I. It's a Sin to Put SaaS Uptime Delivery at Risk
Software as a Service is predicated on continuous and uninterrupted delivery. If the service incurs intermittent or unexpected downtime, business processes break down, user productivity degrades and several customer facing activities may grind to a complete stop.
While most SaaS CRM vendors have impressive uptime records, several do not. Vetting the service providers delivery platform, examining the Service Level Agreement (SLA) and understanding uptime history are your three best methods to mitigate risk of downtime.
Data Center Redundancies
When reviewing SaaS CRM providers, you have to look beyond the vendor and product to also review the hosting delivery infrastructure. To maximize uptime assurance, SaaS CRM vendors should provide the following:
- Serve the application from multiple high availability (HA) data centers. The data centers should be a minimum of 100 miles apart, and preferably located on different continents. Data centers should be mirrored or connected in an active/active mode so that the failure of one will result in immediate fail-over to another.
- Provide redundancy at every delivery infrastructure single point of failure. This means having an inline backup device so that any equipment malfunction will not impair service deliverability. Computer equipment such as routers, firewalls, switches, load balancers, web servers, database servers, SANs and other essential delivery gear all break - that's a fact of life. If any piece of gear in the chain fails to offer inline fail-over to redundant equipment, the risk of downtime goes up exponentially.
- Backup power, including uninterrupted AC and DC circuits to supply equipment and redundant UPSs to protect circuits as well as filter the power feed, compensate for surges, and absorb high-voltage spikes, switching transients, sags, electrical line noise, frequency variations and other conditions that hinder the proper operation of equipment.
- Data center facilities should be equipped with diesel powered generators, a fuel supply reservoir for extended continuous run-time operations and priority contracted resupply agreements with local energy providers.
- Data center facilities should be unmarked, cement fortified physical structures, with protection controls such as mantrap staging areas, multi-factor biometric scanning and card combination access authorization, dual-identification entry systems, facility-wide indoor and outdoor closed-circuit TV, raised flooring, poured concrete ceilings, individually secured cabinets, integrated alarm systems, environmental monitoring and 24 by 7 on-site security staff.
- Diversified telecom and backbone connectivity via diverse fiber entrances, redundant Gigabit circuits with BGP-4 routing to the major Tier-1 providers, fully meshed and redundant fiber optic rings, multiple points-of-presence in various cities and a strong global peering network. I personally only choose data centers which are telecom carrier neutral as I believe multiple carriers in the facility increases resilience, but that's a bit of personal preference.
- Redundant HVAC systems and environmental monitoring to ensure facilities operate between 68-72 degrees Fahrenheit and 45-55 percent relative humidity. Air filtration levels should be maintained at 90-95%.
- A routinely tested business continuity (BC) and disaster recovery plan (DRP). Be aware that a BC/DRP plan without periodic testing in closely simulated situations is worth little more than the paper its written on. Don't be lulled into a false confidence by a viewing a desktop published document in a nicely bound cover. Ask about actual mock trial simulations, the lessons that were learned and the upgrades or changes that occurred from those lessons. FYI, it's nearly impossible to do an effective mock trial and not learn a few things.
Also understand the SaaS providers delivery governance and architecture model. As long as they can articulate their strategy, there's no right or wrong method here, you simply want to understand their vision, strategy and methods. You'll find some data centers have developed their architecture model in a bottom-up, evolutionary process, while others began with an existing framework such as the ISO 27001 standard or ITIL (Information Technology Infrastructure Library) process.
Service Level Agreements
Next, closely examine the Service Level Agreement (SLA). Consider the following:
- Is the uptime guarantee specific and measurable — e.g. 99.999%?
- What's the period interval for calculating the uptime metric — e.g. month, quarter or annual?
- Is 'scheduled maintenance' excluded from uptime calculations?
- How many scheduled maintenance windows does the provider estimate will occur annually?
- How many scheduled maintenance windows occurred last year?
- Is there a minimum advance notification period for all scheduled maintenance related downtime?
- Is there a maximum time period for maintenance windows?
- Does the SLA offer financial remuneration for non-conformance?
- Must the customer request the remuneration, or will the provider automatically deliver it to all affected?
Unfortunately, SaaS CRM SLAs are as broad and varied as the SaaS market itself. While there is little in the way of standardization, it's quite clear that weak SLAs or SLAs without teeth should reduce your confidence of assured uptime.
Lastly, get an accounting of uptime and downtime history for at least the last two years. While a few SaaS vendors publish their uptime and downtime online, most do not. SaaS vendors that can demonstrate a history of solid uptime can be expected to deliver much greater uptime assurance than SaaS vendors with spotty records or who choose not to divulge their downtime history.
The combination of data centers which are hardened against service interruptions from either natural or man-made disasters, SLAs which guarantee financial penalties for non-conformance and strong SaaS delivery uptime histories collectively provide a level of uptime assurance and mitigate service interruptions.
Next — It's a Sin to Put Information Security at Risk >>
While most SaaS CRM providers have impressive uptime records, several do not. Vetting the service providers delivery platform, examining the Service Level Agreement (SLA) and reviewing the vendors uptime history are your three best methods to mitigate downtime risk.