Maintaining Business Continuity With Mission-critical SaaS Applications

SaaS applications are universal features of the modern business world. Unfortunately, they don’t always come with the guarantees that they should.

No matter what kinds of software your clients license or use, they run the risk of massive failures if they don’t offset their dependency on vendors with viable backup plans. From data center disasters to software providers going under, your clients’ reliance on third-party tools endangers their day-to-day operations and ongoing profitability.


The Risk Defined: What Happens When Software Disappears?

Continuity is vital to doing business. Your clients’ customers won’t simply give them a pass because their software wasn’t working on a particular day or because they got hacked. Although most companies are diligent about securing their own internal systems, they expose themselves to the mercy of fate when it comes to their software vendors.

The dangers of ineffective continuity planning are all too real. Some sources estimate the amount of revenue lost annually to IT downtime to be in the $26 billion range.

The history of IT continuity planning is also riddled with examples of huge companies dropping the ball. For instance, Hurricane Sandy shut down the New York Stock Exchange in 2012, and as recently as 2008,  Google Apps suffered major outages. The IT world has certainly come a long way since those dark days, but such events still underscore the need for corporate continuity planning that ensures companies can keep functioning after they lose vital services and SaaS components.

Effective Methods of Fighting Back

Good continuity planning strategies are continuous. Threats and risks change, so companies must regularly update and reassess their outlooks on disaster preparedness. There are many potential strategies for increasing your odds of organizational survival in the event that mission-critical tools suddenly vanish into thin air.  Here are just a few:


Improve Your Data and Networking Practices

Healthy networks are vital to any IT deployment, but adopting smarter practices might also improve your SaaS-specific continuity plan. If your vendor offers you the ability to host your own version of their software tool, then you should ensure that your data center has robust strategies for backups, restorations, and risk-prevention. In the more commonplace arrangement where the vendor provides hosting, then you may want to opt for product versions that include some form of disaster mitigation.

Business continuity revolves around reducing the fallout from disaster events. If you’re able to rapidly get back up and running because you distributed resources to different server farms and used robust software, for example, then a DDoS attack might not have as much of an impact on your operations. Likewise, the loss of a permanent vendor could be easier to work around because you minimized the impact of the catastrophe by using third-party hosting, such as Amazon Web Services.


Start Using Source Code Escrow

The previous methods solve some problems, but they don’t address the losses of continuity that occur when vendors shut their doors. To get around such problems, software users typically negotiate service-level agreements, or SLAs, that include software escrow provisions with a reputable software escrow agent.

Software escrow is a mechanism where an impartial third-party of technical professionals maintains access to stored versions of the software’s source code. If the vendor goes down permanently, the licensee can still access their preferred applications. Such arrangements also assuage most vendors’ fears that their licensees might steal or otherwise abuse their source code while they’re still around.

Although license holders historically used software escrow for apps that weren’t in the cloud, they can apply similar principles to SaaS solutions. Some SaaS escrow providers even cater directly to vendors, which allows them to offer escrow as a standard service benefit.


Making Software Escrow Work

From a client’s perspective, it’s important to hammer out the details of escrow terms in the SLA. In addition to ensuring that they’ll be able to access the software escrow’s contents following a disaster, licensees need to hold their vendors to certain responsibilities. For instance, they must update the source code in the escrow on a routine basis, and the veracity and usability of said code should undergo periodic testing and surpass build verification checks.

Escrows function best when they contain healthy codebases, so it’s vital that your clients negotiate comprehensive SLAs. Such agreements are especially important when working with SaaS tools, which have different risk factors from those of traditional software.


Make Sure You Can Access Vital Information

After an emergency occurs, minimizing recovery time isn’t the only important task on your licensees’ to-do lists. Their customers and partners will be just as concerned with their ability to restore personal and user data.

SaaS data escrow is similar to source code escrow, but instead of retaining application code, third-parties hold on to the information that apps and web services generate or employ. This form of escrow makes it possible to recover user and state data in a range of loss situations. In addition to covering their bases should a vendor go bankrupt, licensees gain the ability to restore data integrity following records corruption events. Asking a vendor to provide on-demand access to application data and database snapshots is also a good way to implement effective information governance practices.


Improving Your Clients’ Continuity Plans

Of course, no continuity method is completely flawless, but many users have rewarding experiences with combined approaches. Some rely on a combination of open-source and escrowed proprietary code to ensure that they can avoid complete downtime following loss events. Others focus on maintaining their own internal safety practices and mechanisms to minimize the risks that their SaaS deployments face. No matter which approaches they favor, your clients will be best served by SLAs that support their chosen strategies.