), Social Media(Higher Logic), Document Management (Box.Net), Video Collaboration(Delve Networks), Electronic Fax (Protus MyFax), CRM (Avectra), HR/Payroll(Ultipro), IT Service Desk, Operations & Management ITIL V3 (Numara Footprints), Mobile Applications (QuickMobile), Digital Publications/eBooks (Texterity) etc.

We also ended up going for a Hybrid Cloud based on-premise SaaS solution to address the Single Sign-On & Identity management (Symplified) for SaaS applications. This one was the “Mother” of all SaaS apps. This is a common challenge that many organizations are facing or will face soon as the number/usage of SaaS apps increases. See a related article on Federation 2.0: An Identity ecosystem. I have shared some comments/ideas.

We have also taken SaaS adoption and use to the next level by integrating 4 SaaS apps to provide an unique product and value to the business. For example, we integrated Document Management (Box.Net), Video Management (Delve Networks) and IT Service Desk (Numara Footprints) to our Enterprise Collaboration Platform (Socialtext). Click here to see this architecture.

As business units are free to scan the market, evaluate and select the SaaS applications without IT’s involvement (the frustration and blockers comes in when the SaaS app needs to integrate with other SaaS apps, AD or enterprise applications, it’s too late at that time), we found a way on how to manage this as well. We made IT as a “true” partner for the business and showed/demonstrated how IT can provide value to this process. We have also developed expertise in legal review of contracts (very interesting to review contracts for a change).

Related Posts

Top 12 Questions and Requirements for SaaS & Cloud Vendors – Technology, Security, Identity Management, Compliance, Standards

Cloud Security, Identity Management & SaaS Single Sign-On – What’s the business value?

We implemented a simple SaaS vendor evaluation and selection framework to meet our goals, objectives and needs. Please use this as a sample or for reference purposes.

Vendor Evaluation & Selection

This section covers 7 categories and primarily focuses on the vendor. I use the baseline framework and then customize the items in each category based on the business needs, requirements and product area.

  1. General – management team, financials, strategy, road map, support etc
  2. SaaS/Cloud Computing – service limits, hosted infrastructure, security, privacy, contract, SaS 70 II compliance etc
  3. Legal – Payment Terms – Costs based on milestones, travel expenses etc
  4. Legal – Specifications/Service Level Guarantees etc – Performance standards, SLAs etc
  5. Legal – Warranty, Indemnification – Compliance with laws, industry standards, contract terms etc
  6. Legal -Security – PIC, HIPAA etc
  7. Legal – Miscellaneous – Termination conditions, breach, extensions, options etc.

Click here to see the complete list (powered by Box.Net, our popular SaaS app for document management & collaboration). Assign the weights
based on importance, rank them and total up.

Product Features Evaluation

This section covers 4 categories. Again I use the baseline framework and then customize the items in each category based on the business needs, requirements and product area.

  1. Features – List of all the features that link to the business requirements.
  2. Architecture, Security & Support – Hosted, On-premise, Architecture, Performance, Scalability, Support reqs etc
  3. Integration – SAML or HTTP fed for SSO, Web services, API, database access etc
  4. User Experience – Ease of use, self-services, navigation etc

Click here to see the complete list. This is the sample framework that was created for Enterprise Collaboration Platform project.

With regard to SSO capability, we give a lot of importance to SaaS apps that are SAML capable (Security Assertion Markup Language). This makes integrating the SaaS apps to our internal network/identity management much easier and helps users not to remember one more login/password. (Users hate when they have to remember multiple logins/passwords for different SaaS apps as each has different password policies, I hate that as well!!!). Luckily we don’t have that challenge anymore as we have implemented Hybrid Cloud SaaS based SSO/Identity management application powered by Symplified. We are also looking into Symplified for mobile based access to SaaS apps to meet the growing use of mobile devices by users.

SaaS Reference Model

With many different options available today – Private, public, hybrid cloud based SaaS apps, it is important to understand the benefits, value, pros and cons of each model. Over the past 1 year, a new model “Hybrid Cloud” (part of category 1) is becoming popular as it provides the benefits of both SaaS and on-premise (appliance or VM). Benefits & value – behind the firewall security, better integration to the network system/AD for SSO, close proximity to internal enterprise applications etc. I have implemented 2 SaaS apps (one of them is the Enterprise Collaboration platform) on this model and it’s working out great.

  1. Off the Shelf Application
  2. Custom built application
  3. Hosted application
  4. Custom built, co-located
  5. SaaS
  6. Custom built, Cloud hosted

Click here to see the reference model.

SaaS Legal Addendum

Based on many SaaS implementations, we documented a standard SaaS legal addendum (with legal’s help) that we give it to the shortlisted vendors early on. This saves both the vendor and us a lot of time and helps us to focus more on the product, features, SLAs etc.

Click here to the see the sample addendum.

By demonstrating and showing the above vendor evaluation and selection process to the business, we became a “true” partner to them as we do due diligence on more items (architecture, integration, SSO, SLAs etc). As all the SaaS contracts have to go thru legal, we partnered with the legal team. So if any SaaS contract comes the legal way and IT was not part of it, we get notified and we meet with the business unit and show the above process. This framework is working out successfully and helping the organization as a whole.

Appreciate your feedback and comments.

Contact Info


%d bloggers like this: