SaaS, Service Delivery, and the Public Sector

Editor’s Note: BMC today announced the industry’s first IT Service Management SaaS solution optimized for local, state, federal and higher-education markets.  BMC Remedy OnDemand for Public Sector is expected to be the first ITSM SaaS solution to receive the U.S. Federal Risk and Authorization Management Program’s (FedRAMP) provisional authorization.  The solution is hosted by Dell and helps government and higher education agencies meet security and compliance requirements. 

In light of today’s announcement, the below guest blog post is from BMC’s Marc Ferrentino.  Ferrentino, who is responsible for the SaaS strategy across all of the BMC product lines, shares best practices on SaaS and service delivery for the Public Sector.

Public IT managers must provide a broad-based set of services across multiple government organizations, or within their own entities. Security and compliance requirements are often more demanding in the government than in private enterprises, and this increases costs for every level of compliance required. Public sector IT must meet these compliance requirements, which include comprehensive audits and detailed reports, even when budgets are very tight. IT service management solutions that are delivered as software as a service (SaaS) can provide just what these organizations need.  Here are some strategies for success.

Take a SaaS-First Approach

Government IT, as one of the largest buyers of IT software, services, and hardware, is poised to reap massive savings over the long term through SaaS adoption. At the local and state levels, where cloud-based computing is taking hold because budgets have become very constrained, SaaS comes to the rescue in many ways. With SaaS, you can provide high-end, enterprise-level services at a discounted price and reduce maintenance costs. In essence, SaaS lets an analyst or administrator build and configure new applications with point-and-click ease. The end users themselves can experiment with the tools to innovate and improve services. The efficiency they create at a low price has a big positive effect on the local or state government services they deliver.

Some of the biggest concerns about shifting to the cloud include handing over my data to another company that is out of your control. Do you trust that company? Is your data safe?” This is one of the largest areas of misinformation around the cloud.  SaaS vendors add features and processes to satisfy a large array of customers’ needs, adding up to a much more secure environment than an individual organization can provide.  A SaaS company is highly motivated to keep your data safe. SaaS providers must ensure the security of your data and infrastructure. They can afford to put the staff and infrastructure in place to ensure a level of security that some government entities may not be able to afford. They perform security tests and audits far more frequently than any government agency. So the area of greatest fear to CIOs actually represents an area of greatest strength for many SaaS vendors.

In response to national security concerns, the Federal Information Security Management Act of 2002 (FISMA) also requires federal agencies to safeguard information by developing, documenting, implementing, and annually reviewing and reporting on agency-wide programs that safeguard information systems. So, look for a SaaS vendor with a cloud-based IT service management solution that supports FISMA with “Low” and “Moderate” National Institute of Standards and Technology (NIST) security controls. The security support must stretch across the entire IT environment, from infrastructure to services and applications.

Follow Best Practices

The right IT service management approach to SaaS should provide built-in best practices. It should leverage a configuration management database (CMDB) with a discovery agent that can go out in the environment and discover all software and hardware, perform audits on the configuration items (CIs), and run reports on servers and software that are not being used and licenses that are not being used correctly. The discovery tool should also be able to map each CI to specific services to eliminate operational disruptions caused by equipment failure and poorly planned change processes. This is important in business, but even more important in government.

It’s crucial for the government to have a consistent system across all or most of its entities because they interact with each other. That’s why government IT needs a service management solutions vendor that has seen it all and done it all. The vendor should use proven solutions based on best practices from the IT Infrastructure Library. The solutions vendor should bring the expertise and knowledge of many different implementations to help each entity set up best practices and implement SaaS.

Understand What Your SaaS Vendor Can Offer

When you are looking for a SaaS vendor, remember that all clouds are not created equal. You need a vendor with the resources to offer high-quality services. Some companies don’t have disaster recovery or resources with the most effective operational processes. Look behind the substance of the product to the depth of quality needed, the number of releases, and the vendor’s innovation schedule, disaster recovery capabilities, operating facilities, and so on. Identify the processes they have in place to secure your data. While you are not directly responsible for the security of data in the SaaS world, you are responsible for making sure the vendor you choose is following all the guidelines.

SaaS can enable your public sector organization to provide higher levels of service at lower costs. By adopting a SaaS-first mentality, seeking out vendors that meet your security needs, focusing on best practices, and identifying your SaaS needs, you can position your IT organization to reap the benefits offered by the cloud.

For more information, visit


About the Author: BMC Software