04 Feb Visions: Peter Coffee says SaaS will require new skills from IT departments
The IT department isn’t dead, but it needs to grow in a different direction. So says Peter Coffee, director of platform research for Salesforce.com, which provides customer relationship management (CRM) and other application services over the Web.
Coffee, former technology editor for eWeek, now helps promote the concept of software as a service (SaaS) to the IT community. In a wide-ranging interview with WTN, he held forth on SaaS as a transformational technology that could change the way IT departments are organized.
He also addressed some of the ongoing doubts that CIOs have about SaaS. Many executives do not want to relinquish control of certain systems and data. In WTN’s soon-to-be-released survey of IT leaders, 22 percent named SaaS as one of the top three technologies that will be part of their implementation of IT strategy in 2008.
Coffee rejected the assertion that the IT department is dead, popularized by author Nicholas Carr and IT trade publications. Even though Carr proposes that it is companies like Salesforce.com who will be the beneficiaries of a shift to outsourced “utility computing,” at the expense of IT, Coffee sees a more synergistic outcome.
“The IT department is not dead,” Coffee said. “The IT department needs to become a more sophisticated evaluator of new opportunities.” In particular, he said, IT needs additional competency in evaluating and administering service agreements, as opposed to hardware, networks, and applications.
More broadly, Coffee doesn’t see SaaS or “utility computing” as a total replacement for current IT. “The technologies that people call dead are not dead,” he said. “They are stable, they are mature, but they are not transforming people’s ideas of how they do business.”
Coffee casts SaaS as a transformational technology – not just for IT implementations, but for IT purchasing.
“Web services are the most successful revolution of the IT buyer community against the self-serving IT vendor community that we have ever seen,” Coffee said, casting web interfaces and standards as a factor that makes it no longer necessary to settle for proprietary data formats.
To him, interoperability goes back to the Internet’s roots. Not to its roots in a military network designed to withstand nuclear attack, but a different origin.
“If you actually go back to the original recollections of the people who came up with the basic idea, it was something much more mundane than that,” Coffee said. “They were in government operations where you had to do open procurements.”
Proprietary systems with their own communications protocols were causing problems because each pair of different systems required a one-to-one, custom connection. As the number of different systems grew, this was unmanageable. Creating a network based on standard protocols allowed larger numbers of systems to talk to each other.
The standardization process continued over time, leading to the World Wide Web and the ubiquity of the browser. Despite the rise of web applications putting more emphasis on the web browser, however, Coffee doesn’t see the browser as being overly special in the long run.
“The whole thrust of where we see people going is writing applications that do something very useful, very specific, and take advantage of some of the resources of the client device and take advantage of the back-end API,” Coffee said.
One-half of Salesforce.com database transactions are now performed through its programming API rather than directly through a web browser, Coffee said. While those transactions could be coming from third-party web applications that are also run in a browser, they could be coming from anywhere – from desktop applications, mobile applications, or back-end systems.
Coffee also sees the networked nature of these applications as having the potential to improve overall deliverables with less duplication of effort because of the growth of a web “ecosystem.”
“If a company like Akamai comes up with a way to improve performance of network applications, software as a service providers and their clients can benefit without duplicating that system,” he said.
Part of Coffee’s job is to respond to doubts about SaaS as an industry and as a model for application delivery. Despite its enthusiastic uptake in the vendor community, spurred in part by Salesforce’s early successes, many CIOs still have concerns around security, control in general, customization, and access.
Those concerns may take time to be alleviated. SaaS is not just a technology; it’s a different way of managing IT that, as Coffee put it, requires IT to shift more focus to evaluating service agreements and managing vendor relationships, as control over the actual hardware and software leaves IT and everything depends on vendors’ ability to deliver on the promises they make. Intuitively, security is not either better or worse with SaaS but depends on the vendor’s ability to secure their systems.
Some concerns are easier to address than others. When the network goes down or business travelers are on the road, web-based applications are out of reach, but in the former case, “If the Internet goes down today, doesn’t your whole business go down anyway?” Coffee asks. His position is that the priority in the office will be getting network access back.
Potentially more troublesome is the traveling scenario, where neither Wi-Fi and cellular Internet access is accessible everywhere, even though coverage is improving.
Coffee pointed to technologies such as Google Gears, a browser extension that allows parts of web applications to run locally, and Adobe AIR, which allow desktop applications to be developed using web technologies, as potential ways forward for the industry. Each of these early-stage projects incorporates a way for data to be stored locally and could provide offline functionality, as well as providing more integration between web and desktop applications.
The uptime of the SaaS vendor is another potential concern. Salesforce.com, responding to the embarrassment of well-publicized outages starting in 2005 and continuing in 2006, launched a web site called trust.salesforce.com, on which it publishes its current and historical system status.
Other concerns include security and the fact that company data is being stored in externally controlled and managed systems. The perception of risk, Coffee said, is skewed, in that “almost invariably, data breach and data leakage occur when someone with authorized access to that data abused their privileges.”
Finally, Coffee said, if a company knows it wants to treat certain sensitive information differently, it can keep control over that information on a selective basis.
“If some data and logic just has to be stored locally, then store it locally and communicate via the network to the external service,” he said. “I don’t have to make an either-or choice.”