Hacker News new | ask | show | jobs
by antonvs 55 days ago
I worked for a few years on an on-premise deployment of a system that was otherwise SaaS. Many enterprise customers simply won’t allow something like this - particularly big financials, aviation, healthcare etc.

Realistically, the game ends up being - see what you can get away with until someone notices. Given that, you might want to rename the product to something more boring than “Alien”.
2 comments
alongub 55 days ago
In practice, unmanaged self-hosting is often less secure, because you end up with outdated versions, unpatched vulnerabilities, and no one responsible for keeping things healthy.

More and more enterprise CISOs are starting to understand this.

The model here is closer to what companies like Databricks already do inside highly regulated environments. It's not new... it's just becoming more structured and accessible to smaller vendors.

link
OlivOnTech 55 days ago
I don't agree, I see supply chains attacks as a bigger risk than outdated systems exposed only in the lan.
link
alongub 55 days ago
Both are real risks. But supply chain attacks exist whether you self-host or not... you're still running the vendor's code either way. The question is whether you also want that code to stay up to date and properly managed, or drift silently.
link
nickmonad 55 days ago
I agree that keeping things up to date is a good practice, and it would be nice if enterprise CISOs would get on board with that. One challenge we've seen is that other aspects of the business don't want things to be updated automatically, in the same way a fully-managed SaaS would be. This is especially true if the product sits in a revenue generation stream. We deal with "customer XYZ is going to update to version 23 next Tuesday at 6pm eastern" all the time.
link
alongub 55 days ago
This is true even with fully-managed SaaS though. There are always users who don't want the new UI, the changed workflow, the moved button. But the update mechanism isn't really the problem IMO, feature flags and gradual rollouts solve this much better than version pinning
link
nickmonad 55 days ago
Sure. I'm just saying in the context where fully-managed SaaS was already decided not to be an option, and a customer is deploying vendor code in their environments, the update mechanism can in fact be a problem. It's not just poor CISO management.
link
mrhottakes 55 days ago
agreed, this architecture is a non-starter for many enterprise orgs
link