The Downsides of Software as Service

JustinBrock writes "Dvorak's article yesterday, entitled Don't Trust the Servers, argues that the danger of software as a service was highlighted when 'the WGA [Windows Genuine Advantage] server outage hit on Friday evening and was finally repaired on Saturday. It was down for 19 long hours.' The whole fiasco raises an interesting perspective on the software as a service 'fetish'. Dvorak highlights it hypothetically: What if the timeline were reversed, and we were moving from online apps to the desktop. Hear his prophecy of the marketing: 'You can image the advertising push. "Now control your own data!" "Faster processing power now." "Cheaper!" "Everything at your fingertips." "No need to worry about network outages." "Faster, cheaper, more reliable." On and on. I can almost hear the marketing types brag about how much better "shrink wrap" software is than the flaky online apps. The best line for the emergence of the desktop computer in a reverse timeline would be "It's about time!"'"

When is the last time Dvorak...

[djh101010]

I'm trying to think of the last time I read an article by Dvorak, and said "You know, he's got a good point". It's almost like he intentionally trolls his readership by stating the most outrageous possible point of view, just to stir up hits and discussion.

Re:When is the last time Dvorak...

[Toonol]

This article. He's got a good point.

"Software as a service" should be viewed with the same suspicion as "Trusted Computing." Something so bundled in Marketing, with no particular benefits to the consumer, has to be a money/power grab.

Re:When is the last time Dvorak...

[Tackhead]

> I'm trying to think of the last time I read an article by Dvorak, and said "You know, he's got a good point". It's almost like he intentionally trolls his readership by stating the most outrageous possible point of view, just to stir up hits and discussion.

"This time." Centralization and decentralization has always been a pendulum sort of affair, varying with the relative costs of bandwidth, CPU, and storage.

Once upon a time, there was the mainframe. Nobody ever got fired for buying (or more accurately, leasing) IBM!

Then came the microcomputer. Decentralize! Applications run right on your desk! Buy Apple! No more monthly payments to IBM! (At 9600 baud, dumb terminal bandwidth is expensive. 8-bit micros are cheap!)

Then came the dickless workstation. Oops, "diskless". Centralize! It's a client/server world! Buy Oracle, and run it on your Sun! No more huge capital outlays for PCs that become obsolete the day they're purchased! (Workstations are expensive, but this new ethernet stuff is cheap!)

Then the PC-as-workstation. Decentralize! Don't rely on that expensive server! (Doesn't matter how much cable you run, if you have 100 users trying to render the Sistine Chapel on X Terminals, bandwidth and server-side processing power are shockingly expensive again, local storage and processing power are suddenly cheap again.)

We're currently on our way back to the server. This time, the excuse is DRM. An application that doesn't exist locally can never be used locally once the vendor decides to kill it.

But ultimately, the root cause is that bandwidth is relatively cheap again. Doesn't matter whether the application is Windows (which needs to call the mothership for patches every few days) or Steam (for the same reason).

Re:When is the last time Dvorak...

[pla]

Single point of failure should a catastrophe happen.
User's can't go in and break the system.
There is one system to maintain, one anti-virus package, one system to back up and so on.


All of the benefits you mention depend on all software running as a service, not just MS Office and a few other "enterprise" apps. That simply won't ever happen, even if everyone buys into this scam-of-a-revenue-model, because something absolutely critical won't play well with others.



You are not in control of your own destiny.

And it all comes down to that one point. Every other fact or opinion aside, what does it mean when Microsoft EOL'ing a product means you no longer have any program with which to review the last ten years' worth of customer transactions or tax records? "Sorry, you'll have to cancel that audit, Microsoft cut us off. But no doubt the IRS understands completely and trusts that we filed accurately, right?"

Re:When is the last time Dvorak...

[ArcherB]

"There is one system to maintain, one anti-virus package, one system to back up and so on." Untrue w.r.t. the anti-virus especially. Once a user terminal is zombied, your server is directly exposed to application level attacks. I was speaking of an application based virus, like the good ol' Word Macro Virus. Of course, running your word processing apps on a remote server will not protect each terminal from other viral/trojan attacks, but it makes it easier to ensure that your sales team isn't sending infected Word docs to customers trying to sell them security software!

"Single point of failure should a catastrophe happen." I've never seen this as a good thing for survivability. The classes I took, and my industry experience tend to support adding redundancy to elements identified as SPoFs. I think I know what you're trying to say, but still... Keeping an application running on a bank of redundant servers is still easier than maintaining that same applications on 20,000 independent PC's. While it does have its drawbacks, such as when the servers or network go down, everyone is SOL, it's easier to fix that single bank of localized servers than it is to fix every single machine if something really catastrophic happened, like a virus run amok on your network that trashes 20,000 copies of Office.

