This is “SaaS: Not without Risks”, section 10.8 from the book Getting the Most Out of Information Systems (v. 1.3). For details on it (including licensing), click here.
For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. To download a .zip file containing this book to use offline, simply click here.
Like any technology, we also recognize there is rarely a silver bullet that solves all problems. A successful manager is able to see through industry hype and weigh the benefits of a technology against its weaknesses and limitations. And there are still several major concerns surrounding SaaS.
The largest concerns involve the tremendous dependence a firm develops with its SaaS vendor. While some claim that the subscription-based SaaS model means that you can simply walk away from a vendor if you become dissatisfied, in fact there is quite a bit of lock-in with SaaS vendors, too. And in addition to the switching costs associated with switching on conventional software platforms, switching SaaS vendors may involve the slow and difficult task of transferring very large data files over the Internet. Having all of your eggs in one basket can leave a firm particularly vulnerable. If a traditional software company goes out of business, in most cases its customers can still go on using its products. But if your SaaS vendor goes under, you’re hosed. They’ve got all your data, and even if firms could get their data out, most organizations don’t have the hardware, software, staff, or expertise to quickly absorb an abandoned function.
Beware with whom you partner. Any hot technology is likely to attract a lot of start-ups, and most of these start-ups are unlikely to survive. In just a single year, the leading trade association found the number of SaaS vendors dropped from seven hundred members to four hundred fifty.M. Drummond, “The End of Software as We Know It,” Fortune, November 19, 2001. One of the early efforts to collapse was Pandesic, a joint venture between SAP and Intel—two large firms that might have otherwise instilled confidence among prospective customers. In another example, Danish SaaS firm “IT Factory” was declared “Denmark’s Best IT Company” by Computerworld, only to follow the award one week later with a bankruptcy declaration.R. Wauters, “The Extraordinary Rise and Fall of Denmark’s IT Factory,” TechCrunch, December 2, 2008. Indeed, despite the benefits, the costs of operating as a SaaS vendor can be daunting. NetSuite’s founder claimed it “takes ten years and $100 million to do right”Sarah Lacy, “On-Demand Computing: A Brutal Slog,” BusinessWeek, July 18, 2008.—maybe that’s why the firm still wasn’t profitable, even three and a half years after going public.
Firms that buy and install packaged software usually have the option of sticking with the old stuff as long as it works, but organizations adopting SaaS may find they are forced into adopting new versions. This fact is important because any radical changes in a SaaS system’s user interface or system functionality might result in unforeseen training costs, or increase the chance that a user might make an error.
Keep in mind that SaaS systems are also reliant on a network connection. If a firm’s link to the Internet goes down, its link to its SaaS vendor is also severed. Relying on an Internet connection also means that data is transferred to and from a SaaS firm at Internet speeds, rather than the potentially higher speeds of a firm’s internal network. Solutions to many of these issues are evolving as Internet speeds become faster and Internet service providers become more reliable. There are also several programs that allow for offline use of data that is typically stored in SaaS systems, including Gears and Adobe AIR. With these products a user can download a subset of data to be offline (say on a plane flight or other inaccessible location) and then sync the data when the connection is restored. Ultimately, though, SaaS users have a much higher level of dependence on their Internet connections.
And although a SaaS firm may have more security expertise than your organization, that doesn’t mean that security issues can be ignored. Any time a firm allows employees to access a corporation’s systems and data assets from a remote location, a firm is potentially vulnerable to abuse and infiltration. Some firms may simply be unacceptably uncomfortable with critical data assets existing outside their own network. There may also be contractual or legal issues preventing data from being housed remotely, especially if a SaaS vendor’s systems are in another country operating under different laws and regulations. “We’re very bound by regulators in terms of client data and country-of-origin issues, so it’s very difficult to use the cloud,” says Rupert Brown, a chief architect at Merrill Lynch.G. Gruman, “Early Experiments in Cloud Computing,” InfoWorld, April 7, 2008.
SaaS systems are often accused of being less flexible than their installed software counterparts—mostly due to the more robust configuration and programming options available in traditional software packages. It is true that many SaaS vendors have improved system customization options and integration with standard software packages. And at times a lack of complexity can be a blessing—fewer choices can mean less training, faster start-up time, and lower costs associated with system use. But firms with unique needs may find SaaS restrictive.
SaaS offerings usually work well when the bulk of computing happens at the server end of a distributed system because the kind of user interface you can create in a browser isn’t as sophisticated as what you can do with a separate, custom-developed desktop program. A comparison of the first few iterations of the Web-based Google Docs office suite, which offers word processing, presentation software, and a spreadsheet, reveals a much more limited feature set than Microsoft’s Office desktop software. The bonus, of course, is that an online office suite is accessible anywhere and makes sharing documents a snap. Again, an understanding of trade-offs is key.
Here’s another challenge for a firm and its IT staff: SaaS means a greater consumerization of technology. Employees, at their own initiative, can go to firms such as Socialtext or PBworks and set up a wiki, WordPress to start blogging, or subscribe to a SaaS offering like Salesforce.com, all without corporate oversight and approval. This work can result in employees operating outside established firm guidelines and procedures, potentially introducing operational inconsistencies or even legal and security concerns.
The consumerization of corporate technology isn’t all bad. Employee creativity can blossom with increased access to new technologies, costs might be lower than home grown solutions, and staff could introduce the firm to new tools that might not otherwise be on the radar of the firm’s IS Department. But all this creates an environment that requires a level of engagement between a firm’s technical staff and the groups that it serves that is deeper than that employed by any prior generation of technology workers. Those working in an organization’s information systems group must be sure to conduct regular meetings with representative groups of employees across the firm to understand their pain points and assess their changing technology needs. Non-IT managers should regularly reach out to IT to ensure that their needs are on the tech staff’s agenda. Organizations with internal IT-staff R&D functions that scan new technologies and critically examine their relevance and potential impact on the firm can help guide an organization through the promise and peril of new technologies. Now more than ever, IT managers must be deeply knowledgeable about business areas, broadly aware of new technologies, and able to bridge the tech and business worlds. Similarly, any manager looking to advance his or her organization has to regularly consider the impact of new technologies.
The risks associated with SaaS include the following: