Real World Risk Management and the Business Value of SaaS

Source: http://blog.brivo.com/bid/39552/Real-World-Risk-Management-and-the-Business-Value-of-SaaS

This week, Brivo hosted an Executive Roundtable to better understand customer considerations when they choose to use the cloud to host business applications. A select group of participants, representing a broad mix of DC-area IT and physical security consultants, who consult with various federal and commercial clients attended.

SaaS Case Study

We met with decision makers from Montgomery County (MD), government, Brivo’s home county, who shared their reasons for moving a large portion of their departments’ business applications to SaaS.

What Type of Applications?

Some of Montgomery County’s SaaS applications include:

• Electronic patient care
• Human resources (for hiring and reviews)
• Crime reporting
• PCI (Credit card)
• Security team services

Scrutiny

It was interesting to hear about the reality of decision making around risk and compliance when using a technology strategy as a lever to achieve business goals.

Cloud technologies that offer different ways to support business and serve customers invariably receive close scrutiny, especially the application list above, because large amounts of personal data must be protected while complying with a wide array of important privacy and compliance laws.

The Montgomery County case study fueled much conversation, particularly in regard to mechanisms to protect sensitive customer data and the associated risks in doing so.

Business Reasons for SaaS

Technololgy and cost are not the only reasons to use SaaS. In Montgomery County’s case, a mix of business, financial, and security reasons drove their decision to outsource applications to a SaaS provider:

• Lower total cost of ownership
• Speed of implementation
• Reduction or elimination of capital expenditure
• Shared risk by the provider
• Disaster recovery and high availability
• Equal, or better attainable security

Raising the Bar on Security

Smart practitioners who understand and identify real-world enterprise risk know that there is frequently a gap between prescribed levels of security and the actual security posture. So how does a county close gaps during a time of budget pressures and declining tax revenues without sacrificing institutional knowledge?

Superior Performance for the Dollar

SaaS technology offered Montgomery County a way to better mitigate risk while significantly reducing capital expenses. Maintenance fees previously paid from the operating budget now fund SaaS subscriptions for applications that deliver modern IT-related services to the county and better meet the expectations of businesses and residents. In addition, the SaaS solutions freed the County’s security staff from managing hardware and applications to focus on providing better services to their internal and external constituents.