Scaling isn’t just about scaling up – you need the flexibility to scale both up and down.
Years ago, when working as a product manager on my first SaaS product, some of my key early customers were oil and gas companies. I went into those initial customer conversations ready to share a great story about how our SaaS security solution could scale up rapidly to meet their needs as they grew. I thought preparing for rapid growth was going to be the key value proposition that would drive adoption, and for many customers that was true. A SaaS delivered security solution, where we as the provider took care of all the infrastructure, software updates, redundancy, and capacity planning, was a great answer for many of our customers.
But the response from one of these companies surprised me. While they certainly loved the idea of auto-scaling to deal with rapid increases in traffic, they were a lot more interested in a different ability – the ability to auto-scale down– to be able to shut down operations with little notice at minimal cost. They were a lot more interested in investing in a solution that they could shut down without having to deal with managing capital investments they no longer needed or that had become unprofitable. Their key pre-purchase question was: how quickly can I turn this off and stop paying?
They certainly weren’t hoping to see their businesses shrink, but the reality of their industry involved regular cycles of rapid expansion and rapid contraction. They needed to be able to grow fast to capture opportunity as soon as the price of a barrel of oil exceeded a certain level, but they had to be just as ready to rapidly shut down excess capacity when the price of oil dipped below the level at which operations became unprofitable. Firms that could ramp up-and-down quickly enjoyed a real competitive advantage.
Achieving Business Continuity with SaaS
Given uncertain economic times, a growing number of organizations now face similar kinds of difficult choices. Certainly, many organizations are struggling with ongoing costs of maintaining infrastructure that’s currently not needed, while trying to shift resources to new priorities, such as enabling a much larger proportion of their workforce to work remotely.
Beyond the challenges that a rapid increase in the need to support remote workers creates, organizations also need to start preparing for what comes next. How do you build out the products and services that your end users and customers will need now, without knowing exactly when demand will return to normal? Organizations that can prepare themselves to rapidly scale up operations without large upfront CapEx expenses, and without committing themselves to large ongoing OpEx costs, are going to enjoy the same kind of competitive advantages that the oil and gas company I discussed earlier was looking for. Cloud, and especially SaaS, offers one route to achieving this advantage.
As an example, imagine that as part of enabling your remote work force, you decide to make a key inventory system available as a web application so that your suddenly remote workforce can quickly access the information they need to do their jobs from any device (i.e. personal laptops or tablets) over the internet. Deploying that application on public cloud lets you scale up quickly if needed, but if that doesn’t turn out to be your long-term solution you can decommission the application at a later date of your choosing. The risk of trying out new solutions is significantly reduced, but you get the immediate benefit: your workers, who may not even have a device properly provisioned for accessing a VPN, can check inventory levels from any device with a web browser. However, your Web interface is exposed to the Internet, which creates a new and different attack surface.
Protecting Web Applications with FortiWeb Cloud
To safely deploy that application, you’ll need the protection of a WAF. You could install appliance-based WAFs (either physical or virtual) and build out your own redundant high-availability infrastructure, but that involves significant CapEx and OpEx expenditure and a long-term commitment to this solution strategy. But if you leverage a SaaS offering such as FortiWeb Cloud, you can simply turn on the WAF in front of your application, with all of the usual benefit that the SaaS vendor provides – redundancy, auto-scaling, and the latest up-to-date protection with automatic software and threat updates – and then simply dial it down or turn it off as plans evolve.
As organizations adapt to the current crisis, or continue with a digital innovation strategy they already had in motion, they need to think about how their entire system can become more nimble. Companies that understand how cloud and SaaS solutions enable business agility can balance two key risks going forward – the risk that they pull back too much and aren’t in the position to take advantage of opportunities when demand picks up, and the risk of overspending by locking in inflexible OpEx and CapEx costs before consistent demand reestablishes itself. The companies that can thread that needle, however, will be well positioned to successfully ride the waves of future economic turbulence.
Join Fortinet for a webinar to learn how to defend your high performance web applications with Amazon CloudFront and Fortinet WAF.
Learn how FortiWeb Cloud can provide advanced security for your web applications.
Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.