Expert's Guide to Evaluating Software: Chapter 3


Expert's Guide to Evaluating Software: Chapter 3

Security and Scalability

Security and Scalability

The biggest area of confusion for software buyers is security and scalability. Sadly, this confusion has been fueled by software vendors that are not multi-tenant cloud. They exploit common misconceptions and paranoia in most buyers. After all, we’re not all software engineers.

Their main strategy is to suggest to buyers that there is greater risk with a shared infrastructure. That with multi-tenant cloud software, data can get exposed to others, either inadvertently by a bug or maliciously by hackers.

In reality, multi-tenant providers know that security and scalability are table stakes for success. Their customers include governments, banks, pharmaceutical companies, and other industries that need to protect highly sensitive information. If a software vendor has security or scale issues, they are done!

For this reason, multi-tenant software vendors apply greater expertise, investments, and resources to ensure the infrastructure and their customer’s data is as secure as possible. The more established the multi-tenant software vendor is, the more investments they make in security and scalability. This makes multi-tenant software the most secure option.

Private cloud vendors are mostly on-premise vendors that are moving to the cloud. Private cloud is an easier strategy for them as it requires less knowledge and provides the ability to leverage their outdated software. By comparison multi-tenant cloud vendors were born in the cloud era so they tend to have greater expertise, techniques, and tools around all the layers of cloud security. 

The Cost of Security

Security is expensive. It requires constant investment to stay ahead of new vulnerabilities. When the first iPhone came out, it didn’t have many security features. No remote wipe. No fingerprint identification. These are common security features today but they are the outcome of many investments and innovations Apple has made over time. The same concept can be applied to securing enterprise software.

Security of on-premise software is like keeping your family photos on an external hard drive. To make it more secure, would you buy a safe and put your hard drive in it? Unless you are my long-retired mother, answer is probably no. Security of private cloud and multi-tenant cloud is like putting family photos in iCloud or DropBox.

The Cost of Security

On-Premise: Since your data is managed on your own company’s servers, your company needs to make ongoing investments to keep it safe. The burden of continuous improvement in security is not something every company has the ability to take on. Most companies are focused on growing their business, not software security. Even many of the world’s best software and network security companies lean towards cloud vs. on-premise.

When all your company’s crown jewels and IP are on-premise, the risk exposure is higher. If you break through the company's firewall and have access to one service, you have easy unfettered access to all the crown jewels. Protecting data, assets and IP in this model is more expensive than a cloud based model.

Private-Cloud: The cost of security is passed to the vendor, which is a good thing. But since every customer uses a separate infrastructure, the cost to improve security is not as efficient because it has to be managed and upgraded instance by instance. This can deter a private cloud vendor from making security investments putting you at risk.

Multi-tenant cloud: The vendor is accountable for security. Again, this is a good thing. The difference is that the economies of scale for security investments for a multi-tenant infrastructure are greater than private cloud. Every investment benefits every customer automatically. Greater ROI leads to larger and more frequent investments. So when new innovations in security become available, your software vendor is more inclined to make those investments and you get the benefit.

Data security is not the only area where the multi-tenant model works to your benefit. The software vendor has greater visibility to how customers are using the software which improves quality control. If the software has a defect, it is detected and fixed before it impacts your business. This makes the vendor smarter and more proactive. 


Software should be fast, regardless of where you are globally or what device you are using. As any business and its related information expands, application performance is an imperative. Take for example the first-generation iPhones, which had options of 4GBs and 8GBs. Perfectly appropriate for consumer needs when they were released. But with the rise in image fidelity, social media and “there’s an app for that” generation, a 4GB or 8GB iPhone would not be usable today. Not to mention the early iPhones did not have the processing power to support the current version of IOS. Now take that concept and apply it to mission critical enterprise software for your organization.

Simply put, scalability comes down to processing power, storage, and business-mandated performance standards.

On-premise: The burden of scale and performance is 100% on your company’s IT department. More data, more servers. More users, more servers. More servers, more cost and resources to maintain them. IT organizations are getting squeezed. IT needs to innovate to support the business more than ever - will they invest in innovation or be forced to use their resources to grow a server farm?

Private cloud: Because the cloud software is on a dedicated infrastructure, if your dataset or application requires more storage and processing power, you may incur additional costs. In effect, your cost reflects peak level activity and does not enjoy economies of scale from a shared environment like multi-tenant cloud.

Multi-tenant cloud: Similar to security, investments go a longer way in a multi-tenant architecture. In a frictionless manner with minimal to no disruption to end users, multi-tenant software vendors build a service that scales to meet the aggregate demands of all their customers. Multi-tenant vendors build and continue to improve an infrastructure elastic enough for all their combined customers. The result is better performance, no surprise or hidden fees, and less disruption to people getting their jobs done.

Expert's Guide to Evaluating Software Series:

Chapter 1: What Really Matters When Making Software Investments
Chapter 2: Defining Software Models
Chapter 3: Security & Scalability
Chapter 4: Total Cost of Ownership
Chapter 5: Innovation
Chapter 6: Flexibility
Chapter 7: Conclusion
Chapter 8: 20 Questions You Should Ask Vendors


Frank Defesche began his software career at Trilogy Software in Austin, TX, an on-premise software company. In the summer of 2000 he joined as one of their first consultants. In a world dominated by on-premise and home grown software, he was faced with the challenge of translating traditional software processes to an emerging cloud paradigm. He was part of the cloud’s first chapter and has lived it ever since. He currently serves as the SVP and General Manager of Veeva Systems and is responsible for expanding Veeva’s solutions to industries beyond Veeva’s life science beginnings.


veeva logo