Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS based ALM solution Things to consider when outsourcing your ALM solution to a SaaS provider Security capabilities your SaaS vendor must provide in order for you to sleep at night The CollabNet SaaS advantage 2 Copyright 2008 CollabNet, Inc. All Rights Reserved.

What is SaaS? Software as a Service redefines the software deployment model from packaged applications with large upfront licensing fees, support fees and lengthy implementations to one that represents a dynamic, pay-as-you-go Internet delivered service. SaaS 3 Copyright 2008 CollabNet, Inc. All Rights Reserved.

How does SaaS differ from managed hosting? SaaS Managed Hosting 1. You rent the software 2. Pay-as-you-go, subscription-based pricing 3. Software vendor takes care of the infrastructure 4. Upgrades are automatic and seamless vs. 1. You own the software 2. You pay a large license fee upfront 3. You pay a third party to manage the infrastructure 4. You worry about when to upgrade and how to upgrade. Source: Forrester Research 4 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Advantages of SaaS based ALM solution 5 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Lower TCO There are no hidden costs or fees with SaaS. You don t have to purchase hardware or invest in any infrastructure. You don t need to worry about... Hardware Database support Scalability Uptime Reliability Security Management Monitoring... since the software vendor worries about this for you Source: Forrester Research 6 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Rapid deployment By eliminating the upfront work required to setup hardware and install software, you can reduce your time to "go-live and start driving value more quickly. Zero time spent acquiring or testing hardware + Zero time spent installing software + Shorter RFPs due to lower risk = Implementation times ranging from one day to a few months Source: Forrester Research 7 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Reduced administrative burden The SaaS provider manages all network maintenance and upgrades on an ongoing basis, your IT staff is free to work on your organization s most strategic initiatives. SaaS Provider 8 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Faster Innovation Since all customers leverage the same code base, SaaS providers can easily deliver new features at an accelerated rate usually at no additional cost Vendors release upgrades two to three times per year Versus once every one to two years for on-premise Upgrades happen automatically and seamlessly At off-peak hours, without you doing anything Upgrades are incremental rather than big-bang No need to re-engage consultants Reduced (or zero) need for retraining users Source: Forrester Research 9 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Expert Operations Staff SaaS vendors have deep experience in running and managing their applications to provide 24x7 availability at scale. Advanced monitoring Operational support staff know the application inside and out Network and OS optimized to support the applications 10 Copyright 2008 CollabNet, Inc. All Rights Reserved.

A more powerful and secure IT infrastructure Few organizations can match the infrastructure and security investments made by SaaS vendors. World class datacenter facilities utilizing high speed networks optimized for application specific traffic. Focus on Data Security & Availability 11 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Things to consider when outsourcing your ALM solution to a SaaS provider 12 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Robust internet connection ALM/SCM applications generally consume large amounts of bandwidth with continuous build and test cycles. Local development sites may lack the necessary bandwidth to support local build and test functionality integrated with a SaaS based ALM/SCM solution. Outsourcing a SCM solution will usually reveal any deficiencies in your corporate network design and capacity. 13 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security & Governance Can your SaaS provider support your regulatory requirements around SOX, HIPAA, Export Compliance, Data Privacy, etc? Backup Retention Data Encryption Disaster Recovery Secure Network Links Integrated application authentication (LDAP, x.509, etc) Security Controls and Standards Certifications SAS70 14 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Support Who do you call with a question or to report problems? Hours of phone support Is 24x7x365 phone support available as an option? Initial Incident Response SLA How soon will they start working on my issue? Customer Support Portal Can I submit and track trouble tickets online? Community Help Is there an online community or forums to turn to for help? 15 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Service-level agreements What is your SaaS provider willing to commit to? System uptime and the penalties for unplanned downtime Support response SLA s 16 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Disaster Recovery To ensure that you are protected in the event of a disaster, your SaaS provider should offer a Disaster Recovery Service via a geographically diverse datacenter facility. Is hardware already in place and configured? Does the hardware and network capacity of the DR location match that of the primary production facility? Does the SaaS vendor conduct regular failover drills? Can you as the customer conduct failover testing to ensure regulatory compliance? 17 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security capabilities your SaaS vendor must provide in order for you to sleep at night 18 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security Is your data safe? The security of your intellectual property should be first and foremost when evaluating a potential ALM/SCM SaaS provider 19 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security - Policy The security policy communicates management commitment and information security requirements to all levels of the organization. It provides an integral foundation for security standards, processes, and procedures. Does the SaaS provider have documented and audited (preferably by a third party) security controls? SAS70? Are the controls audited annually? 20 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security - Human Resources Security responsibilities need to be addressed during recruitment, in employment terms and conditions, in training programs, and in disciplinary processes. Is employee access to systems immediately revoked upon termination? Are all employees subjected to background checks prior to employment? This ensures that employees understand their responsibilities, and are suitable for the roles they are considered for. 21 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security - Physical Physical security provides a secure environment for people, equipment, and information. 24x7 guards at datacenter facility? CCTV Monitoring of secure areas? 2 factor authentication for physical access? Physical security of backup and other storage media? Without adequate physical security, assets may be damaged and logical security controls may be bypassed. 22 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security - Operations Management Operations management controls protect the integrity and availability of information and software in networks and datacenter facilities and reduce the threats of unauthorized disclosure, modification, removal or destruction of data, and interruption to business activities. Active security monitoring with logging of events? Patch management process to ensure any software vulnerabilities are quickly addressed? Are application components run under a least privileged policy? 23 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security Access Control Access control processes provide protection to information and resources and help ensure accountability. Strong password policy? Audit log for access? Strong authentication? Application and administrative access encrypted? 24 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Security - Incident Management To ensure information security events and weaknesses associated with information systems are communicated in a manner allowing timely corrective action to be taken, information security events and weaknesses must be reported quickly and corrective action taken. How am I notified in the event of a security incident? How are security incidents managed and tracked? 25 Copyright 2008 CollabNet, Inc. All Rights Reserved.

