IT Survival Guide: Software As A Service Requires Diligence

Here's how to decide if the siren's call of SaaS will lead to better service for users--or a hard landing on the rocky coast of broken dreams.
Software as a service is an alluring concept to IT pros faced with endless software upgrades, patching, and license wrangling. Gartner estimates the market for enterprise applications as a service will enjoy compound annual growth of 22% through 2011. That's more than double the rate for all enterprise software.

One big reason businesses turn to SaaS is cost savings. According to a total cost of ownership study conducted by Network Computing in March, CRM as a service for 105 users saved as much as $135,000 over three years compared with on-premises CRM. Savings came primarily from eliminating the need for hardware and software.

InformationWeek Reports

IT pros shouldn't dismiss SaaS without articulating your reasons. Line-of-business folks have been known to make end runs, so if SaaS isn't appropriate for a given app, be prepared to explain why.

The Opportunity
SaaS eliminates the up-front investment in application infrastructure and ongoing maintenance costs.
A fast and easy way to deploy new capabilities. Yet, if your company depends on unique processes for a competitive edge, SaaS may not be your best bet.
Evaluate IT's ability to deliver the app versus what you can get from the provider. Put measures in place to protect data and specify SLAs.
On the other hand, if you do go with a hosted application, you're not off the hook once a provider is engaged. Expect to spearhead data migration from a legacy platform to the service and to help integrate the service with business apps and, if necessary, customize to your company's needs. And you must ensure that your network can support the increased traffic loads.

Another significant driver is speed of deployment. There's no hardware to provision, and product evaluations and due diligence are streamlined because potential customers can easily test the service.

Make absolutely certain that your network and the service provider's network are up to par, and insist on a service-level agreement. Poor network performance can slow applications to a crawl, frustrating users and harming productivity. In the worst-case scenario, a total service outage can bring business to a halt. Negotiate SLAs that clarify how service delivery is measured, and specify penalties or compensation in the event something breaks.

SaaS is a way to access capabilities that would otherwise be too complex or expensive to do in-house. For instance, Web application security assessments require specialized skills, and the cost of a full-time employee or outside consultants can be prohibitive. A service-based assessment is a lower-cost alternative.

Speaking of security, you won't feel so smart if sensitive data stored at facilities outside your control goes missing. IT must vet the provider's data centers, including physical and logical access controls, network security systems, data backup and archiving, and business continuity and disaster recovery plans. You may want to invest in software and hardware to extract data from the provider to ensure that you always have a copy of critical information.

On the application security front, many SaaS providers rely on Ajax and other rich Internet application capabilities, which can introduce new vulnerabilities. Ask about software development practices, and be clear on how the provider will respond to bugs and security flaws.