Software as a Service (SaaS) providers have captured the attention of data center directors and application business groups who want to save money on application development, licensing and maintenance. The appeal is strong, but don’t rush in. Selecting one or more SaaS providers is a serious undertaking, because the data and applications of a business will live in their environments and each SaaS vendor has strengths and weaknesses. This tip offers four evaluation criteria that will help you uncover the latter.
SaaS is a deployment model that delivers and manages enterprise software solutions as a service to meet the needs of many customers simultaneously. SaaS solutions are usually delivered over the Web and are priced as a subscription service, usually on the number of seats desired by the target organization. A SaaS software solution resides at the provider’s site running on the provider’s servers. Some of the user’s sensitive data may also reside on the provider’s storage devices. The provider is responsible for upgrades, maintenance and support of the application software.
When evaluating SaaS applications and other services, always consider these four criteria:
- Strength of SaaS provider’s security processes and standards: Because you access SaaS provider software via the Internet and your data is stored at the provider’s site, security is of utmost importance. Security issues can be complex if the SaaS provider forces you to follow a fixed security model that is at direct odds with your corporate security model. Work with the SaaS provider on a service level agreement (SLA) for security that satisfies your needs. Is the provider compliant with SAS 70, implementing well-documented security practices and testing them on a regular basis? Carefully examine the security processes of the provider to make sure that they are compliant with your security standards. Get everything in writing and include a clear statement of penalties in case the provider does not deliver on agreed upon SLAs. Don’t forget to include processes for disaster recovery, backup, restore, etc.
- Provider’s ability to provide the flexibility needed to meet your needs: Flexibility involves a number of things. Can you easily add and drop features to your subscription, such as add seats, and can you do it online? Can you drop your subscription with cause, such as SaaS provider fails to deliver the agreed upon solution, without penalty? Can you integrate the SaaS solution with other corporate solutions? Do you have control over the administration of your users? Can you customize the SaaS solution to fit your corporate needs? Can you easily monitor how much you are spending? How difficult is it to get your data back if you decide to cancel your subscription? Does the provider provide access by mobile devices? Some of these questions are more important than others, but integrating the SaaS solution with your other software and getting your data back after a subscription is canceled are two of the most important ones.
- History of provider’s regard for its SLAs: SLAs are important for availability, performance, scalability and security. You are basically at the mercy of the SaaS provider to provide the services for which you have subscribed. Ask the SaaS provider for permission to look at SLA performance records to see if the provider is reliable with respect to adhering to SLAs for customers. A mature SaaS provider will negotiate SLA agreements to satisfy your needs.
- Provider’s business viability and future outlook: Select a SaaS provider that is going to be in business for a long time. In selecting a SaaS provider, you are looking for a business partner that will not go out of business in a year. You should look at a provider’s experience in providing SaaS solutions, examine financial information, predicted growth of the business, etc. Additionally, Does the provider have a good set of partners? Does the provider have a long list of satisfied customers, including reference customers for you to interview? Is the provider innovative with a record of staying ahead of user needs and holding its own with the competition?
The relative importance of these criteria will differ depending on your business needs. For example, mobile access may not be important to companies looking to access SaaS solutions inside the company’s premises. Lower degrees of security may be satisfactory if data is not critical or sensitive.
Unlike your relationship with a software vendor that provides you with on-premises software and then exits till the customer needs something, the customer has a close relationship with a SaaS provider, beginning with the subscription purchase. When entrusting the SaaS provider with sensitive business data stored at the provider’s site, a business becomes dependent on the provider on an ongoing basis for smooth running of systems, innovation, support and sometimes training. Treading carefully during the selection process can reduce risks of the provider-customer relationship going sour, loss and/or leakage of valuable data and other onerous situations.
This was first published in June 2012