Software-as-a-Service applications offer big benefits to small businesses, but is it safe to place your company data in someone else's hands? Here's what you need to know.
Software as a Service (SaaS) has become quite the buzzword in these days, and the category covers a wide variety of applications that you can access and use over the Internet – without having to invest in any servers or install any software on your premises.
A few examples include office applications from Google Apps and Adobe Buzzword and e-mail and instant messaging services by LiveOffice and Hotmail. And you'll find plenty of online backup and data protection services from companies such as Iron Mountain and AmeriVault.
As well as providing the software, companies that offer SaaS either host your data on their servers or, at the very least, gain access to your computer systems. So just how safe is it to use such services?
“Small and medium-size businesses should be very careful in picking a vendor to store all that valuable data,” said Laura DuBois, an analyst at International Data Corp. (IDC).
Obviously, it is advisable to learn all you can about the company that provides SaaS. How safe will your information be? If you need to recover data, how long will it take to receive it? Is this company stable enough to survive the current market downturn? These are some of the crucial questions that you should ask – and have answered – before making any decisions about SaaS providers.
SaaS provides access to software and its functions remotely as a Web-based service. It allows businesses to access these applications at a cost that is typically less than paying for licensed applications, since pricing is based on a monthly fee.
As the software is hosted remotely, you don’t need to invest in additional hardware. Further, it eliminates the need for small businesses to have to deal with installation, set-up, daily upkeep and maintenance. For companies without any IT resources, this is certainly an attractive proposition.
But that doesn’t mean SaaS is for everyone. The last thing you want is to discover that your data is in disreputable hands. And these days, that’s a real threat. When picking a SaaS vendor, therefore, you should dig deep to find out just how much substance the provider provides.
Obvious giveaways include unwillingness to provide customer references or a reputation for having a low client-retention rate.
“In the SaaS world, customer retention is a very telling number,” said Matt Smith, president of LiveOffice, a provider of e-mail, instant messaging (IM) and other SaaS products. “A dependable company should have a customer-retention rate of at least 98 percent.”
If it’s a start-up company that nobody has heard of, you'll need to perform even more thorough due diligence to verify some kind of track record of successful delivery.
Another angle is customer support. The pipsqueak outfits might look flashy (or not), but they are typically weak in after-sale support. In some cases, though, veteran help desk staff and top-notch support may not be worth the premium.
“It really depends on what companies want,” said Tom Meyer, general manager of Boston-based Iron Mountain’s Digital Record Center for Images. “Some don’t need highly secure content management systems, so cheap and simple online storage might be fine.”
It May Be SaaS-y, But Is It Secure?
Clearly, security should be front and center among vendor selection criteria for SaaS. A vital facet of online services is how vendors keep their data secure and the care they take to ensure it's safeguarded against disaster.
“Small business owners should ask how the vendor stores their data,” said Smith. “A good vendor will have multiple, mirrored data centers, which means that client data is backed up in multiple locations and always available.”
SaaS vendors use a variety of ways to secure their data. Some prefer a collection of disk arrays with encrypted data. Others like the muscle approach, with the data being locked up in a large vault in an isolated and safe location. Here are a few examples of the type of information that you should glean from SaaS vendors during vendor selection:
Iron Mountain’s Digital Record Center for Images, for instance, provides encrypted data transmission, user-access control and secure storage in a data center that's 200 feet below ground.
Backup-and-storage Saas provider Elephant Drive secures data by replicating it among multiple hard disk-based pools of storage. Data replication protection is built into production systems, i.e., all data is available on at least two geographically independent sites.
Online backup service provider AmeriVault, stores customer backups in three places – one each in two separate disk-based systems, and they send the third copy to a business-continuity site more than 1,000 miles away.
Online backup provider DS3 DataVaulting uses EMC Clarion for primary storage and keeps a backup copy on a completely different high-end disk system for ease of recovery. It operates three data centers, including one for replication of customer information.
“Any reputable SaaS vendor should take appropriate measures to secure their servers and be able to thoroughly outline this process for each client,” said Smith.
An excellent tool for achieving SaaS satisfaction is a Service Level Agreement (SLA). An SLA is a contractual obligation for a company to provide a certain level of system reliability. Smith recommends that you don't accept an SLA that's less than 99 percent.
Further, an SLA should include information on what will happen to the client’s data if the contract is terminated. In such a case, you want to be very certain that the information remains your property, and that you are legally protected.
Prince Street Capital Management, for instance, uses backup services (software by Asigra Inc.) delivered by Data Storage Corp. (DSC). This primarily protects the company’s e-mail system. DSC also provides an offsite data storage vault that ensures safe remote storage and rapid recovery of information. An acceptable SLA was an essential part of the deal.
“In our quest to implement an appropriate backup and recovery solution, fast recovery of Microsoft Exchange data was a key determinant in our decision-making process,” said Peter McKown, CFO at Prince Street Capital Management. “With the selection of DSC as our managed backup and recovery services partner, our business requirements are met and service levels are beyond expectations.”
SaaS – In your Future
Worries over SaaS are certainly legitimate. But in many ways, they resemble the arguments about doing business on the Internet from a decade ago. Back then, many small businesses were concerned about guess what – data security, whether they could trust start-ups and whether e-commerce was a viable business model. Ten years later, just about everyone has some kind of online commerce avenue. But it took a few years for the business world to come to terms with this new concept.
Similarly, SaaS must go through the same cycle, earn people’s trust and ultimately become part of the fabric of the workaday world. But for SMBs with small (or no) IT department, SaaS makes sense – provided it's implemented with due care.
And as in the case of Prince Street above, you may have multiple suppliers to deal with. DuBois of IDC points out that there are three components to the question of who to trust in SaaS. Who is the technology supplier? Who is the vendor managing their data? Who is responsible for the data center and the infrastructure?
“In some cases, this can be three different entities, and there are potential risks at each level,” she said. “But in all cases, find out about privacy, encryption, availability, time to restore, SLAs, cost and terms of contract expiration.”
Drew Robb is a Los Angeles-based freelancer specializing in technology and engineering. Originally from Scotland, he graduated with a degree in geology from Glasgow's Strathclyde University. In recent years he has authored hundreds of articles as well as the book, Server Disk Management by CRC Press.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |