Why XaaS could be detrimental to your business
Oh look, another IT acronym: what a shock. I swear, even with an entire career in the world of IT it never ceases to amaze me how many ridiculous acronyms seem to crop up daily. In this particular case, XaaS, meaning “anything as a service.” But what exactly does that mean? Anything? Really?
Now, it’s no shock that Software-as-a-Service (SaaS) is something that many have heard about ad nauseam for the past decade. It’s also something that many use daily. And like any good idea at the time, many ideas and business models have spun from it, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and more.
However, along with all this innovation and recurring revenue models comes an important question: How do these business models impact business every day?
For any growing business, the challenges resulting from build or buy are continually present. From budgets to time, to staffing and support, these all play tremendous roles in determining the best course of action. However, there is far more to consider: the internet and being a slave to the worldwide web.
It’s easy to consider SaaS—today, it’s both benign and commonplace. But when it comes to far more involved business processes, both IaaS and PaaS need to be well vetted, thought through, and approached with a healthy amount of fear and paranoia.
Moving one’s infrastructure to the “cloud” comes with a host of issues—and security and privacy are at the top of the list of concerns. For most, the idea of the nefarious foreign hacker comes to mind—maybe they breach your provider’s security and leak your data to the world, or maybe they use it to extort you.
But that’s not the worst-case scenario (insert choking feeling here). You see, there is something far beyond that of nefarious hackers that needs to be considered, and that’s your service provider’s own legal terms and conditions and how they impact you and your business. It’s those T&Cs that determine who is permitted to have access to your data—from log files, to meta data, and more.
Then, of course, there is the Warrant Canary, a method by which a communications service provider aims to inform its users that the provider has not been served with a secret government subpoena. And whether or not that’s up-to-date can help or hinder you. In the United States, secret subpoenas, such as those covered under 18 U.S. Code § 2709(c) of the USA Patriot Act, provide criminal penalties for disclosing the existence of the warrant to any third party, including the service provider’s users.
Sound scary? Because loosely translated this means that your IaaS or PaaS could come back to bite you in the aSS.
So, what is the solution? I’m not saying that IaaS or PaaS is all inherently bad. It can help companies grow and succeed in an otherwise impossible climate. However, take this as a cautionary tale. Perhaps a hybrid model is best for many organizations, in that their data is kept under their own roof and not subject to third-party scenarios that mean their data is out of their control. If you invest in the right equipment with a vendor who knows how to architect the right type of infrastructure, the likelihood of being breached by bandits or bureaucrats can be greatly reduced.
And as a wise man once said, “Just because you’re paranoid doesn’t mean they aren’t after you.”