Software as a Service: Are You Prepared?Software as a Service: Are You Prepared?

The economic environment has placed increased pressure on organizations to use their IT budgets and resources wisely... Software as a service (SaaS) alternatives could be a great opportunity to deliver business value and avoid long IT cycles... But nothing comes so easily without precautions and warnings.

Mark Smith, Contributor

March 24, 2008

3 Min Read
information logo in a gray background | information

The economic environment has placed increased pressure on organizations to ensure they are even wiser with their IT budgets and resources in order to respond effectively to business. As organizations find methods to reduce and avoid costs, the dilemma of installing and maintaining software and applications continues to be a place for examining alternatives. These software as a service (SaaS) alternatives could be a great opportunity to deliver business value more immediately and avoid long IT cycles that may conflict with the time pressures of your organizations. But nothing comes so easily without precautions and warnings.Now, you must realize that by having your application operate outside of your organization, your data being created or integrated is not under your supervision and in many cases, it is not even under the provider's supervision. Therefore, it is important to ensure that the provider has complied with industry compliance standards in how they manage your data and who has access to the data in their hosting company and organization are controlled in their access to your data. This is why there is a lot of discussion and focus on SAS 70 Type I and Type II compliance as outlined by the AICPA and conducted by auditors. This can help ensure that processes and policies are defined and managed to ensure the protection of your system that you are using in a software as a service (SaaS) manner by the actual provider or their hosting partner. You should examine your potential SaaS provider certifications and who conducted them to ensure the right level of security and that it is being maintained and reviewed on an annual basis.

Now, what is additionally important is to ensure that you can access your data in the application for other business purposes that are critical for you. In many organizations the re-integration of data from an SaaS provider into a centralized data mart or business intelligence system is needed to gain a complete view of your employees, customers, sales, etc.. In fact, the access and integration of that data over the Internet needs to connect to other SaaS provider offerings that you may be using as well. Of course, conducting this is in a safe and secure manner is critical. So does your service level agreement allow you to do that? Do you own your data or do they? Many early adopters of SaaS applications have found they are not in the right position to negotiate their SLA when they did not establish the contractual guidelines properly at the beginning.

I hope you think and analyze carefully through these issues as pointed out as these and many others need to be considered as you evaluate software as a service options. You must ensure you are not just finding the fastest path to avoid IT cycles or cost savings but are prepared to manage and provide oversight to SaaS choices you make. You will need to be responsible for ensuring that your business applications and data, whether rented or owned, is being managed properly and can be leveraged effectively as part of your business.

Let me know your thoughts.The economic environment has placed increased pressure on organizations to use their IT budgets and resources wisely... Software as a service (SaaS) alternatives could be a great opportunity to deliver business value and avoid long IT cycles... But nothing comes so easily without precautions and warnings.

Read more about:

20082008

About the Author

Mark Smith

Contributor

Mark is responsible for the overall direction of Ventana Research and drives the global research agenda covering both business and technology areas. He defined the blueprint for Information Management and Performance Management as the linking together of people, processes, information and technology across organizations to drive effective results.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights