Many companies view Software-as-a-Service (SaaS) as a double-edged sword. It offers ideal solutions for age-old problems of business agility and infrastructure maintenance and adds new challenges in enforcing security policies and managing sensitive data.
Still, companies see more benefits than challenges with SaaS offerings with many choosing these over migrating existing solutions or developing their own cloud-native apps. But each company views these benefits differently and carving out their unique cloud journeys.
A recent roundtable discussion on the topic of Moving Enterprise Applications to Cloud: The CIO playbook for enterprise SaaS adoption, participating executives shed new light on the struggles of cloud adopters in Singapore and the different strategies to address the diverse challenges.
Risks management is different
Participants from the onset of the roundtable acknowledged the benefits of cloud and SaaS. “I think there is a big benefit to moving to the cloud, and we are moving our legacy systems in phases,” said Tong Land King, Assistant Vice President, Group IT, Great Eastern Life Singapore.
But participants also noted that how companies view risks needs to change -- especially when sharing part of the risks with SaaS providers.
This change in risk profile means companies need to change the way they evaluate risk, observed Tony Lee, Vice President, Group Business Solutions & Systems, Capitaland.
“With a rapidly expanding business, it made sense to use SaaS-based products. As a consequence, our cloud risk assessment book is getting thicker by the day,” Lee said.
Peter Quek, Chief Information Officer, and Group Director, IT, Cybersecurity & Digital Services, Land Transport Authority pointed out that a transformation plan is necessary to drive the cloud journey. “More importantly, we need to deliver a transformation plan for our entire portfolio [of enterprise apps].”
But Ivan Ng, Chief Information Officer, City Developments Limited noted that cloud conversations have changed at the board level, offering more room to negotiate and embrace SaaS. Part of this change is driven by large enterprises taking a strong cloud-first stance.
“At the very beginning, we were cautious. But the industry has changed, especially with DBS moving to the cloud. So, we were able to the change the conversation at the Board,” he added.
Security continues to challenge
For all participants, security continues to cloud the SaaS picture. “Definitely cloud is important for our work and we are moving to virtualize our workloads. But security tends to be a paramount [concern],” said Adrian Ruzsicska, Global Group IT director, Koh Brothers Group Ltd.
Andy Neo, Vice President, Group IT, Sembcorp Industries advised companies to address these fears right from the onset with the SaaS provider, and not get limited by it.
“Instead, we need to look at the security structure and architecture that is in place as well as data privacy from different region perspectives,” Neo noted.
However, companies are finding new ways to address these fears individually. For example, Abhishek Singh, Chief Digital Officer, RGE Pte Ltd
Where companies struggle, Singh believed, was in regulations. “Specifically, Indonesia and China where we need to have the financial information within the country. It has been a big stumbling block,” he said.
APIs offer another way to handle data security. Some participants even see it as a building block for the SaaS journey.
“The API strategy is a key building block we are now putting in place” because the company does not need to rebuild connectors or build interfaces with new systems. “I can now replace one system with another.”
Understanding data privacy woes
Another potential flashpoint for SaaS deployment lies in data privacy. Differing regulations, higher fines and soaring reputational risks saw many participants becoming increasingly concerned.
“Except for compliance and security, the rest of the cloud proposition is great to us,” said Abdul Aleem, AVP, IT & Group Technology & Application Architecture and Development, Singapore Post.
The main challenge lies in the way personal and confidential information are handled.
Land Transport Authority’s Quek opined that it may be time for companies to relook and reclassify current information. “We need the scale to deliver the information and interface with other public transport operators. So, cloud is very natural [platform] for us to go with. But we also need to reclassify information and improve the cloud capabilities of our internal IT team.”
Chia Ti Yu, Director of Finance, Systems & Projects, Ministry of Finance views data classification as a mandatory process for any SaaS or cloud project. He noted that most of the information that “are categorized as confidential and above cannot go to the cloud.” However, not all information needs to be earmarked as confidential, and companies need an internal strategy on how they view this information.
Also, some information is only confidential for a short period of time. So, companies need to have a process to handle such changes in classification.
“Take land bidding price for example. It is super sensitive, and I will recommend not to put in any system. But there is only a small time window in which it is sensitive; after that it becomes public knowledge,” said City Developments Limited’s Ng.
Adam Krebet, Senior Enterprise Architect at Workday, believed that new solutions are coming online that are helping companies to tackle these issues directly. “For example, people are now moving their identity management to the cloud. If you can automate the identity management, it becomes a business driver.”
Unearthing the hidden SaaS benefits
Despite the challenges surrounding security and data privacy, participants are bullish about SaaS offerings because of the agility it promises. And in today’s dynamic market landscape, the ability to scale, pivot, merge or downscale easily is a huge advantage.
“Agility is important. It allows you to model your organization according to the business needs,” said Sembcorp Industries’ Neo.
Land Transport Authority’s Quek offered a different take on agility. “In the past, to scale your internal systems, you needed a long time as it involves adjustments and testing.” With SaaS offerings like Workday’s, companies can easily make Human Resources policy changes without having to worry about IT capabilities and resources.
Equally important is employee engagement. “You do not only look at customer digital experience but also the employee digital experience. This is where traditional on premise solutions do not do as well,” Quek.
Kristina Boey, Vice President, User Experience (Digital & Technology), Sembcorp Industries shared that employee engagement needs to be seen “from both ends.”
“Currently all our systems are completely separate and that is one big area of concern at the back end. Employees will see this as bad experience. The UI layer comes last. Mapping the whole journey is more important,” she explained.
Capitaland’s Lee sees employee engagement vital for his company’s future. “If employees have a jaded view of their user experience in the company, it impacts the way they want to add more value to the company. Great employees then walk.”
This is where Lee sees SaaS offering a huge advantage. “So instead of internal IT teams trying to become apps developers, we should just put the money where we are good at, and for all other IT stuff we partner.”
For vendors, user experience is a huge challenge as well. “It is not hard to integrate. The difficulty is in sorting out use cases that make sense,” said Workday’s Krebet, who noted that his company is now looking to add natural language capabilities and integrate with collaboration apps like Slack.
Start the journey
Anil George, SaaS Market Analyst – APJ at Workday, noted that cloud means “different things to different people.”
“When you talk about cloud, and how, when and what to move to the cloud, it can get a bit complicated based on each organization’s current state of system landscape” he said.
Cloud native software providers like Workday are making it easier for organizations to drive this conversation. “We focus on the two ‘S’s of the ‘SaaS’ (Software as a Service) word -- software and service. Because when it comes to cloud it is as important to have the right solution as the right implementation support, service level agreements and customer support model,” George continued.
But most importantly, companies need to start the SaaS journey now. “Through this SaaS journey we now know what questions to ask,” said Saw Choo Tatt, Senior Vice president, Technology, GIC Pte Ltd.