Organizations are increasingly turning to software-as-a-service (SaaS) to address business needs, but while end users are realizing the benefits of cloud-based software -- ease of procurement, anywhere accessibility and improved productivity -- integration and software architects are struggling to make it work with on-premises applications. Integration with legacy enterprise applications, identity management and access control is often made more challenging by the fact that it is an afterthought for many organizations.
SaaS creates silos of customers' information in the cloud in the SaaS vendors' data centers. "You typically want to integrate with your data center, and you have to figure out how to make that integration occur … [which] needs to happen even before you pick your SaaS," said Blue Mountain Labs founder and CTO David Linthicum.
Linthicum said it's important to take an architecture approach and determine how SaaS fits into an existing configuration.
Once or twice a month, Linthicum hears from an organization that says it has, "just stood up a huge SaaS installation and needs to know how to get the information back on premises," he said. "It needs to be retrofitted, and data is out of sync, and it becomes a mess."
Historically, companies have split business systems into separate environments. "The SaaS is the stuff they don't worry about, and the back office is the stuff they manage," said enStratius Inc. founder and CTO George Reese. "When it comes to tying them together, there's a technology gap there that they have to overcome."
While many company business models focus on being the glue among SaaS services, Reese noted there are also tools that make it easier. However, those that exist are about holding together well-known services.
According to Jason Bloomberg, president of ZapThink LLC, a Dovel Technologies company, these tools go by a number of names, including business-to-business integration, cloud governance and API management tools. Other tools fit into the category as well, Bloomberg said, including next-generation B2B integration tools, SOA management tools and XML appliances.
"All the vendors are jumping around playing hokey-pokey," said Bloomberg. "What really has changed? They've made some updates but it's really all the same stuff."
Linthicum said it's not a lack of technology, but of knowledge that creates a challenge. "The technology is there. We just don't have the strategic knowledge [or] know how all these pieces and parts work and play with our existing infrastructure, processes, data -- all the things we have to keep track of," he said.
Bloomberg said integration of this nature has always presented hurdles. For example, he noted many people misunderstood Web services and now, similarly, REST.
The API challenge
When application integration options are considered in choosing SaaS apps, the robustness and openness of application program interfaces (APIs) is a critical criteria, according to Linthicum. "If APIs are well defined, as in SalesForce, integration becomes easy," he said. "If you're using a lesser-known player without APIs or that's less sophisticated, things are a bit of a challenge."
While Linthicum advises organizations to look at and test API sets, Reese recommends considering the cost of assessing those APIs. Some SaaS vendors require customers to upgrade their services to obtain access to APIs. An organization may only need services for a couple users but have to subscribe to enterprise-level service to obtain the APIs.
User provisioning, deprovisioning, and identity and access control are among the biggest issues when integrating SaaS with on-premises apps.
"Integration with SalesForce is what 90% of the world cares about," said Reese. "The other bit is with social media type SaaS systems. Largely that involves talking to the APIs of these systems and integrating that data with other systems within the enterprise."
Integrating identity and access management
While several issues may arise when integrating SaaS with on-premises apps, Brightfly Inc. managing director Brandon Dunlap said, "user provisioning, deprovisioning, and identity and access control," are among the biggest.
Reese agrees. "That's, for a lot of organizations, where things get really ugly," he said. "That problem has been solved, but the interesting thing is most people aren't thinking about that in any strategic sense."
Although he's surprised there hasn't been greater uptake of identity and access management solutions, Reese thinks he knows why.
"I think that identity management isn't the problem people are trying to solve when they go out to the cloud -- they get SalesForce, they need a finance package -- and, over time, they find out they have a dozen cloud-based apps they interact with daily, and it's a pain in the butt and at that point they say, 'I have to deal with it.' Also, the price tag isn't cheap for these services," said Reese.
When first trying to integrate a cloud app with a back-end system, identity management is very important, according to Reese. It's a problem that gets bigger, he said, because it's not the main thing that comes to mind.
Integrating identity management is not too difficult. "The identity piece is all built around open standards. There are libraries that will help you do it," said Reese.
The real potential roadblock, according to Reese, is how forward or backwards thinking the architecture is that will be integrated. With modern architecture, things should go smoothly, but it will be a rockier ride if it's really backwards.