IT Finance Connection had an interesting podcast with Ariel Kelman, Salesforce.com’s senior director of platform product marketing.
Ariel made a number of interesting points in the podcast:
SaaS is good for companies and IT organizations that want to increase focus from infrastructure to innovation.
IT organizations should consider SaaS applications just like other applications and should fit into the existing IT governance processes such as change management control.
SaaS applications are easier to administer, customize, integrate. (This is an interesting point as customization and integration are often cited as the top concerns for not adopting SaaS.)
IT organizations should involve business units early in the deployment process. (In theory, this is not all that different from on-premise apps.)
With platforms such as Force.com, IT organizations and business owners can build applications in real-time together. (rapid prototyping.)
According to Gartner, IT organizations spent 80% of their time on infrastructure and maintenance, and only 20% on innovation.
Definitely worth spending 15 minutes to listen to this.
Chris, in the podcast, talked about 3 major misconceptions: security, integration and legacy concerns.
Security (and data privacy for that matter) has been, and will likely continue to be, the biggest concern. Chris argued that this concern is really red herring and that smart CIOs are finding that SaaS companies sometimes even have more security measures and better security policies than when the data is housed internally. Though I would say that this is the case of devil you know vs the devil that you don’t. If you know that internal security measures are not up to par, there may be compensating controls that can be put in place. However, with SaaS products, the enterprises loses all of the control. So they are understandably concerned.
Chris gave the example that with data housed internally, employees will copy them onto their computer and use it offline. Whereas with SaaS, they will likely be less inclined to do that. This is true to a certain extent. However, nothing prevents the employees from copying data onto their computer even if it’s SaaS. If they are offline and want to work on the data, they will copy them down regardless of SaaS or on-premise. (Now here’s a thought, maybe Google Gears can have some monitoring and tracking capabilities built-in? Or maybe someone can extend Gears?)
Now I am not arguing that enterprises should never use SaaS products. I am simply saying that they should keep security and privacy in mind when evaluating different SaaS offerings and make sure that either
Truly sensitive data such as credit card information are never housed externally.
Take extreme measures to evaluate a SaaS provider’s security policy and practice. (How to evaluate is probably for another post. I would love to hear your thoughts in the comments if you would like to discuss.)
Chris later provided some guidance:
Make sure the vendor meets compliance standards and such as SAS70 type 2 security standards
Tour the data center to ensure proper security practice are in place
Get educated about the security standards (and for SaaS providers, educate your customers)
Check references (nothing ever replaces this, so always do it)
The second misconception Chris mentioned is “integration.” Many enterprises have the misconception that SaaS offerings are closed and are more difficult than on-premise apps to integrate. I have to agree with Chris here that this is truly a misconception. Most SaaS providers are much more Web 2.0-savvy and usually provide better API to customers for integration. Chris also mentioned their 4-way mashup with PayPal, Amazon and Salesforce.com.
The last misconception discussed was around the legacy concerns from the old ASP model. Chris didn’t specifically talk about why the old ASP model generated these legacy concerns. He simply said that because the old ASP model wasn’t built from the ground up to be multi-tenant, therefore people had concerns. I would have liked to hear more about the specific reasons. This is one of the things that bugged me about the podcast. Chris touted multi-tenancy to be this be all end all solution to all problems including security and integration. That’s simply not the case. Multi-tenancy brings its own set of concerns and problems such as data privacy and performance. Most ISVs who have been developing on-premise applications will likely not be familiar the design considerations of multi-tenancy and will have a learning curve to go through. Again, I believe multi-tenancy has a lot of advantages but let’s not make it the solution for everything.
One thing Chris said that every ISV should remember is: “The saas model must earn the customer every month.” The cost of migrating from one SaaS provider to another is much lower than on-premise apps. So in order to keep your customers, make sure you do everything you can in supporting the customers. Remember, Support is the New Marketing!
Loading ...
Loading ...