In recent years, outsourcing business processes and applications via the Software-as-a-Service (SaaS) model has become hugely popular, not least in the business continuity world. As in all areas of procurement there are things to consider that make the difference between success and failure, as Jakub Lewandowski explains.
The growth of SaaS is not surprising – instead of taking on the cost and headaches associated with developing, purchasing, implementing, hosting, or supporting software on-premises, organizations can instead source them from a specialist third party who wraps them up in an all-in-one service.
The many potential benefits offered by SaaS range from a more convenient, operational cost model and browser-based accessibility, to solutions that are much easier to scale up and down according to need. Whatever the motivation, the SaaS story is compelling, with industry research expecting the global Software-as-a-Service market to exceed $700 billion in value by 2028.
On the flipside, however, SaaS is not a panacea for every business process or software use case, with concerns over issues such as security, data governance, service levels, and loss of control causing some organizations to treat SaaS with caution or avoid it entirely.
In assessing the options, there are some key issues to consider:
Decide whether a SaaS solution is appropriate for your organization
Not every organization can go down the SaaS route, with laws or organizational policies and procedures sometimes requiring that data be stored on in-house infrastructure. This frequently happens to organizations in the public sector and in more highly regulated industries, such as banking and finance.
Decide what type of SaaS solutions are required
SaaS solutions can generally be categorised into business support and tool systems, and cater to a wide range of customer needs. Business support systems include products that support end users, such as CRM systems or Microsoft 365, whereas tool systems are geared towards requirements including data processing, AI-based data analysis systems, local and cloud security systems, and data backup solutions. Organizations should carefully assess their needs to determine where their investment in SaaS will begin and end.
Assess the track record of any potential service provider
It is crucial to have faith in any SaaS provider’s track record and ability to satisfy clients who have needs comparable to your own. Make sure you check their experience, credentials, and customer satisfaction ratings before signing on the dotted line.
Understand who owns and has responsibility for business data
Organizations should always double-check SaaS contracts to ensure they maintain ownership of their data throughout the duration of the agreement. In addition, it’s vital to agree the legal responsibility for data entrusted to the provider – the contract should define specifically who bears responsibility and will be held accountable, particularly as cloud services typically involve more than one entity.
SaaS contracts may also refer to agreements with third parties; it is important to analyse these clauses to determine who is in charge of what. Diagrammatic illustrations of any shared responsibilities may be helpful to ensure clarity.
Check whether the service supports key compliance and regulatory requirements
The ideal SaaS solution will help organizations meet their compliance goals. For instance, a cloud backup system can allow the administration of data retention periods while preventing end users from deciding to migrate data outside the cloud. Don’t forget, for any solution designed to process personal data, procurers will typically require a separate contract for entrusting the processing of personal data.
Beware of hidden costs
Always carefully examine a SaaS contract to check whether there is scope to incur additional expenses. For instance, organizations should review the conditions for terminating the contract with the provider, particularly in light of vendor lock-in risks. Failure to do so may result in being liable for additional, unplanned costs.
Understand the scope and limitations of Service Level Agreements
Service Level Agreements (SLAs) are used by SaaS providers to formally set out their contractual obligations – and the limitation of their services. These should be thoroughly reviewed before any contract is signed, particularly the conditions for applying for compensation mechanisms, such as service credits, and what constitutes grounds to terminate the contract.
By taking these issues into account, organizations put themselves in an ideal position to create strong relationships with SaaS providers based on transparency and trust. In doing so, they can enjoy the cost efficiencies, versatility, and convenience of the as-a-Service model, while also focusing the time and attention of their technology experts on more strategic objectives.
Jakub Lewandowski is Global Data Governance Officer at Commvault.