By now, you have been inundated with articles on software as a service and cloud computing. Hype aside, you know that this is a paradigm shift in the technology world that you need to embrace, or at least consider. Your biggest concern is how to convince your senior management or board that this is the right direction to take now. As with other proposals you bring to this group of stakeholders, you'll get nowhere until you provide the right level of education and make a strong business case.
As you lay out that business case, the strongest arguments in favor of SaaS are the low cost of entry, costs that match the business' needs, ongoing new functionality, and the ability of your team to focus on adding business value versus just running systems or applications. While the initial cost of entry is well understood (startup costs are minimal compared with a large one-time capital investment in traditional software licenses), what is less understood is the longer-term cost benefit of the SaaS model.
For example, when doing an ROI analysis for typical off-the-shelf software, you will target a specific payback period to determine if the investment should be made or to determine the total cost of the investment over time. Do the same analysis on SaaS for the same time period and the results might not appear that different. However, most capital-focused ROI analyses don't factor in the high yearly cost of software maintenance, the cost and challenges of doing upgrades every two to three years, or the ongoing internal maintenance cost. And most important, they don't factor in the lost opportunity of deploying your resources more efficiently and effectively onto business initiatives.
This is where SaaS gets compelling. In fact, until traditional software vendors wake up to the fact that they must dramatically alter their outdated and high-cost model of software maintenance, SaaS will always be the more financially compelling option over a three-year-plus time horizon. When your software vendor makes as much as 90% of its profits from software maintenance fees, you need to ask what it is you're getting in return beyond the ability to execute a future upgrade and the right to inform the vendor of errors in its software. In contrast, your SaaS subscription fees will likely translate into immediate benefits when your vendor automatically upgrades your environment with new and improved features. This assumes your SaaS vendor is upgrading its environment at least once a year. If not, you need to look for another vendor.
Not That New
It's also important to educate stakeholders that SaaS and cloud computing aren't as new as they might think. They're concepts that date back to the earliest days of computing--time and resource sharing on mainframes. The key difference is that the mainframe or other central computers no longer reside in your data center but in your service provider's data center, and neither the systems nor the applications that run on them are owned by your company. The same levels of due diligence that need to be completed in any IT outsourcing arrangement must be followed with any SaaS or cloud provider.
Of primary concern to your stakeholders may be the viability of the vendor and the question of data ownership. These concerns must be addressed head-on. While there are some mature SaaS vendors (Salesforce.com, RightNow, etc.), most are still in the startup phase.
To address this concern, write into the contract specific language regarding performance service-level agreements, source-code escrowing, data ownership rights, data backup procedures, and auditing rights. In this regard, be sure to write tight language that ensures you can not only recover your data, but potentially also recreate the associated application environments should the vendor go out of business. Finally, update your business continuity plans with a scenario that covers a vendor failure, and test your plan to ensure you understand the challenges of bringing the apps back online without the vendor's assistance.
When Chiquita chose a SaaS vendor (Workday) for our global HR system, our stakeholders were particularly concerned about data security, regulatory compliance (particularly data privacy), and vendor stability. Data security compliance was addressed by ensuring that the vendor followed accepted best practices around data management, security access, and data center management, and that it permitted Chiquita to perform regular audits. Regulatory compliance was addressed in two ways: first, by ensuring that the vendor took responsibility for meeting any specific data management regulatory requirement within each country Chiquita operates in; and second, by proactively working with our chief compliance officer and outside counsel to take the necessary steps to ensure the company remained in compliance with regulatory requirements as the software service was deployed.
Vendor stability was more difficult to address. Our vendor, Workday, was clearly a startup, albeit a well-funded one with a great pedigree--founded by the ex-PeopleSoft team of Aneel Bhusri and Dave Duffield. Chiquita needed to get comfortable with the fact that our vendor could suddenly go out of business or not follow through on expected system enhancements and support. We determined that the benefits, including the unique opportunity to assist Workday in adapting its product for use in multinational companies, outweighed the risks in this particular case. As you look at SaaS, vendor stability is indeed a key question you must understand. For some applications (real-time requirements, financial reporting, etc.), choosing a SaaS vendor might be too much of a risk, and instead a more established off-the-shelf solution should be found.
In the end, simple analogies probably work best with your stakeholders. When educating Chiquita's stakeholders on the concept of SaaS, the simple analogy of "Would you rather lease or buy your car?" worked best in talking through the benefits and risks. With SaaS, you're leasing your software and the systems to run the software. With traditional off-the-shelf products, you're buying the software and systems to run the software, recognizing you will have to make continued investments to keep them up to date, depreciate them, and ultimately go through a major replacement. With SaaS, your team is freed to focus on adding business value. With off-the-shelf software, your team will have to spend more time "keeping the lights on" and less time engaging with the business, which is not where your stakeholders want you to be focused.
One final area of concern for many companies is customization--specifically, the inability to do it. While it's a misconception that SaaS doesn't allow for customizations, it's true that the level of customization isn't as deep as with off-the-shelf software. This can be a positive and a negative. For the CIO who is trying to lower costs, reduce the time it takes to perform upgrades, and enforce strong process discipline, limited customization is a strong positive. For a business that truly needs an application that precisely fits its unique needs for competitive differentiation, the level of customization that SaaS provides may not be enough.
In Chiquita's experience, the level of customization that our current SaaS vendors provide perfectly matches our needs. Customizations are mostly managed by the SaaS vendors, limiting the burden on our internal staff to user acceptance testing, not full regression testing.
SaaS and cloud computing are the next logical evolution of how software is acquired, managed, and maintained. Taking advantage of this shift can help you move your vendor relationships from being vendor-centric and vendor-controlled to ones that put you, the customer, in control.
Manjit Singh has served as the CIO of Chiquita Brands International for the past four years. He serves on the company's management committee and is responsible for Chiquita's global commercial and operational systems covering North America, Latin America, Europe, and Asia. Singh sets the strategic direction and governance for all technology initiatives at Chiquita worldwide, with an emphasis on compliance and global utilization of systems. He is a member of InformationWeek's editorial advisory board.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.