What is SaaS (Software as a Service)?
COVID-19 has changed the world in many ways, accelerating the pace in which the digital transformation has upended traditional modes of working and living. Whatever your organization was planning to do in 2020, whatever 5-year plan you had, is no longer valid. No matter what sort of business you are, your dependence on technology has escalated. You have probably built the services in the table below or at least run them on your infrastructure, managed by your IT teams. COVID-19 has forced you to ask the question: do I still need to run and manage this service internally, or can I save money and time by letting someone else perform this service for me?
Traditionally in-house Managed Services
Human Resources and Payroll
Finance reporting, accounting, and invoicing
News and knowledge sharing
Enterprise Data and Service management
Sales and Marketing
The definition of SaaS by the East Sussex Council highlights what software is achieving today as businesses move towards a digital future: "SaaS is the focus for innovation and investment for major system providers and is specifically designed to meet the needs of an agile and mobile workforce, enhancing self-service business processes and significantly improving the use of management information. (Cabinet Office report for East Sussex council)".
Another view to help the discussion comes from Albert Barron using pizza as a stand in for software, with this fun visual of how the transition to SaaS changes from "You do IT" to "They do IT for you".
There are caveats that you need to be aware of such that your experience with a SaaS provide is valuable to your organization and customers: it's vital to go through these with your team before making decisions. The rest of this article explores these and if you have any questions, please let us know.
1: Security, Risk and Data
Your data is now their responsibility!
- Who in their organization has access to it?
- How is it backed up and does that comply with your regulatory bodies?
- Where is the data stored and does that contravene any local laws?
- If they have an issue, what is their business continuity plan and how does that align to yours?
- If they are compromised, what processes will they enable to let you know, but more importantly, protect your customers?
- Will they agree to participate in your business continuity tests and decide on their role in a business continuity event?
- Will the transference of data from you to them be exchanged safely and securely?
- What will it cost to perform the data transfers and tests?
- What level of access will your staff receive? Even if they assume responsibility for an activity, you are still accountable to require some level of access over time.
- What defense does the vendor offer against hackers, and is this an extra-tiered service or part of the basic package? If extra, you might want to look elsewhere.
- What processes need to change within your organization to enter, use, modify, delete, backup or restore information and have you been trained by the vendor appropriately?
- Your data is now their responsibility. How portable is it if you want to switch?
- Does the vendor support MFA
- Do they allow penetration tests?
- What policies have you introduced to manage your data in the SaaS provider cloud?
- If the SaaS vendor changes the schema or worse-cancels it, what impact will that have and are you contractually protected?
2: SaaS Vendor Performance
The perception and experience of your staff and customers are now based on the SaaS provider's performance.
- Did you create a clearly defined view of expectations supported by metrics and examples? Do you know bad from good from great service?
- How did you explain to your customers and staff that you were now going to use a SaaS provider? What was the reaction?
- What happens if your customers complain? What happens if your customers leave you because of a SaaS performance?
- Is it contractually clear under what circumstances a complaint can be made, the timeframe it must be addressed and any penalties that could be applied for non-conformance?
- Who does the customer or staff call if there is an issue? Your teams or the SaaS provider?
- What level of support do they provide and how will you test that the service is delivered as expected?
- What messages do you receive in case of a data entry issue or general performance issue?
- Do you have regular performance and improvement meetings with the vendor?
- If you want a new feature based on customer feedback, is the SaaS provider responsive?
- If the SaaS provider changes their product procedures, what will be the impact on your customers? Can you pilot the changes? If you do not want the new procedures, can you leave the SaaS provider?
3: Vendor lock-in
SaaS vendors bet that once you let them perform an activity, that you will remain a customer for several years. In other words, you are locked-in to their practices, processes, support, improvements and remediation and so are your staff and customers.
- How does the SaaS vendor recruit, train and keep their staff? You do not want a constantly changing workforce and there are examples where 30% of a SaaS workforce changes every 90 days.
- You might have saved money by not having to hire or train your staff, but what will you do with the knowledge they possess?
- Contractually obligating certain staff to remain until the transition is complete is best practice.
- Your IT is now their IT. If you want to benefit from the latest technology and they do not support that product then you are stuck. Make sure your contract allows for changes or even cancellation if needed.
- If the vendor changes their price, what protections have you contractually initiated to ensure that you should remain with that vendor? How will you prove value over time?
- COVID-19 has seen a number of vendors have issues causing them to default on a service or even go out of business. How will you protect yourself in case this happens to your provider?
- SaaS vendors price in three main ways: by user license, by use, by feature. Make sure that you have chosen the model most appropriate for your needs and that if your work model changes, then you can move to another tier without penalty.
4: SaaS requires an internet connection and belief the cloud is secure
- What if something terrible happens to your web servers? Do you have backups of your metadata? You might want to consider using third party backup services such as Spanning, Barracuda, and Backupify.
- If you have communication issues from your office, what is your backup to ensure that the SaaS service remains accessible?
- If your staff are working from home and they have issues, then how will they continue to work until normal service is restored?
- Can your staff download data to their home office? If so, this is a security and perhaps even a compliance risk. How will you know?
- If they invoke contingency, does this place your business in a location where you
- What is the web page loading time? How complicated is the page to read or use?
- If data is transferred to other applications to complete the journey, can this be monitored for security and improvement?
- Is the SaaS service usable across a variety of mobile devices or internet browsers?
5: Integration into your other software
SaaS implies that all of the technology required to perform a service is now under the control and management of the vendor.
- How easy is it to transfer their data into your systems such as corporate finance?
- What happens if they make a change to a schema that you were unaware of and this damages your data or causes you lost time to introduce new ways of addressing their change?
- Everyone performs regular maintenance activities and how will this be coordinated?
- If you use multiple SaaS vendors (Accounting and Sales for example), how will you keep them in sync with each other and any internal applications you maintain?
- How do you test that interoperability remains as expected?
- What is the impact to your business continuity of multiple SaaS providers?
- If a vendor has an issue, how will that impact other vendors you rely upon?
- Will you require 3rd party to help you integrate their software with yours? This can be costly.
- Not every vendor follows standard APIs, protocols, and tools, so the impact to your business practices should be piloted prior to accepting the SaaS provider.
6: You may have to change your business practices to use the SaaS
- This is a culture change for your staff. How will you prepare them?
- What training and documentation will you receive and is it sufficient?
- If something requires customization, is that even possible or practical? Many SaaS vendors will only allow this if a significant number of customers also request that feature.
- How will you ensure that other business practices can pivot based on competition, compliance or performance needs?
- How will you ensure that the SaaS provider supports all of the ways your customers want to interact with you? Browsers, mobile technology, VPN, etc.?
- What and when is their maintenance window? How does that impact your business customers? What happens if a change goes awry?
- What information do you receive on incidents related to you? Is it in a format that your ITSM tools can read and archive?
SaaS is a brilliant technology capability that can benefit your organization. You must closely manage them if you are to remain in business, service customers safely, and receive the expected cost benefits. Ensuring that you have a way to mitigate this list of caveats will ensure that your experience is as valuable as possible. Letting go of services you have built in-house can be hard, and moving to a SaaS model can be intimidating: have no fear, Praecipio Consulting is here to help. Contact us for any questions you might have of successfully transition to a faster, more efficient way of doing business.