In the World of Software as a Service (SaaS) solutions the hosting of the application is taken care of for you. You don’t need to worry where your data is hosted, or which company the hosting is outsourced to, right? That’s probably not the case. You’ll want to take careful notice of what happens to your data.
In many cases the company you pay for the service isn’t the one that hosts the servers. An example of this is SAP, who’ve signed a deal to host the SuccessFactors suite on Microsoft’s Azure.
It also appears that Workday might be running DEV and TEST in the IBM Cloud with PROD running in Amazon Web Services.
Finally, Salesforce has been moving their internal infrastructure towards AWS for a while.
SaaS vendors have the choice of either running it on their own Infrastructure as a Service (IaaS) offering, or outsourcing it to someone else. However, the alternatives are shrinking with another cloud provider announcing that they are closing only last month when Cisco decided to shutter their $1bn Cloud.
Of course, any time the responsibility for the success of the service that you’re buying is split over multiple companies – each with their own priorities – it introduces risk. Everything becomes harder for the SaaS vendor to manage, not just in terms of manpower and automation, but security necessarily becomes more complicated. Also, when the SaaS vendor’s deal with one hosting partner ends and they choose to move to another vendor, your servers and data will need to be transitioned over. These are activities that the SaaS vendor DevOps teams will be involved in that don’t enhance your service at all and that you don’t have any choice over.
The SaaS vendor I’ve not mentioned so far is – of course – Oracle. Oracle makes much of owning the complete stack for running a SaaS application. It has its own IaaS business and manages the hosting of all of its SaaS offerings itself rather than outsourcing it to another company. This is clearly a simpler arrangement with no between-company conflicts, leading to a more efficient and more secure solution.
I think it’s clear why this is important and which vendor has chosen the best approach.