Thursday, July 02, 2009

The self-host vs. SaaS debate, and the disingenuous security argument

David Keene at Digital Signage Magazine proffered a short post yesterday wondering about whether self-hosted digital signage systems (he calls them "Premise" systems) or those offered in the software-as-a-service (SaaS) model are better, and why. As he notes, people who doubt the SaaS model tend to believe that, "premise-based digital signage content management software packages are often more scalable, more secure, and more reliable because they are not based on a constant internet connection,". While tech novices might be easily swayed to believe these types of arguments, they're actually pretty poor indicators of the "quality" of a system for a particular application. They're also littered with presuppositions about how self-hosted and SaaS systems work. Here's a breakdown:

Unsubstantiated Claim #1: Premise systems are more scalable than SaaS systems

The fact of the matter:
This one's easy. SaaS providers (like myself -- I'd like to point out that I have a vested interest here) live and die with their ability to provide service to their customers. I have literally thousands of devices checking in to my servers, for hundreds of clients. If there's any kind of problem, we hear about it very quickly. And our ability to win new business relies on our ability to quickly and inexpensively increase our capacity. How many networks hosting their own stuff can claim that? Very, very few.

Unsubstantiated Claim #2: Premise systems are more reliable because they don't depend on an Internet connection

The fact of the matter:
In certain scenarios this might actually be really important. However, with the most common scenario (a player can't get onto the 'net to get content), I doubt there's really a difference in the majority of situations. Large files these days are usually downloaded ahead of time and stored on a local hard disk. And of course, if you don't have a good net connection, you won't be able to do streaming media, live data feeds, etc. regardless of what platform you use. If you have a network that you KNOW will never need to be connected to the Internet, I could see using this argument. Otherwise, it doesn't really resonate with most network applications nowadays.

Unsubstantiated Claim #3: Premise systems are more secure

The fact of the matter: This is the one that really irritates me when I hear it, because if the people claiming to be worried about security actually knew anything about computer security, they'd realize the flaw in their argument.
That's because computer security essentially comes down to two things: technology and personnel. Any reasonably good product is going to have well-secured technology, including removing unnecessary programs, getting rid of common virus/hacking vectors, using recently updated or patched software, and implementing strong, non-obvious passwords. However, that's only half of the equation.

The other half is maintaining those systems over time, and this is where SaaS systems shine. At WireSpring we have full-time employees that do nothing but monitor our system status, read security bulletins, and continually maintain our software and servers. How many of those who host their own systems can claim that? We complete monthly security audits and maintain compliance -- at both the server and player level -- with strict standards like PCI-DSS and PABP. Again, how many self-hosted networks are going to go through the time, trouble and ongoing expense of that? I'd be willing to bet that it's a small percentage of the whole. Our servers are securely located in vault-like datacenters around the country, where physical access is limited via three-factor authentication, and armed guards patrol the perimeter. Meanwhile, I've had people tell me their "secure" systems are kept in a closet of their office.

Now admittedly, one place where self-hosted solutions *can* offer better security than SaaS solutions is when there's an "air gap" -- the network controlling the digital signs is PHYSICALLY disconnected from the Internet, and all activities like content upload and remote management must take place on this entirely separate network. In this case, it's physically impossible to compromise the network over the Internet (though local attacks are of course still possible). In reality, I'd be surprised if there were many such networks out there just because having such a gap is inconvenient.

6 comments:

DailyDOOH said...

Bill, as usual you are SPOT ON !!!!

David Keene said...

I was trying to make the point that most of these issues that I laid out, in the "self-host vs. SaaS" debate, are issues as perceived by a lot of users...not my opinions about benefits of one or the other... I guess I should have made that more clear... that I wanted to kinda throw the "stereotypes" or misconceptions out there now, and then try to clear them up for the article in the magazine....

it worked.... I'm already getting tons of responses... and I appreciate your response, Bill, it's going to move the debate forward...

David Keene

Stephen Randall said...

Anyone arguing against the cloud is short sighted and clearly doesn't get where media and business models are heading. You clearly set out a few of the arguments. Another point for the SAAS side is extensibility. There's also a debate regarding the merits of multi-channel connectivity which is becoming important for winning ad-networks (the network effect helps businesses duh). Twitter:StephenRandall

Steve An said...

Let's not leave out the labor cost factor, it's costly (TCO) to staff up to run your own network.

Wallflower said...

As Chief Technical Officer for Wallflower Global, a company who are not yet heavily involved in SaaS signage deployments I am very interested in the whole Saas debate. We have nearly 10 years experience in building and deploying SaaS products that we continue to operate for small airlines and hospitality venues. These products manage all operations for these users completely over the Web. During that time we have had about 98% uptime. For the past 4 years we have had only one outage and failed to provide a service.

Having said that, however, the outage of Rackspace this week is a matter of concern as nobody expected that to be able to happen.

The key is to ensure the players are able to continue to play even if the connection goes down. Smart products cache the data locally and provide a service regardless.

We have thousands of displays deployed worldwide using 'On Premise' models but all of us in the industry have to realise that the Cloud approach is gaining momentum daily.

As the whole DDS industry moves into the mainstream the various products available will become smarter, more reliable and above all easier to deploy and use. At present most of the SaaS products still have limitations when it comes to ultimate functionality and connectivity to external devices such as touch screens. That will inevitably change.
The reality is that many users do not have very demanding requirements and in these cases such limitations are irrelevant.

The obvious advantages of Saas such as the ability to easily deploy upgraded functionality, the need for minimal client software installation, centralised support make it attractive.

One of the great opportunites we perceive is in the analytic area. Our company background is over 25 years experience in business analytic software. The development of ever more sophisticated analytics is becoming more and more important. such tools are complex and often expensive to deploy. To be able to implement these centrally utilising powerful servers will allow many users to access this functionality without the need to invest heavily 'On Premise'.

An example of this is the capability of Google Analytics that function very well across the web.

Joyce said...

I've worked with both. And I would say that both have a fit. The key difference between "on-prem" and SaaS is not a function of scalability, but of extensibility. Extensibility of the tool and the use of media beyond digital signage.