Expert SaaS Advice: Implementing Software as a Service

Industry experts talk about issues to be aware of when licensing software via the SaaS model.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 2)

While more industries are taking to the software-as-a-service model, experts warn that offloading your applications does not mean offloading responsibility.

“It’s important to understand that even if you go with a hosted service, you still have to manage the quality of that application,” says Irwin Lazar, analyst with Nemertes Research.

In the SaaS model, applications are hosted by providers over the Internet and companies are charged for usage rather than ownership. Lazar says the benefit of this approach is that IT groups do not have to spend limited budgets to buy and operate complex infrastructure.

In the financial sector, more than 60% of the top 150 U.S. banks use at least one service-based cash management or small-business banking application, and more than 90% of community-sized banks (those below $4 billion in assets), use a shared service platform to offer customers Internet or small business banking. Sean O’Dowd, analyst with IDC’s Financial Insights research firm, says SaaS enables banks to forego large upfront capital expenditures, such as licensing and servers, and spread out costs over time, increasing revenue predictability.

Lazar agrees. “What’s driving this move to SaaS is cost. If I’m an IT manager looking at the next version of a productivity suite, I can either buy a license at $200 a seat and have troubleshooting, infrastructure and management costs, or I could subscribe to a service. It’s a no-brainer,” he says.

He points out that the SaaS model is most attractive for commodity applications, such as customer relationship management, human resources, payroll and Web conferencing, not core software, such as programs supporting research and development. “There’s a lot more sensitivity around the company’s crown jewels,” he says.

No matter how common the task, companies must be on their toes when dealing with outsourcers, says Danny Allan, director of security research at Web application security vendor Watchfire Corp. in Waltham, Mass. ““The biggest risk in SaaS is you don’t know how secure the provider is, and internal data is outside the organization,” he says.

He counsels IT managers to examine five key areas when deciding on an SaaS provider: privacy and security policies; transparency into the provider’s organization; metrics regarding audits and response to security breaches; strong feedback loops; and continuous education for customers.

Organizations should guarantee that authorization and access controls are strong not only between them and the provider, but also among the providers’ other customers that share the infrastructure. Allan admits that this can be difficult to gauge so he recommends asking to see a written policy. “This will tell you whether the organization is mature.”

He also encourages IT teams to write into their contracts that they will have access to testing schedules, software development life cycles, and upgrade and patch deployments. “If you don’t know when they are running upgrades, there is a serious risk of downtime,” he says.

Just as important as transparency is having a backup and exit strategy for data. Tim O’Brien, director of the platform strategy group at Microsoft, says companies need flexibility and insurance built into the SaaS model.

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.