Google

Vetting SaaS vendors may require updated policies

SaaS startups often solve real problems in creative ways - your organization's policies may also need to be more creative.

Managers tend to ask fewer questions when the provider is a known brand, such as Amazon, Google, Microsoft, or Salesforce. They've heard of those companies. But not every innovative tech company has a globally recognized brand.

There are thousands of "less-well-known" companies in the Software-as-a-Service (SaaS) space. These companies emerged, in part, because cloud computing services lowered costs. These SaaS startups don't have to buy servers, storage devices or software. Instead, these startups rent what they need with a credit card.

SaaS startups solve problems

And these SaaS startups often solve real problems in creative ways.

Often, a SaaS startup makes complicated tasks simpler. For example, Zapier makes it easier to automate tasks between different SaaS providers.

In other cases, a SaaS startup provides new capabilities. SmartSheet re-imagines the lowly spreadsheet as scaffolding to which files, calendar events and tasks can be attached. Writely.com, acquired by Google in 2006, enabled multi-user real-time document editing.

Different needs, different policies

When buying SaaS solutions, IT managers often try to force all buying through a single process that doesn't "scale down" well. Rigorous selection and purchasing requirements make sense when choosing a system to be used by thousands of people. Applying the same requirements to a system to be used by ten people can cause pain - and may prompt people to deploy rogue solutions.

Credit: Wikimedia.org - Ohio River at Louisville

I've sometimes found it helpful to think of IT policies in terms of "rivers and streams". Corporate-wide IT policies traditionally address the river: the major flows of information through the organization. The "river" of info includes core H.R. data, customer systems, accounting systems, enterprise collaboration tools, and so on. The "streams" are smaller information flows, such as data for small team projects. Information may need to flow back and forth between the two - but not always.

Your IT policies for the "river" of the enterprise-wide systems absolutely need detailed review and rigor. These are big, expensive decisions: "switching costs" to move from one platform to another may be high.

But you need IT policies for the "streams", as well. These policies might address basic security concerns, support terms, and data export issues. Guidelines might encourage users to choose systems that allow users to login with your organization's existing authentication system: e.g., Google Apps or Active Directory. Policies might also encourage users to identify a "data extraction" plan: SaaS providers always help move data into their systems, far fewer make it easy to move data out.

Software as a Service offers irresistible benefits for organizations of all sizes - from cost savings to scalability to mobile accessibility. We offer guidance on avoiding the pitfalls of the cloud and choosing your SaaS partners well.

Innovation and sustainability

Switch your perspective for a moment - outside of your organization - to that of a CEO of a SaaS startup. As a startup CEO, you ultimately need two things: customers or a corporate acquisition. Your SaaS needs to meet customer needs or be sufficiently innovative to attract an acquirer (or, sometimes, an acqui-hirer). Pricing decisions in SaaS startups often acknowledge the higher risk: prices are lower than what they might otherwise be for a sustainable business, precisely because of the life cycle stage and goals of the startup.

Switch back to your role as an IT decision maker. Consider how you might take advantage of the capabilities and innovation startup SaaS providers offer. Remember, you don't need to turn your entire enterprise system over to the SaaS provider. Startup SaaS providers typically aren't ready to handle the information flows for an entire enterprise, but there's no reason to completely ignore the new capabilities these SaaS providers offer.

Make sure that IT policies designed to meet the "needs of the many," doesn't limit your organization's ability to leverage innovations designed to serve "the needs of the few."

Also read:

About

Andy Wolber helps people understand and leverage technology for social impact. He resides in Ann Arbor, MI with his wife, Liz, and daughter, Katie.

3 comments
markpd2000
markpd2000

Hi Andy, I totally agree with your comments on how decision makers should not ignore the innovations of SaaS start-ups. It should be a gradual process of adoption over time. The SaaS vendors that will win out in the end will not only be the innovative start-ups, but it will be those who prove that they look after their client data well. Providing that assurance is key to the sustainability of a SaaS solution. Proving that assurance is the key differentiator right now. Mark @2SaaS ISO 27001 & G-Cloud for Humans at http://www.SaaSAssurance.com

frank.bruno
frank.bruno

Google "SaaSProtect"! Sorry for my shameless plug, but we have been working on this problem since the early 2000's. The bottom line for any company entrusting their mission critical data to the cloud is to have a contingency plan that they can execute independently of the SaaS provider. Consider the sudden cessation of business, where everything goes dark and the provider is non-responsive. Do you think their DR plan is going to work? Despite all of the testing, if the provider disappears, even the best laid plans will never be executed. That is why Subscribers need to consider this before they sign up. The plan should include a neutral trusted third party that can enable the contingency plan too. Testing data recovery procedures and application continuity with the neutral third party is really the only sure fire way to know that your contingency plan will work too. Lastly, consider this; such a contingency plan that is underwritten and supported by a neutral third party like Iron Mountain is a good way to overcome the risk objection to doing business. If you want practical, useful information on the subject, please let me know.

Mark W. Kaelin
Mark W. Kaelin

Have your IT policies changed as a result of adopting SaaS, PaaS, or IaaS? How do your policies enable employees to leverage new services and tools, while also maintaining appropriate IT governance?

Editor's Picks