Over the last week, the SaaS community has been roiled by the arrest of the CEO and CFO of Entellium a SaaS provider in Seattle. Here is what you do if your back end service provider goes out of business.
If your company relies on external providers that provide critical services for your company, it is time to be addressing what happens if they go out of business in your disaster recovery plan. The idea behind using the disaster recovery plan for this is that you can scenario plan what the second and third backup process is going to be. That is the important part, how to recover the operation just as you would in any other disaster that the company will face.
There is a lot of security FUD generated by the security industry about cloud computing, where security people are using the standard "no" refrain. Yet there are solutions to what might look like insurmountable problems. Having your SaaS provider go out of business looks scary, but has a solution that can be elegant.
The primary thing to do if your SaaS provider is going out of business is to make sure that you have the data; because that is the most important thing, you have in the system. It is easy to get a backup of the data in the SaaS system, the problem is going to come into compatibility with other provider's offerings if you do not want to spend the money in house to bring the service back.
The backups require either tape or disk storage of those backups on the company's site, and they should be updated daily depending on how much activity the system gets, or how much data you input on a daily basis. Large systems should be backing up on a schedule that will allow recovery of all but the last hour's records for a huge data pool of data that is updated every minute or less. Less used systems can have a less rigorous backup plan, but the idea is to recover as much as you can without having to do much data entry again as possible.
The data compatibility issue with other providers is going to be the hardest part of the whole operation. Different SaaS providers have different formats for data, so you should be working with a company thinking along the lines of how do I get this data into another system. It is easy to write a translation routine to move from one data format to another, the problem comes in when the databases are fundamentally incompatible. This is where cloud computing can help, by harnessing the processing power, the translation code can be sloppy and still perform well when moving from one data format to another data format in the cloud.
You should be working with the new service company to make sure that the support and resources are available to you if you are doing a massive data conversion project from one data system to another data system.
One way to save on pain is to use another SaaS provider as a "hot spare", in that you have two SaaS providers essentially using the same data entry point within the company. That hedges the bet, and might actually help save on pain when dealing with crisis operations. The hot spare idea would be based on the ability of the company to have functioning redundant services, and what kind of pricing you can negotiate with the SaaS provider providing the system as a "hot spare".
You also want to grab as many logs as the system was providing to your company. If the SaaS Company was not keeping logs, then you are out of SOX and HIPAA compliance, make sure that your new SaaS Company provides robust logging to keep you in compliance with the logging portions of the two laws. Logs are easily compressed and moved to any handy PC or SAN that the company runs. Space might be at a premium, but this might also the time to move to Amazon's simple storage program even if temporary to store logs, data, and other information if there is not enough local storage for the data.
As long as you have the data, there are ways of getting back up into operation quickly; the key is to have the SaaS provider going out of business as part of the disaster recovery plan. Then having backups, and being able to find a new SaaS provider quickly, working with them to work out how to translate the database from one system to another system. Good SaaS providers will want to work with you, and it might not be a bad idea to already be doing this.
The idea is to use a second SaaS provider as your "hot spare" is also viable depending on budget, and who you are going with. Using the cloud to solve storage and processing requirements is also an idea that can be used if finding a SaaS provider is going to be difficult. The key is to be back in operations as quickly as possible, preferably between 24 and 72 hours for mission critical services.
About the Author:
Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.