Every so many years the paradigm shifts from internally hosted content and applications to managed services and eventually finds it’s way back again. Back in the 90’s application service providers were all the rage and quickly diminished with the dot com boom. Today that shift is back and is moving towards “cloud computing.”

One popular aspect for consumers of cloud computing is Software as a Service (SaaS). These services are typically a subscription based service that run on a pay by use or time based schedule. This is great for businesses that want to adopt a technology quickly and consume low overhead. These services are increasingly allowing small businesses the opportunity to compete with large corporations where they were not able to in the past. Technology can be a great equalizer, but just below the surface of some services can loom hidden cost and risk.

Consider a credit union that nGenuity recently consulted for. The banking application they use that allows them to do all critical banking transactions, is a hosted application. This application is accessed over the Internet via a Virtual Private Network (VPN). This is a great solution for them, or at least they thought so up until it stopped working. In a blink of an eye every business transaction at that credit union stopped. Even though there was money in the vault, they couldn’t give it to customers because “the computer system was down.” This does not make for happy customers. The question they forgot to ask, like so many companies, is “what do we do if this doesn’t work?”

Let’s take a look at a few ways you and your business can avoid getting into the same situation

Critical Business Functions:

Identify the technology and resources your business requires to do critical functions. This exercise will be a lot easier for smaller businesses than larger ones. In each business, as more technology, staff, roles and functions are added, the more complex the dependency matrix becomes. A third-party that knows and understands the risk that technology can bring to businesses can help quickly rank risks and identify ones that may be missed by the inexperienced professional.

Service Level Agreements (SLA):

Whenever you lose control of your information and/or infrastructure to a third-party, always have the proper service level ageements in place. 100% uptime (while not impossible) is impractical and hard to achieve most of the time. Realize that the service will fail and be unavailalbe sometimes. Make the third party responsible for that downtime. This compensation should be proportional to the loss your business will receive due to the down time. Consider lost customers, income, and productivity as some of the metrics when calculating this value. You have to motivate that third-party to give you stellar service and the only time to do this is before you buy the service!

Business Continuity Plan (BCP):

Write down the process for doing business when the technology or resources to support those critical business functions fail or are unavailable. Make this process as simple and straight forward as possible. Do not stop there. Train and enable your employees to handle these situations without the aid of management or somebody technically trained. Finally run mock scenarios (fire drills) to give your businesses added confidence in being able to handle a disaster.

“If we hear, we forget; if we see, we remember; if we do, we understand. ” –Proverb

It all starts with asking the simple question “What happens if this breaks and we can’t do business?”