Cloud Apps Critical Requirement No. 5: World-Class Data Center and Security

A cloud application provider should be able to offer excellent security and data privacy better than its customers can do on their own, and at no additional cost. Processes and policies should encompass physical, network, application, and data-level security, as well as full backup and disaster recovery. The provider should be compliant with security-oriented laws and auditing programs, including SOC 1 Report on Controls over Financial Reporting (SSAE 16), (formerly known as SAS70 Type II), and SOC 2 Report on Controls over Security, Availability, Processing Integrity, Confidentiality, and Privacy; both developed and administered by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for use by practitioners in the performance of trust services engagements.

Reputable SaaS providers are proving that SaaS can be done at least as securely as most enterprise implementations, and in some cases more securely. For example, at Locus, direct access to the database is limited to a select set of people on Locus’ operations staff. A typical on-premises ERP implementation would grant this access to a much wider group, creating a security challenge. SaaS providers must take a holistic approach to security, ranging from technical safety guards such as encryption to understanding data privacy laws and compliance, and building those safety guards into every product and process.
Locus has adopted the following SOC 2 principles and related criteria:

  • Security. The system is protected against unauthorized access (both physical and logical).
  • Availability. The system is available for operation and use as committed to or agreed upon.
  • Processing integrity. System processing is complete, accurate, timely, and authorized.
  • Confidentiality. Information designated as confidential is protected as committed to or agreed upon.
  • Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.

It should be the responsibility of CIOs to conduct due diligence on SaaS providers. Go in and see what they’re doing around data security and privacy.
No one should enter a relationship without thoroughly vetting the provider’s capabilities. Providers that won’t allow you a thorough examination, claiming all kinds of reasons, are the ones to avoid.

Cloud Apps Critical Requirement No. 4: Business-Driven Configurability

Cloud computing applications should be configurable, so your IT organization is freed from costly customizations, and business people can configure processes that meet the specific needs of the organization.

The greatest self-inflicted wound customers make is allowing too much customization to software they run on premises. It gets down to how customer balances freedom versus order. Customization is all about freedom, but if you go too far down that road, you lose order. At Locus, we have found that configurable environmental software lets an organization balance freedom and order. A configurable cloud application should include a catalog of industry standard choices, so that it becomes apparent how much time and cost has gone into a company’s previous efforts to customize software just because “a process has always been done that way” . With customizations, customers often are not designing for business processes, they are designing for personalities.

One of the myths of SaaS is that since it is in the cloud, it is one-size-fits-all, but that could not be further from the truth. Real SaaS solutions should not only be configurable for the company, but in different ways for different parts of a company. Many Locus customers with global footprints, for example, require different carbon management processes for different countries, which they can configure in Locus SaaS without the need for customizations. Similarly, customers can configure Locus to deliver DMR and other reports differently for different state requirements or different customer requirements.

The Value of True SaaS for EHS Compliance

What if there was a better way to manage your EHS, compliance, and sustainability information?

Cloud Apps Critical Requirement No. 3: Seamless Integration On Demand

A cloud application provider worth doing business with will share the burden of integration with its customers versus leaving them on their own. Cloud providers should make an integration infrastructure and integration tools available, assist its customers with integrations, and develop a partner ecosystem that includes consultants, integrators, and other software and SaaS companies.

At Locus, we believe seamless integration between our products and other products and services is another opportunity to transfer even more cost and complexity occurring within customers’ data centers into the cloud. We’ve developed, and will continue to develop, tools for customers and partners to build their integrations, and the infrastructure in our cloud to execute them. Customers can control the execution of integrations without baring the complexity of managing the infrastructure.

Cloud Apps Critical Requirement No. 2: Regularly Delivered, Vendor-Managed Updates–Rolling Upgrade Program

A cloud application is a single version of software that is regularly updated, often several times a year, for all customers. To realize the true cost benefits of SaaS, the provider should be managing all of those elements to adopt the latest capabilities in the updates on their own timelines. Software that has to be upgraded at the customer’s expense, even if the vendor hosts it, does not meet the requirements for a cloud application.

The update v. upgrade approach benefits both the vendor and the customer. The customer is not burdened by IT upgrade projects, while the vendor can focus on what it does best, which is maintain its own software. Vendors have a strong technical understanding of the software they developed, but the on-site world requires vendors to share this knowledge with customers, which is not an easy feat. When customers do not have deep insight into the software, or have difficulty obtaining employees or contract workers skilled to work on that software, the result can be problematic and even result in failed upgrades.

