The Assumption of Connectivity
At present, I’m sitting (somewhat cramped) on a flight for a partner meeting tomorrow…typically, I travel with one carrier (United) as it makes managing the Frequent Flyer programmes substantively easier (and of greater benefit to me*). For this flight, however, the cost difference and flight time indicated that it would be best to travel via Frontier Airlines.
The seat-back in front of me has a satellite TV link (at a cost that I simply cannot justify). But, conceptually, the idea is compelling. And, whilst bouncing up and down rapidly during a nasty bit of turbulence somewhere over Oklahoma, it brought to mind one of my favourite topics…
The Assumption of Connectivity
One of the blogs that I read, with regularity, is CloudAve. On the blog is an excellent discussion of SaaS Security. The prime thrust is that there is a fair way to go before cloud-based companies are giving enough information about their security policies to their customers.
Although not the main point of this discussion, there are a few items that are compelling enough to be quoted:
Most of the SaaS vendors talk about how their datacenter is protected by biometric scanning, card based access, 24/7 video monitoring, perimeter firewall, IDS, log auditing, etc.. To be frank, this is a case of plain bullshitting. Biometric scanning, card based access, video monitoring are part and parcel of any datacenter operations these days. If a datacenter doesn’t have these measures implemented, then you can be hundred percent sure that they are a fly by night operation.
As an educated SaaS user, I don’t care about these security measures at all. I assume them to be just there. Instead, I am more interested in people centric security measures. <...snip...> I will be more worried about how the access to my data are handled by the SaaS providers than knowing whether their datacenter has biometric access and video monitoring. If these people centric processes were handled badly, the presence of biometric access sensors and video cameras becomes meaningless.
This, in my mind, is the equivalent of previous rants I’ve posted regarding compliance being the outcome of a proper risk management strategy instead of a one-time event. The cloud-based equivalent…if you will, and perhaps if you won’t…is people-centric policies as an outgrowth of a focus on risk management.
However…
None of this matters…
Unless there is connectivity that allows for the consumption of SaaS services. If users are unable to reach your services, they have no intrinsic value and a proper risk management strategy is meaningless
I refer to this requirement as “the assumption of connectivity”. If you consider the payments industry and its growth over the last 10 years, this widespread adoption of connectivity has had a major impact on acceptance methodology and acceptance points. Even in my humble little corner of Downtown Denver, it was relatively recently that most SMBs were using a physical acceptance device (terminal) connected to a dial line for card processing.
Now, however, while terminals still remain the prevalence of broadband allows for integrated software solutions that are targeted to the business vertical. For example, I know several of the salons in the downtown area use an application that manages appointments, inventory (both retail and otherwise), non-stylist** scheduling, as well as payment acceptance.
The topic seems obvious…and it is…but the change between the growth of industry in the US based upon a legacy telecom infrastructure and broadband availability is an intriguing point of technological shift. I refer to this in different ways depending upon the audience…the assumption of connectivity…the internet as infrastructure…leveraging widespread adoption of broadband…etc.
I don’t, particularly, expect any of you to be surprised by the concept. However, it is one of those “back of mind” assumptions that it is important to ensure your audience understands (albeit conceptually) as a base principle for discussion regardless of industry.
What’s your perspective? Agree? Disagree? Anything to add? Critiques? The comment form is below…
*That is, arguably, the reason for a frequent traveler programme…creating “brand” loyalty.
**i.e. the staff that isn’t making the hair lovely…the term “stylist” can be considered outdated…as my wife was told when she finished her certification…”You are now a cosmotological entrepreneur”
Written in seat 13A – DEN to ATL
June 10, 2009