I can see why it is a good idea to remove critical applications from the control of the end user, but the drop in performance does not justify the increased level of maintainability. And no matter how much we hate it, there are some applications that are required to have some or all of it run at a centralized location. Examples would be your Exchange server, your database server and any web based applications that simply can not be run on local PC's.

This is cyclical in the computer industry

[dtobias]

Hasn't this gone around in cycles already? First there was the mainframe batch processing era where everything was centralized, then the networked-terminal timesharing model where individuals could do stuff but it was all dependent on a central system... this gave way to the early PC era, where individuals could have totally separate machines and do things independently... then everybody got networked and we were back to a more central-controllable system. Because there are advantages and disadvantages of each model, things will keep going back and forth as people react to the issues of the currently-dominant model, whichever one it is.

Reasons for Service Software

[orionop]

The article make the assumption that everything is moving from a local desktop computer on to the internet. It is the same with all of those webOS people. There is a time and place for both local and remote services on computers. The WGA has to be remote because windows is cracked so easily on a local scale (not that WGA poses to much of an obstacle). Things like google documents is useful for having a decentralized work environment for papers and makes collaboration easy. However, that does not make office suites extinct...it is simple another option; and since when are more options a bad thing?

The downsides of software NOT as a service

[DogDude]

Software as a service is incredibly useful to smaller enterprises (like mine) that don't have the manpower, money and/or expertise to maintain our own servers. Mission-critical software isn't as simple as 1. install on computer 2. use software. There's uptime to worry about, backups, security, etc. For smaller businesses, it most certainly makes sense to farm this out to experts and take advantage of specialization of labor in terms of cost cost and skill.

At this point in time, software is as complicated and as important to some businesses as say, vehicles are. Only the very largest of companies have their own in-house garage and mechanics to take care of their own vehicles.

Depends on the situation

[coolmoose25]

Just like anything else, there is a time and a place for software as a service. Some things simply make more sense that way. What about UPS package tracking? Not much point in having that be a standalone application... At the end of the day, developers, even users, have to decide which services make sense to have online as a service or offline as a standalone app. I choose email as a service (gmail) instead of Outlook or Thunderbird. It works for me because I use lots of different computers, and, lets face it, email isn't very much good if you can't get online anyway. OTOH, when I'm downloading emails for Scouts at summer camp, I prefer to use a standalone email application, as I can get online, download all the mail for the day, and disconnect, thus saving the camp phone line (and minimizing my time on a dialup connection). Not only is there room for both, both models make sense depending on your application requirements...

For Once I Agree with Dvorak

[tom's+a-cold]

It has to happen by chance from time to time...

SAAS has worse problems than server availability. It creates nasty integration problems since your critical enterprise data is not only crossing an interface, but the other side of that interface is not in your control. That's not just an integration problem: I'm waiting for a security breach against one of the big SAAS vendors. And not only is it closed-source, it's closed-source managed by a third party that doesn't have the same priorities that you have. So if you need to fix or customize anything on the SAAS side, you're well and truly screwed.

The only reason SAAS emerged at all was as a response to the poor performance of most in-house corporate IT departments. Why wait for your own geeks to implement something badly in a year when you can go to an ASP who will give it to you in a couple of months? And of course there are the perverse incentives in how capital expenditure is accounted for versus externalized services. But the main motivation is that business managers just don't trust their own IT people. And based on the performance of most IT management, no wonder.

Dvorak's Ignorance and WGA...

[nweaver]

So once again, I'll read up to the first Dvorak mistake, and then stop.

The first one I got: WGA can't "fail closed", otherwise pirates would just filter the communication to the WGA servers.

Rather, what WGA needs is a signed "check back later" message, where Microsoft's public key is used to sign a "check back by day X" message, so that a server outage can be handled in the future. And I'd bet that there is, by next Patch Tuesday, an upgrade to WGA to support such functionality.

And its not like people's home/office computers are so reliable, making this segque ridiculous.

This time it's extra stupid

[Lonewolf666]

"This time." Centralization and decentralization has always been a pendulum sort of affair, varying with the relative costs of bandwidth, CPU, and storage.