Vendor-managed updates deliver continuous improvement and allow companies to stay compliant with new laws and regulations. Traditional software vendors might offer some big, new changes every four to five years. With Locus, for example, customers receive consistent improvements through updates several times a year, and do not have to pay extra for any of them.

Locus Achieves a Microsoft Gold Application Development Competency

Locus demonstrates best-in-class capability and market leadership through demonstrated technology success and customer commitment

SAN FRANCISCO, Calif., 30 July 2013 — Locus Technologies (Locus), the leader in cloud-based environmental compliance and information management software, today announced it has attained a Gold Application Development competency, demonstrating a “best-in-class” ability and commitment to meet Microsoft Corp. customers’ evolving needs in today’s dynamic business environment and distinguishing itself within the top one percent of Microsoft’s partner ecosystem.

To earn a Microsoft gold competency, partners must successfully complete exams (resulting in Microsoft Certified Professionals) to prove their level of technology expertise, and then designate these certified professionals uniquely to one Microsoft competency, ensuring a certain level of staffing capacity. They also must submit customer references that demonstrate successful projects (along with implementing a yearly customer satisfaction study), meet a revenue commitment, and pass technology and/or sales assessments.

“This Microsoft Gold Application Development competency showcases our expertise in and commitment to today’s technology market and to providing our customers with the most advanced technology and functionality available,” said Neno Duplan, President & CEO of Locus. “We plan to accelerate our customers’ environmental data management success by combining this and other advanced web technologies with our deep domain expertise.”

“By achieving a gold competency, partners have demonstrated the highest, most consistent capability and commitment to the latest Microsoft technology,” said Jon Roskill, corporate vice president, Worldwide Partner Group at Microsoft Corp. “These partners have a deep expertise that puts them in the top one percent of our partner ecosystem, and their proficiency will help customers drive innovative solutions on the latest Microsoft technology.”

Earning the Application Development competency helps partners differentiate themselves as a trusted expert to their customers through development and deployment of commercial or custom applications built using core Microsoft technologies.

10 Critical Requirements for Environmental Cloud Applications: No. 1: True Multi-tenancy

There is considerable debate in the marketplace about whether organizations should know or even care about multi-tenancy. The truth is that multi-tenancy is the only proven SaaS delivery architecture that eliminates many of the problems created by the traditional software licensing and upgrade model, so it is extremely valuable to know whether a provider uses a multi-tenant architecture. A provider should be able to answer this question with a simple “yes” or “no,” and prove its answer.

Multi-tenancy ensures that every customer is on the same version of the software. As a result, no customer is left behind when the software is updated to include new features and innovations. A single software version also creates an unprecedented sense of community where customers and partners share knowledge, resources, and learning. Smart managers work with their peers and learn from them and what they are doing. Multi-tenancy offers distinct cost benefits over traditional, single-tenant software hosting. A multi-tenant SaaS provider’s resources are focused on maintaining a single, current version of the application, rather than spread out in an attempt to support multiple software versions for customers. If a provider isn’t using multi-tenancy, it may be hosting thousands of single-tenant customer implementations. Trying to maintain that is too costly for the vendor, and those costs, sooner or later, become the customers’ costs.

Multi-tenancy requires a new architectural approach. You have to develop applications from the ground up for multi-tenancy; otherwise, extensive work is required of the vendor to alter the on-premises application and underlying database for multi-tenancy, resulting in an even more complex, and potentially high-maintenance, application.

How to Recognize Cloud Providers and Applications that Deliver Real Value for Environmental and Compliance Information Management

Environmental, sustainability, compliance, CIOs, CTOs, and other business technology managers can free up valuable resources for strategic activities by deploying cloud applications that are less costly and complex, yet more intelligent and user-friendly, than on-premises applications. Tech managers can miss this opportunity, however, if CIOs are unable to differentiate real cloud providers and applications from imposters. In the enterprise software industry’s rush to fulfill rising demand, some providers may skip requirements that are critical to delivering the true benefits of cloud applications.

Industry pioneers for cloud applications (also known as software-as-a-service (SaaS)) know shortcuts do not exist. Applications, architectures, and processes must be built from the ground up to produce superior, leading-edge alternatives to the traditional on-premises software and maintenance model.

