Make sure your online SaaS vendors are appliance-capable

We’ve all been hearing pundits rave about how SaaS (software as a service) is the next wave of technology (mainframes, desktop PCs, and client/server systems being earlier waves). I certainly agree that software running “in the cloud” is a great idea for lots of reasons. However, companies in general, and healthcare enterprises particularly, need to be careful putting any mission-critical data into the hands of other firms no matter who they are.

By now most of us have probably heard that the Microsoft Windows Genuine Advantage (WGA) system that verifies users have valid Windows licenses went down for over 19 hours on Friday evening and began to disable operating systems around the world. This service, which Microsoft explains is an “entitlement solution” is usually a good idea for businesses with lots of client PCs to manage but if the outage would have lasted into Monday it would have wreaked untold havoc (even more than any dangerous virus would have). Millions of PCs would have been told they were no longer “authentic” and been told to disable themselves.

So, what does this have to do with healthcare? Well, lots of healthcare IT firms are selling SaaS solutions (WGA is also SaaS). As long as the network is working things are fine but if the network is having problems or the vendor is having server issues, business literally stops. You need to have worked out backup plans for what you’re going to do if your business critical online app suddenly becomes unavailable. Will you go to paper? Wait until it comes back up?

Another problem with SaaS is given your data over to another firm — and then the firm going out of business. What happens to that data? Will you ever get it back? In what format and will it be usable? What about if their servers get hacked and your data is modified? If you are a regulated entity, will their policies about data loss affect you?

My strong suggestion is for everyone who is doing any business with online vendors is to ask for their appliance strategy and roadmap and if they don’t have one, think twice. What that means is that if they have created great software to “run in the cloud” they should be able to create a version that runs on an appliance (basically a server) that can be installed within your own datacenter or IT closet. By getting the same software and running it locally you get the benefits of online access but without losing control or being at anyone else’s mercy. If you run the software in your environment it costs you a little in power and IT management but if the data is important enough and the job the software is doing is mission-critical then it’s certainly worth it.

If you’re dealing with a reputable vendor with a good technology strategy they should be able to give you some ideas of what their appliance strategy (if there is one) looks like. If they don’t have an appliance strategy, ask them to explain why not and what they will do about an outage, data loss, hacking, etc.

The lesson here is that even a company like Microsoft, which definitely knows what they are doing in the server space and online applications arena, can have business-critical outages certainly the smaller vendors can, too. Better to take a lesson now and be prepared.

Newsletter Sign Up

6 thoughts on “Make sure your online SaaS vendors are appliance-capable

  1. Shahid’s advice is so timely as we are seeing more use of the web through SaaS offerings propelled by the move to Web 2.0 services which are increasing the size of clouds.

    Having designed PACS for hospitals I know the importance of having backup systems in place for those unexpected downtimes and not knowing how long they will be down. One way to deal with the problem is to make sure the backup server is somewhere within your organization preferably in a building other than where the main server is. This server can be dual purpose by partitioning it to handle internal as well as external system outages if it is configured correctly. Also using RAID storage can offer the opportunity to insure a designated time frame of data files is always available even during system outages as long as power to the systems is not interrupted. Don’t be afraid to ask your SaaS vendor to provide this service at your designated site location if you are not capable of doing it yourself.

  2. I whole heartedly agree with Shahid’s main point on SaaS appliance strategy, however, I would have never said in a million year that Microsoft “definitely knows what they are doing in the server space and online applications arena”. Though that latter is a minor point.

  3. Pingback: Trusted.MD Network

  4. Shahid, good points. The issue of out-sourcing critical, but non-strategic platforms like email brings policy concerns and SLAs to the forefront. With Google and Microsoft offering very low-cost email hosting solutions, it may attractive for IT organizations to look at their operating costs and see if outsourced email represents an area of cost-savings. However, if your email management policies are unclear or don’t match those of your service provider, the costs due to unforseen events could be much higher.

    The “cloud OS” is a nice concept, but healthcare organizations that are highly reliant on electronic clinical sysems have to clearly understand the risks and have strong mitigation plans in place. If you’re investing in SaaS capabilities, clearly architect the solution and the round-trip your data will be making. You may need to further invest in redundant Internet connections or as Shahid points out, extend your datacenter operations to include support for vendor-supplied appliance devices so that the cloud is truly transparent: it’s running in your datacenter down the street or in a datacenter across the globe. Just remember to keep your users in the forefront of your mind as you plan these seemingly invisible infrastructure changes.

  5. Pingback: Trusted.MD Network

  6. Uranie Armstrong


    I have been recently looking into getting a software as a service PACS system for our office in an effort to go entirely electronic without breaking our budget. Do you know of a general price range that I could be looking at for a 2 doctor practice? How is the pricing structure generally, flat monthly fee, pay per scan or a combination of both? I find that I am totally clueless the more I read about different PACS systems and ultimately the budget will determine if we can get a system or not.

Add Comment