SaaS (Software as a Service) along with Cloud Computing have become the buzzwords of late. Actually SaaS is not a new concept, it follows the principles of Service Bureaus such as those run by AT&T, EDS, IBM, etc., that of centralized computing and application access. The advantages are seemingly obvious; no fuss, no muss outsourced central administration of applications and their associated data; no disaster recovery worries; no security concerns; no IT personnel to deal with; smooth sailing – right? Not so fast. Not all SaaS offerings are created equal and as much as SaaS vendors would like to you to believe it, SaaS is not a one-size-fits-all solution.
The advantage of SaaS applications such as CRM and others has been promising with some significant strides in usability and speed. However, there are areas of concern that potential or existing consumers of these services must examine and address. The due diligence is with you to determine whether or not SaaS is right for you. Here five of ten key areas of consideration:
1. Data Control: How important is control to you? Can you access your data anytime you want to in a format that you can use? Cyber-thieves target financial firms with ferocity and the larger the target the better. Control over your data security should be of prime concern. Does the service provider hold SAS70, ISO or other certifications? What controls have you put into place? Will you control it or will someone else?
2. Data Security: Centralized data can also mean centralized risk. Every year there are tremendous data security losses that affect us all. Who hasn’t had a new credit or ATM card issued to them due to a major data security loss? Whether or not you will trust your data to an external facility or not is a big decision. Datacenters are inherently safer places due to their redundancy and resiliency. However they represent larger targets for exploitation as well. Understanding the computing environment is also important. You should ask questions such as: Will my database be on a shared server with other clients or will it be hosted on a discrete server? If I am sharing a database server, what steps have been taken to insure strict partitioning of my critical data from other clients?
3. Data Privacy: Understand precisely how your data will or will not be used. This is not your data. It is your client’s data for which you are its ward. Examine and thoroughly understand your provider agreement. You may be giving certain rights of use of anonymous data to your provider. This may seem obvious; however it may come to your surprise that your data is being scrubbed into anonymous internal marketing statistics. While there is no harm in the use of anonymous data, you should still be able to make an informed decision as to its use if at all.
4. Quality of the provider’s vendor relationships: If your service is managing third party applications, it is upon you to understand and confirm the quality of those third party relationships. Your service agreement indemnifies your provider of any breach in third party service.
5. Understand the application and needed features thoroughly: Web-based application features and functionality can suffer when compared with desktop equivalents. Some features are purposely disabled to reduce the level of provider liability. If the provider is a custodian, they may be willing to take on more liability thereby providing more features. Does the application have everything you need now and to support future growth?
We will consider the other five points of consideration in “What you need to know when considering SaaS – Part II
This post is not a discussion of client/server versus SaaS religion. It is meant to evoke the questions that need to be asked when considering SaaS as an alternative to conventional solutions.
Thank you for your readership!