In next several months I will post 10 critical requirements for Cloud Applications that are relevant for our big data-driven industry focusing on importance of multi-tenancy. I hope that these 10 critical requirements of cloud computing will help organizations planning to replace legacy systems distinguish the difference between real and fake cloud applications. If cloud applications and their providers do not meet these requirements, it is unlikely they can deliver the full benefits of today’s SaaS.

Locus Introduces Conflict Minerals SaaS Module

New Locus module to help companies comply with conflict minerals ruling

SAN FRANCISCO, Calif., 22 July 2013 — Locus Technologies (Locus), the leader in cloud-based environmental compliance and information management software, has introduced the conflict minerals module to its comprehensive SaaS platform. The conflict minerals module will provide companies with the tools necessary to comply with section 1502 of the Dodd-Frank Act, the new conflict minerals regulations adopted by the U.S. Securities and Exchange Commission (SEC).

Locus developed the new module to help companies oversee their use of conflict minerals such as gold, tin, tantalum, and tungsten more easily through a thorough checklist and through interactive mapping functionality. The module serves as a centralized point of reference through which companies can track, manage, and aggregate information from their suppliers about conflict minerals by product, division, or business unit. The module will make the due diligence and reporting obligations that accompany this new ruling less expensive and time-consuming. It will also support the audit capabilities as required by law.

“We recognized the burden being placed on certain customers when the conflict minerals ruling was finalized, and saw an opportunity for Locus to help. Performing conflict minerals reporting through spreadsheets or home-built systems for a large Fortune 100 company can easily consume the time of more than 10 full-time employees,” said Neno Duplan, President and CEO of Locus. “Locus is continuously striving to stay on top of new rules and regulations, and the web-based, multi-tenant architecture of our software solutions allow us to easily add new functionality and updates to our state-of-the art cloud platform. By introducing this new module, we hope that complying with the SEC’s conflict minerals rule will no longer be such a daunting and expensive task.”

The U.S. SEC finalized this conflict minerals ruling in August 2012. The rule requires companies to publicly disclose their use of conflict minerals that originate from the Democratic Republic of Congo or its adjoining countries. Locus’ Conflict Minerals module will be available to both new and existing customers in fall 2013 and could be used to facilitate the current year filings.

Locus Featured in Sustainability Management Software Report by Independent Analyst Firm Verdantix

SAN FRANCISCO, Calif., 17 July 2013 — Locus Technologies (Locus), the leader in cloud-based environmental compliance and information management software, has been recognized as one of the top 15 global sustainability management software suppliers in the report “Green Quadrant® Sustainability Management Software, July 2013.” This report by Verdantix, an independent analyst firm who provide data, analysis and advice in the areas of energy, environment and sustainability, reveals that Locus offers solid data management and sustainability reporting capabilities.The Verdantix report acknowledges Locus for its strengths in data input, data management, and data modeling. Locus has been a strong presence within the industry for more than 15 years now, and continues to present its customer base with a wide variety of functionality offered through the cloud. This includes the full gamut of data input options, from meter integration to third party software integration, and aesthetic features to view and manage information.

“For the data management capabilities, Locus Technologies offers the best-in-class solution for geographic information capture,” says Samantha Price, Industry Analyst at Verdantix and author of the report. “The software offers full data capture and management capabilities integrated with mapping tools, displaying full environmental and sustainability data on a web-based, interactive GIS system.”

The report also recognizes that Locus has designed its EH&S software platform, ePortal, to deliver impressive reporting functionality for CDP carbon, GRI and mandatory GHG reporting requirements including U.S. EPA Mandatory Reporting, EU Emissions Trading Scheme and the California Global Warming Solutions Act (AB32) for which it is certified.

“The concept of enterprise sustainability management may be slightly different from company to company, but its importance remains steady and undeniable, states Neno Duplan, President & CEO of Locus. “It is crucial that we properly balance our resource usage in the present, so that these resources are not depleted for future generations. Locus built its sustainability software to do just that while also providing another equally important functionality to its customers—to lower their operating costs by optimizing resource consumption.”

ABOUT VERDANTIX

Verdantix is an independent analyst firm. We provide authoritative data, analysis and advice to help our clients resolve their energy, environment and sustainability challenges. Through our global primary research and deep domain expertise we provide our clients with strategic advice, revenue generating services, best practice frameworks, industry connections and competitive advantage.

For further information, please visit www.verdantix.com.