June 23rd, 2009 by Rian Gauvreau
In today’s post we’ll discuss the issue of data availability. Data availability is one of the most critical aspects of Software-as-a-Service to investigate before selecting a SaaS provider. Provided an appropriate data availability strategy is in place, SaaS applications can arguably provide a much higher level of data availablility than desktop applications.
In asking a SaaS provider about their data availability strategy, you are essentially getting an answer to a very important question: “What are you doing to ensure that my data remains available, even in the event of a natural or human-induced disaster?”
The types of disasters that need to be contemplated in a data availability strategy are numerous – natural disasters could range from a lightning bolt that causes a simple power outage at one data center to an earthquake that wipes out power for an entire state; human-induced disasters could include a simple network misconfiguration to a situation where the SaaS provider must shut down for any number of business-continuity-related issues.
Although many of these scenarios are extremely unlikely, the value of the data that is being stored should motivate a comprehensive plan to mitigate the risk associated with the spectrum of potential disaster scenarios. Luckily, there are a broad range of extremely effective technologies and techniques available to both SaaS providers and end-users to ensure their data is safe and secure:
Geographic Redudancy: If a SaaS application or its data is hosted in just one data center, this means there is a single point of failure that could, potentially, make the entire application unavailable. Geographic redundancy, or geo-redundancy, takes advantage of multiple, geographically distributed data centers. The impact of an outage at one data center can thus be minimized by automatic failover to addition data centers.
SaaS Provider Backups: The SaaS provider should, at a minimum, be performing daily backups of all data and storing this backup in a secure, offsite location. Ideally, backups should be performed multiple times per day, and replicated to multiple, secure offsite locations.
User Backups: While trusting the SaaS provider to conduct appropriate backups is acceptable to some Bar Associations, other Bar Associations require their members retain on-premises copies of their practice’s data. To meet this requirement, you should enquire as to whether your SaaS provider allows for a full export of your data from their system.
Data export can also be an important part of integrating your SaaS solution with other products such as document automation software. Data exports from your SaaS provider should be in a human-readable format such as Comma Separated Values (CSV) or Extensible Markup Language (XML), and, as such can be imported and used in other products to help automated repeatable tasks or eliminate duplicate data entry.
Data Escrow: While internal and external backups provide an extremely high level of protection against data loss, a question we’ve received from a number of attorneys considering using Clio as their practice management system is the following: “what happens if you go out of business?” While this is of course an extremely unlikely scenario, attorneys have the fiduciary responsibility to ask this question of any company being entrusted with their practice’s data.
Having an up-to-date external backup of your practice’s data is an acceptable way to address this concern. However, as we all know, performing backups can easily be forgotten. To help address this concern, we’ve established a Data Escrow policy, where we, on a regular basis, securely archive our data to a completely independent and bonded third party. The data will be held in escrow so that, in the event of an extended service interruption, users taking advantage of our data escrow service can securely retrieve their data from an organization completely independent of Clio.
These measures, taken together, make data availability one of the most compelling advantages of SaaS over traditional desktop applications. To achieve an equivalent level of data availability with desktop applications would be cost-prohibitive and technically challenging, whereas SaaS providers can make this kind of infrastructure available to users for a low monthly cost. For attorneys in geographic locations exposed to a high risk of natural disasters such as hurricanes or earthquakes, SaaS can provide a compelling solution to the problem of data availability, as the SaaS application will remain accessible even if your offices are inaccessible or damaged.