The SaaS Advantage 26 Copyright 2008 CollabNet, Inc. All Rights Reserved.

Leader in Distributed Development Proven GDD Capabilities Users: 1,500,000+ Countries: 80+ Availability: +99.9% Legend More Less > 27 2006 CollabNet. All Rights Reserved. CollabNet Confidential.

Delivered OnSite or OnDemand Standard Services 24x7 Live Support 24x7 Operations Multiple SOCs Multiple Data Centers Encryption (SSL/SSH) Intrusion Detection Resilient Network Core Upgrade and Patch SAS70 / ISO 17799 Maintenance Security Control Standards Optional Services VPN Services Encrypted File Services Private Links Enhanced Support Anti-Spam Plans DR Service Custom Upgrade / Priority Upgrades Project Plans Globally Available, 99.9%+ Uptime > 28 2006 CollabNet. All Rights Reserved. CollabNet Confidential.

Business Continuity (DR) Key Features Active Disaster Recovery 8 Hour Restore Window Maximum Data Loss: 6 Hours Dedicated Hardware in DR Location Encrypted File System Support for DR CollabNet s Managed Business Continuity service provides near-transparent failover of services in the event of disaster. This provides nearconstant uptime for about the same price as standard deployment in a single datacenter. Best of all, clients don t have to depreciate disaster recovery investment as CollabNet leverages economies-of-scale for multiple customers. > 29 2006 CollabNet. All Rights Reserved. CollabNet Confidential.

Enterprise Support Services Live 24x7 Support and Production personnel Value-based support programs to meet your requirements Up to 99.9% availability guarantees Up to 1 hour immediate response on critical issues > 30 2006 CollabNet. All Rights Reserved. CollabNet Confidential.

Community and Online Support Rich community of CollabNet users and employees Customer self-service portal for managing cases Provides roll-up reporting of all customer cases / issues. Access to product and services knowledge-base, release notes and more. Access to usage and service level analytics and SLA measurements > 31

CollabNet SaaS Service Summary Service Guaranteed SLA Security Compliance (SAS70) Geographical Disaster Recovery Option Secure Links and Virtual Private Disk Option Hot Standby Service Option 24x7 Manned Support Team 24x7 Manned Production Operations Self-Service Support Portal Incident Reporting and Root Cause Analysis Production Engineering Team CollabNet Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Visit www.collab.net to get more information on CollabNet s ALM/SCM solutions or to try a live demo. 32 Copyright 2008 CollabNet, Inc. All Rights Reserved.