A voice of reason in a cloudy landscape

David Abramowski

Subscribe to David Abramowski: eMailAlertsEmail Alerts
Get David Abramowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: SaaS Journal

SaaS: Article

SaaS and the Comeback of Blind Faith; Know Before You Subscribe

Running your business on SaaS applications shouldn't put your company at risk

Software as a Service (SaaS) continues to change the face of computing especially for the small and mid-sized company.  With SaaS offerings the small office is able to take advantage of enterprise class solutions for customer management, time tracking, accounting as well as thousands of other applications. Although there is much fanfare around the benefits of SaaS, there isn't much talk about the lack of delivery standards or certifications.   Choosing a quality SaaS application requires a bit of investigation.  The wrong choice can put your business at risk.

Here is the scenario.  A small business owner performs a search on Google for accounting software.  Right there at the top of the screen in a nice colorful outline is a pay-per-click ad for a SaaS solution.  After following the ad and being impressed by the nicely designed website and inexpensive subscription, he signs up for an account.  Over the next few weeks he moves all of his business into the solution, starts to invoice customers online and rely every day on the solution to keep his business moving.

A month goes by and the promise of SaaS holds true for the small business owner.  But one morning he attempts to log into the application without success.  He contacts the providers technical support and receives a standard message that says that there was an equipment failure and the company is working on a recovery....

In this scenario, what happens next?  For most SaaS subscribers there is a blind faith that the vendor understood the value of their data and will be able to quickly resolve the problem.  Unfortunately there is no standard of care when it comes to SaaS applications and their data.  Some vendors may have the resources to continually stream data off site and keep a secondary system at the ready.  But other less sophisticated SaaS vendors may not have implemented programs sufficient to recover data loss.  Although you don't hear about catastrophic failure very often it does happen.  Just look at the case of Ma.gnonlia back in 2009, the data was lost and the site went offline.

To combat the blind faith requirement,  SaaS subscribers must demand more information from the providers.  They must demand transparency in service delivery and as well as a minimum acceptable standard of care for data.

For vendors, addressing the transparency issue is rather straight forward assuming there are policies and procedures in place to deliver a high quality, reliable SaaS service.  Vendors can add a Statement of Operations  to their websites.  This statement can live along side the privacy statement and terms of use.  The Statement of Operations should tell the subscriber the frequency and breadth of backups.  It should describe an ongoing program to run recovery drills to validate backup usability.  It should describe how the availability and the performance of the application is being monitored.

The more difficult task is to call upon the industry to define a minimum standard of care that helps to ensure the security, reliability and recover-ability of customer data.  Today, ask four different vendors the minimum acceptable window for data loss and you will receive four very different answers ranging from zero to days to weeks.    Turn that around and ask four small businesses and I'm confident the answer will be the same across the board that no data loss is acceptable.

In the end SaaS vendors are in business to make a profit. And they only way they can do that is to keep customer data safe and secure.  But oversights do happen and technical failures are still commonplace.  A statement of operations is only as good as the implementation of the policies it describes but it's a step in the right direction.

The next time you are ready to subscribe to a SaaS offering, ask the vendor the question - Where is your statement of operations?.  Ask them where they document their service delivery, data backup and disaster recovery policies.   If the vendor doesn't publish the policies then don't purchase that subscription.  Seek out another provider that will guarantee you a standard of care that your business (i.e., life's work) can live with.

More Stories By David Abramowski

David Abramowski is a technologist turned product leader. David was a co-founder of Morph Labs, one of the first Platform as a Service plays on AWS. He was the GM for Parallels Virtuozzo containers, enterprise business, and most recently he is the leader of the product marketing team for the IT Operations Management solutions at the hyper growth SaaS company, ServiceNow.