Sometime in late 2008, the team here at Fuery Solutions made the decision to base the future of our business on software-as-a-service product targeted at legal professionals.
MerusCase, the first of what may become a suite of products, is focused on Workers Compensation attorenys in California. For a variety of reasons, MerusCase is a web-based, "
software as a service" (SaaS) application running entirely on the infrastructure provided by Amazon Web Services. Our salespeople and partners like to refer to this as "operating in the cloud" because the concept of "cloud computing" is mentioned every 12 seconds on MSNBC these days.
That's all true, and indeed, my recent post on
practicing what we preach with regard to moving our own infrastructure, data, and operations to web-based services (the "cloud") echoes this online-centric paradigm. (I should note, with all due respect, this is quite a bit harder for us as developers and data crunchers -- we have to deal with a wide variety of platforms, disparate customer data, and other such hassles. It would be such a relief to have to worry only about Word Docs, PDFs, and email! :-)
In reality, MerusCase is a software product sold as a service (SaaS again) that leverages the cloud computing infrastructure offered by Amazon Web Services. Fuery Solutions is therefore not a "cloud computing" provider per se; we're merely building and selling a product that happens to "run in the cloud".
One of the objections I've run into here and there in the sales process is "security". I've placed the term in quotes because often the word is used to encompass a wide variety of opinions, many of which are based more in emotion than in technical concern. What my future customers are really bringing up is the feeling that they may lose control of their data. There is comfort for a great many folks in seeing a black box in the corner that (hopefully) contains all of their data. In response, I usually point out the following:
- MerusCase has to stand up to the internet. That means I'm thinking about crazy Ph.D. hackers in Russia who live on four bucks a day and have a bone to pick. Your little Windows 2003 server in the poorly ventilated closet adjacent to your office has to contend with your ex-wife and that receptionist you canned six months ago. Suffice it to say that your security model can be one of obfuscation -- your server is secure because no one knows it is there. MerusCase is secure because it uses published and proven security models. (The end-to-end communication is 128-bit SSL encoded, like your online banking system, and sensitive data in the database is encoded using unique data from your firm meta information, subsequently 256-bit SHA_1 hashed with said dynamic key, different for every single client, and stored in a database that is only accessible from the MerusCase web server infrastructure. We built the damn thing and schmoozing you into giving me your password would be easier than trying to crack that mess). If you trust your credit card with Amazon, you can trust your data with MerusCase. Security is not based on luck or lack of knowledge; true security is telling criminals exactly how your lock works and knowing it is not worth the effort to attempt a breach.
- Downtime of your local server is absolutely, without a doubt, higher than MerusCase. Those two days last June when you had to wait for your IT fellow to arrive, run to Best Buy, and install an new drive in your server, then restore your data imperfectly from backups? It might not be top of mind, but it happened. And if it didn't, you were lucky. 2010 may not be so fortunate a year. In contrast, data in MerusCase might be compromised in the event of a nuclear war. Companies a lot bigger than Fuery Solutions are running hundreds of millions of transactions per day on the same infrastructure. Now, would you rather trust the single hard drive platter in your little black box, or would you rather take advantage of the 40,000 servers (in October 2009) that make up the Amazon "cloud"?
- Worries about the internet connection in your office are easily mitigated. A secondary internet connection for redundancy will cost less than the annual maintenance fee on your Windows Server license.
- The benefits outweigh the costs. Yes, there are concerns because you can't hold the backup tapes in your hand. There is a certain comfort in the tangible, physical qualities of owning your own server. But How Much is your Fear Worth? "[Cloud Computing] presents real security issues, real security opportunities, and red herrings. In most cases the red herrings rule the day... [and after real world number crunching,] the system in the cloud is orders of magnitude less expensive than the other options."
- Amazon has spent billions of dollars on their infrastructure. They've paid for a world-class outfit, and they have one. That's why Fuery Solutions and hundreds of other companies have chosen to base their businesses on this technology infrastructure. Why not leverage that investment?
- Leveraging the web as a development platform allows us to bring more services to market faster. MerusCase has been updated almost 50 times since it's 1.0 release almost a year ago. Since then, we've added features like batch scanning, integration with Google Maps, synchronization with Google Calendar (and by extension Blackberry, Outlook, and iPhone), and chat-based support. We've backed up the application and data in a directed fashion 500 times and backed it up via automatic snapshot somewhere around 20,000 times. We routinely talk to external web-based services, leverage existing free software, and connect disparate data sources dynamically because we're on the web. We run on iPhone, Droid, and the Mac. We can connect you with your clients and each other more effectively because communication and collaboration are what the internet was built for; it's not an afterthought strapped onto quaint software based on client/server technology developed back when going online meant a Prodigy account.
Other Resources of Note
- Amazon Web Services Security Whitepaper (9/2009, PDF). If you can make sense of all of this and can readily paraphrase, please send me your resume and salary requirements. :-)
- Amazon Web Services Security Overview (11/2009, PDF). Same as above with pretty pictures and less technobabble.
Leave a Reply