Over the past few years, IT has been defined by the shift from on-site to on-demand, as more and more normally in-house resources and responsibilities are offered as a service by online providers.
Software-as-a-service (SaaS), in which centrally hosted software is sold on a subscription basis, has given way to the era of everything-as-a-service (XaaS), where the ‘X’ can stand for absolutely anything a business needs, from software, hardware, processing, data management, security and networking to communications, HR and marketing.
Thanks to lower costs, virtually no capital investment and the speed at which solutions can be deployed, migrating everything to an ecosystem of specialised services run from the cloud has enabled start-ups to get off the ground with just a few hundred pounds, and given small businesses the ability to do more with less. But for larger enterprises, the story isn’t quite such a fairytale.
Many are finding that the XaaS approach comes with more risk – and are stalling at the contract stage. ‘Increasingly, employees want to consume services in the same manner whether they are inside or outside work,’ says Paul Cash, managing director at service management software provider Fruition Partners UK.
As a result, he argues, the benefits of IT’s approach to service delivery should be extended throughout the enterprise with an XaaS approach, resulting in cost savings, increased productivity and improved user satisfaction.
> See also: Is 'marketing-as-a-service' hype or reality?
‘While IT is often thought of as a department that is difficult to work with, it is far more serviceoriented than has traditionally been portrayed and is already demonstrating the value of XaaS,’ says Cash. ‘Businesses are moving in the right direction, but there is still some way to go given that 78% of organisations say they aren’t fully utilising self-service technologies.’
Handing over the baton
So what’s holding back enterprise from going all-in with their cloud providers? Paul Griffiths, technical director of the advanced technology group at application performance firm Riverbed Technology, argues that the primary risk is the unknown.
‘You can walk up to a restaurant in town and view the menu to see what is on offer and at what price,’ he says, ‘but even if you like what you see, unless you have been there before, you are taking a risk.'
'With XaaS, the 'unknown' is not just the details behind what is on the menu, the price, or how it is prepared and served. Companies also need to be assured that the security of all aspects of the service meets their requirements and any industry regulations they must comply with.’
The availability and performance of the services will also be critical. ‘Should anything go wrong, the simple fact is that you will have all your eggs in one generalised 'as a service' basket.’
For this reason, says Griffiths, the ability to be able to detect or, even better, predict such events is vital.
‘With such visibility comes a level of control that enables you to alert the business, react accordingly to maintain operations, and ensure that, from a service level agreement (SLA) perspective, any remuneration is swiftly settled.’
One perceived risk is that, for enterprises that currently run IT services in-house, it can seem like losing an element of control. But as Richard Blanford, MD of managed cloud provider Fordway, explains, the benefit is that by the process of discussion and migration to XaaS you are better able to define and refine what you actually want.
‘For standardised services, you also have to accept the offered SLA rather than what you might want, but in most [XaaS] cases SLAs are generally more robust, albeit less detailed, than in-house SLAs,’ says Blanford.
No magic wand
Assuming that cost benefits are the reason behind opting for XaaS in the first place, reputation should be one of the first concerns in choosing a provider, argues Griffiths – the reputation of the XaaS vendor, and the reputation of the enterprise customer.
‘Choosing a reputable vendor with a proven track record may seem challenging in the early stages, but there are recognised names in the marketplace for enterprises to approach,’ he says. ‘Without a proven track record or backing from recognised industry brands, the enterprise choosing that lesser-known vendor may be putting their own reputation on the line.’
But every business is different, and even the best supplier won’t know yours inside out from the start. As with any contract, there should always be an expectation of shared risk.
‘XaaS customers must realise that their supplier is not going to know exactly how the customer’s business operates down to the smallest detail from day one,’ says Griffiths.
‘Despite having done plenty of data gathering and analysis in order to build up a picture of how things work, you don’t know what you don’t know. A prospective XaaS customer must take the time to assess how their existing infrastructure behaves and interacts with its users and applications.'
If they find gaps in their knowledge or learn that they sometimes struggle to diagnose and solve IT-related problems when they occur, how can they reasonably expect their new XaaS vendor to magically be any better?'
'Of course, simply moving to an infrastructure based on XaaS may well mean that things run more smoothly and previously experienced issues can be avoided, but that shouldn’t be seen as a given.
A shared burden
Moving to the cloud doesn’t negate the need for proper due diligence and security precautions.'
In Blanford’s view, one of the top concerns should be supplier risk management, which is reliant upon the supplier’s financial security and terms of contract. The good news is that this is a standard corporate capability, he says, but it may not be a capability of the IT function.
‘You have to take responsibility for asking the service provider to deliver the appropriate levels of information security, and need to measure and audit the supplier yourself to ensure that the relevant security is applied,’ he says. ‘You, as the customer, need to independently manage the service and monitor it against SLAs yourself.’
You need to have an audit function to ensure that the service is and remains fit for purpose, adds Blanford, and independent service monitoring and management, either in-house or contracted through an independent third party, to ensure the supplier actually provides what they are contracted to.
‘Remember that you are dealing with an independent commercial organisation, so you need to ensure that your interests are aligned,’ he advises.
‘The service will not always be perfect, but if you make a huge issue out of minor things then that won’t help.’
Being aligned to ITIL really helps as this is what most suppliers use for IT service delivery processes. If your processes are aligned, or you are happy to adapt them to best fit the supplier’s best practice, it will make the relationship considerably easier. And it’s important to remember that suppliers are used to working in a certain way, which is normally optimised to support the service you are buying, and have to deal with multiple organisations.
‘If you demand bespoke changes, it is likely that your costs will increase and your service levels reduce,’ Blanford warns.
The risk-benefit analysis
Handing over your services to an outside provider can appear to be a risky business, and the prospect of managing a whole new kind of relationship with that provider can seem like hassle. But actually, the real risk to digital businesses is not taking on XaaS, argues Cash.
Research from Fruition Partners in 2015 found that businesses’ failure to adopt existing technology to enable XaaS could be costing UK plc £1.52 billion. ‘As such,’ says Cash, ‘can businesses really afford not to embrace XaaS, and not only miss out on cost savings, but on the productivity and efficiency gains that it delivers?’
The growing XaaS trend is the perfect opportunity for CIOs to be the ‘enterprise‘hero’, he adds. Having established the benefits of SaaS solutions and automation for IT service delivery, CIOs can demonstrate the ROI to the rest of the business.
However, with over a third (37%) of CIOs thinking the majority of other business areas do not believe they can learn from IT, it is something of an uphill battle. ‘IT departments and CIOs have been delivering technology-driven service for many years, and have a service-oriented mindset as a result.
Communicating this to the rest of the business will allow them to see that implementing XaaS isn’t a huge risk as the proof of concept already exists, and has done for many years.