One of the more under talked about areas in the whole SaaS and Cloud Computing discussion is the transfer of risk to the network. The services provided from the Cloud are typically more robust and scalable than those hosted in-house. Medium to Large organisations will have their own LAN's and WAN's designed to allow all their employees access to corporate services. Essentially, the network is under their own control.
With SaaS and the Cloud, the networks are all publicly provided. This certainly simplifies the connectivity and management side of things. However, the risk to the provided SaaS service is now in the network. If connectivity to the network is lost (from any node), those at that node have no service. I know this is stating the obvious but the point here is the types of services being provided - they're starting to become more mission critical. This means the accessibility requirements go up. It's not good enough for an organisation to have a five 9's up time from the SaaS provider if they can't access it.
For critical services the configuration of the network at each node now needs to be considered. Backup links, automatic failover, connections from DR sites etc start to become critical. Organisations using SaaS and Cloud services now need to seriously look at their own networks and telco providers and in particular their connectivity to the Internet. This includes access for teleworkers and other remote workers.
I've seen some innovative offerings from mobile network providers recently for SME's (Small, Medium Enterprises) who are starting to offer broadband packages and routers with a backup 3G network connection. If the DSL line fails, the router automatically switches over to the 3G link. It might be a slower speed but at least you still have access. When WiMax starts to get more pervasive the service options will increase even further. These types of services could also be ideal for large corporates to give to remote / tele workers.
If you are seriously considering utilising Cloud (or SaaS) based services for critical corporate applications, you need to have a good long look at your current network and your Internet service providers. Do a risk analysis and consider all mitigation options. You may need to spend a bit more throughout your network but it should be thought of like insurance.