Due Diligence, Vendor Management Get Short Shrift with SaaS

Ann All

Software-as-a-service vendors like to compare their solutions to traditional on-premise software, stressing how much easier and less expensive it is to deploy SaaS. And who can blame them? This is a reasonable approach to a point, and in at least some cases it's probably even true. But I worry that customers buy into these statements a little too eagerly, because of overly aggressive sales pitches, their own inflated expectations or some combination of the two.


I wrote about this back in October, encouraging companies not to let a "we'll throw the switch and everything will be great" mentality cause them to neglect the always-important issues of people and processes when implementing SaaS. I also mentioned it in November of 2007, in a post about how cost really shouldn't be the primary reason for using SaaS. In that post, I likened SaaS to outsourcing, noting a similar tendency for some customers to believe these services will somehow magically solve all of their business problems.


ZDNet blogger Phil Fersht makes some similar points in a recent post. Like Fersht, I've always considered SaaS to be a form of outsourcing, in which you offload at least some of your business functions to an outside provider. This is a concept that implies some pretty stringent due diligence, as well as ongoing relationship management. Yet for some reason, perhaps because of its relative newness, these areas seem to get neglected with SaaS.


The two specific areas Fersht mentions are data security and governance. He writes:

Outsourcing goes to great lengths to stipulate where data resides, how it is protected, who has access, which measures are in place to accomodate political or natural disasters, and how data management complies with regulations. In addition, outsourcing providers are SAS 70 compliant, but are all SaaS providers?

These kinds of questions should not only be included in due diligence but in most cases should be spelled out in contracts as well. (And with outsourcing agreements, they typically are.) SaaS vendors could allay customer concerns with transparency, clearly communicating to customers how they can extract their data if they want to leave and providing solid back-up arrangements, suggested Deal Architect blogger Vinnie Mirchandani earlier this year.


Such issues are of paramount importance in an area of the software industry so nascent that there are bound to be plenty of vendor shakeups in the years ahead. (Though outsourcing is more mature, it's not exactly immune to vendor shakeups.)


As for governance, Fersht adds:

Companies move into SaaS because it is cheap and easy, and often overlook the internal business transformation then need to go through to manage these processes effectively in an outsourced environment.

Again, even in outsourcing agreements, ongoing process management is sometimes neglected. But doesn't it seem even more likely to get superficial consideration in SaaS deals?

Add Comment      Leave a comment on this blog post
Apr 13, 2009 3:39 AM Miichael Harris Miichael Harris  says:

From my days in large corporations, I can see your concerns about SaaS.  However, now that I am running a small business, I view SaaS as an opportunity for my business to run more efficiently and effectively using the sort of tools that the big boys have always had but smaller companies could never afford to buy or operate.  As for the selling, being small, I have found that in each case, it has been me going out to do the research for the right tool and then finding out that its offered SaaS. SaaS tends to be my choice in this scenario because my staff are scattered over the US and Europe so the browser-based operation is perfect. 

Apr 13, 2009 8:28 AM Kim Terry Kim Terry  says:

My company, Terrosa Technologies, is focused on the selection and deployment of SaaS solutions for companies. As I like to say, "SaaS is not an application, it is an acronym". It does not represent any particular level of security or reliability for a specific application.

I agree with Ann that each SaaS application needs to go through a diligence process before adoption by corporations. I expect most investigations would find that commercial grade SaaS applications go through much more auditing and inspection than do in-house applications. But each application provider is a separate investigation.

Everyday a SaaS based service is on the line to produce a reliable and secure system - or go out of business. But general statements about SaaS reliability or security cannot be made. The market is not mature and many vendors are learning their own lessons about how to best support SaaS systems.

The good news is that IT is in a great postion to take a leadership position in bringing SaaS efficiencies to their companies by insuring that these types of systems meet requirements, just as they have done in the past with in-house or outsourced solutions.

Apr 14, 2009 6:03 AM Vincent Vincent  says:

Due diligence should be part of any software implementation regardless of whether it is SaaS or on-premise.  With any type of software solution, there are going to be ups and downs.  I agree that the some buyers may be eager with the "flip the switch" and hit the ground running sales pitch.  But the same goes for any sales pitch. 

On the same note, just as many on-premise companies come in and go out of businesses.  I believe the last statistic was that SaaS only makes up 30% of the industry.  From a buyers point of view, I don't think SaaS carries that much risk over the traditional on-premise solution.  Both require the same level of due-diligence.



Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.