Saas Week Podcast - Common SaaS Misconceptions
(No Ratings Yet)
Loading ...Saas Week just posted a new podcast on Common SaaS Misconceptions with Chris Cabrera, CEO of Xactly.
Chris, in the podcast, talked about 3 major misconceptions: security, integration and legacy concerns.
Security (and data privacy for that matter) has been, and will likely continue to be, the biggest concern. Chris argued that this concern is really red herring and that smart CIOs are finding that SaaS companies sometimes even have more security measures and better security policies than when the data is housed internally. Though I would say that this is the case of devil you know vs the devil that you don’t. If you know that internal security measures are not up to par, there may be compensating controls that can be put in place. However, with SaaS products, the enterprises loses all of the control. So they are understandably concerned.
Chris gave the example that with data housed internally, employees will copy them onto their computer and use it offline. Whereas with SaaS, they will likely be less inclined to do that. This is true to a certain extent. However, nothing prevents the employees from copying data onto their computer even if it’s SaaS. If they are offline and want to work on the data, they will copy them down regardless of SaaS or on-premise. (Now here’s a thought, maybe Google Gears can have some monitoring and tracking capabilities built-in? Or maybe someone can extend Gears?)
Now I am not arguing that enterprises should never use SaaS products. I am simply saying that they should keep security and privacy in mind when evaluating different SaaS offerings and make sure that either
- Truly sensitive data such as credit card information are never housed externally.
- Take extreme measures to evaluate a SaaS provider’s security policy and practice. (How to evaluate is probably for another post. I would love to hear your thoughts in the comments if you would like to discuss.)
Chris later provided some guidance:
- Make sure the vendor meets compliance standards and such as SAS70 type 2 security standards
- Tour the data center to ensure proper security practice are in place
- Get educated about the security standards (and for SaaS providers, educate your customers)
- Check references (nothing ever replaces this, so always do it)
The second misconception Chris mentioned is “integration.” Many enterprises have the misconception that SaaS offerings are closed and are more difficult than on-premise apps to integrate. I have to agree with Chris here that this is truly a misconception. Most SaaS providers are much more Web 2.0-savvy and usually provide better API to customers for integration. Chris also mentioned their 4-way mashup with PayPal, Amazon and Salesforce.com.
The last misconception discussed was around the legacy concerns from the old ASP model. Chris didn’t specifically talk about why the old ASP model generated these legacy concerns. He simply said that because the old ASP model wasn’t built from the ground up to be multi-tenant, therefore people had concerns. I would have liked to hear more about the specific reasons. This is one of the things that bugged me about the podcast. Chris touted multi-tenancy to be this be all end all solution to all problems including security and integration. That’s simply not the case. Multi-tenancy brings its own set of concerns and problems such as data privacy and performance. Most ISVs who have been developing on-premise applications will likely not be familiar the design considerations of multi-tenancy and will have a learning curve to go through. Again, I believe multi-tenancy has a lot of advantages but let’s not make it the solution for everything.
One thing Chris said that every ISV should remember is: “The saas model must earn the customer every month.” The cost of migrating from one SaaS provider to another is much lower than on-premise apps. So in order to keep your customers, make sure you do everything you can in supporting the customers. Remember, Support is the New Marketing!