With Vista, the user has to buy a computer that provides all the ressources and is still depending on some server being available / working correctly.
In this case the WGA server, which does not give any advantage to the user. The only one who has an advantage is Microsoft (from disallowing pirated Windows versions), and that is questionable as I doubt Vista will stay uncracked ;-)

It's already here, in "Higher" Education

[oDDmON+oUT]

As administrators drink the Kool-Aid® we see the SaaS fetish in action in labs, with online testing and content delivery, in text books, with DRM'd PDF files that must be read, or verified as "authorized", online, and I'm sure that more will come as marketers move to embrace the new paradigm.

The obvious problem arises when the network goes down,

But there are other "gotchas":

• Students with no internet connection at home to "verify" purchased content
  
• Students on *gasp* dial-up
  
• Labs or onsite facilities unable to deal with separate installations of proprietary applications for each user
  
• Bandwith hits taken when ebook download and validation peak
  
• Lack of portability of purchased content
  
• Students without printers unable to ... well, you get the idea
  

Again, I'm sure there are more that will come up as time goes on.

IMO, any time there's a move to vendor control, let alone remote, removed, vendor control, the end user will lose.

Dvorak's a little confused

[c]

He seems to be under the impression that WGA is a service Microsoft provides to Windows users.

It isn't.

WGA is a service which Microsoft provides to themselves, in order to protect themselves from said Windows users (AKA thieves).

If the main purpose is to protect your profit center, a 19 hour (or 72, or 30 day) outtage where the failure mode is "more protection" strikes me as perfectly reasonable. It's not like "pissing off customers" has ever been considered a liability in Redmond.

Sucks to be a Windows user, though. Should have got some sort of service agreement, I guess.

c.

One Word - Skype

[gbulmash]

Look at how many people were without phone service when Skype wen't down. Some were smart and either had a land line as a back-up to Skype or vice versa, but by creating a single central point of failure, thousands of businesses were inconvenienced and lost money.

Software as a Service (SaaS) creates all sorts of ripe opportunities for hackers, crackers, and other cyber criminals. It's been a cottage industry to blackmail online casinos, threatening DDOS attacks if you're not paid off. Since a half-day DDOS could cost the casino in the high five figures (or more), they pay the blackmail.

What if a large SaaS company had a 100,000 business customers... just 100,000? That's a ripe DDOS blackmail target if I ever saw one. And if you could hack the systems and gain access to the tax and banking spreadsheets of 100,000 clients? Can you say "low-hanging fruit" boys and girls? I knew you could.

And what if the company is being run by idiots who fake their numbers to make it seem like a sinking ship is just "settling in the water" until the ship suddenly capsizes without warning, going belly-up in the space of hours. All your docs and spreadsheets are offline... indefinitely. And if by some graceful foresight, you backed up your docs, if you can't find a piece of software that can both run locally and work with the proprietary formats the SaaS vendor used for their docs, you're still SOL.

Those are worst case scenarios, but you get the drift.

Re:Here's a few more - readable this time...

[narrowhouse]

Let's look at one of the options that hasn't gotten much press, and frankly isn't considered to be very good, Office Live.

I'm not a big fan of Microsoft but this service (intially, until they have a lot of people signed up then they can tighten the screws) could save a small business a lot of money. For $40 a month you get a domain name, tools for building a site, 20GB of bandwidth a month, 2GB of storage space for your website, 50 email addresses with 2GB of storage a piece as well as some basic business apps, contact management, project management etc.

And zero servers to maintain, backup, or purchase.

For a small business that is HUGE.
If the business takes off they will out grow it, but if it doesn't it won't take years to pay off the loans they took out to buy hardware.

In house hardware and software is definitely a valuable asset for a lot of companies, but for someone running a mail order doll furniture business, software as a service might be just the ticket (though they might want to look at the free level of Office Live).

Actually I encourage everyone to make Microsoft pay for a free domain for a year by using the Office Live Basic service :)

Re:Here's a few more - readable this time...

[Sancho]

I'm not a big fan of Microsoft but this service (intially, until they have a lot of people signed up then they can tighten the screws) could save a small business a lot of money. And that, my friend, is the biggest problem that I have with software as a service. Your data is held hostage. You can never leave their service, even if they raise their prices tremendously.

If I buy a copy of Office today, I know that I can always get access to the files I create with it. Even if it's a hassle--having to reinstall every X days because their product activation server was dismantled years ago--I can always do it. Can the same be said of Google Apps? Of whatever Microsoft offering you're discussing? In 10 years, if I need access to my financial documents, will they still be around? Maybe, maybe not, but it's a pretty huge uncertainty right now. And that's the rub--that's the thing that, if left unaddressed, will prevent me from ever subscribing to software-as-a-service for anything important.