In a nutshell, there are many degrees of ‘hosted’ software. I use the term to describe any of the wide range of options on offer in the marketplace. They range from paying a provider to host a single user system in a remote datacentre to paying a per-user fee to access the functionality provided by a multi-tenant software as a service (SaaS).
Before explaining the differences in technology, terminology and marketing there are at least eight important business questions that the treasurer should ask himself or herself:
- Am I allowed to host my treasury data outside of my corporate firewall? Paying someone to manage and protect your data – aka ‘in the cloud’ – is a no-go for some organisations. At the very least a separate set of controls will need to be in place. Check with your IT department.
- If I am allowed to host the data in the cloud, where exactly is it? ‘The cloud’ is a general term used to describe a datacentre somewhere.
- Are there any restrictions on the country where the data is allowed to reside? For example, as a Swiss treasurer might not like his data in the European Union (EU) or subject to the US Patriot Act.
- How quickly can I access my treasury system if the hoster suffers a serious loss or a denial of service (DoS) attack?
- Is it important to you who owns the software? Are you able to migrate from a hosted solution to an in-house solution, or are you ‘locked-in’ to the hosted solution?
- Is it possible to hold a copy of the application in escrow?
- Are there any special requirements laid out in your business continuity plan which stipulate recoverability and which you need to review with the vendor?
- Are you willing to accept that changes and updates to the system are mandated upon you on the vendor’s schedule?
With these business questions answered, you are much better equipped to start to interview the vendors. There are a couple of basic concepts to keep in mind when shopping for a hosted application. First, there is a difference between software which was built as a ‘web application’ and those which were not. Web applications are designed to operate over the internet and to be accessed with a web browser and a web address. Software which was not built as a web application must be delivered to the end user with some other method, such as Citrix, Remote desktop or within a frame in a web browser.
While this method works it is less easy to implement, nor is the system likely to be as responsive. Both types of software can be ‘hosted’, so your first technical question to ask is whether or not the software is a web application. We have come a long way in our understanding without discussing SaaS versus application service provider (ASP) and it is important to understand that the differences are as much to do with marketing as with technology.
Microsoft describes SaaS as “software deployed as a hosted service and accessed over the Internet”, a basic definition that dates back to 2006. SaaS offerings fall into three main categories:
- Level 1 – Ad Hoc/Custom: Each customer has his own instance of the application which is run on the host’s servers. The application code can be entirely different per customer.
- Level 2 – Configurable: The same as above, but separate instances of the same application code are used for each customer and any differences are managed through robust configurability.
- Level 3 – Multi-tenant: One instance of the application is used for all customers.
When it comes to user experience, there is no difference. As the hoster, there are big benefits to offering level 3 over levels 1 and 2. Economies of scale can amplify these benefits as the number of customers grows and in the days before server virtualisation made it difficult for hosters to scale their operations and pass on any cost savings.
In the high value, low volume world of treasury software the benefits to the hoster of multi-tenancy are diminished. Treasury software cannot usually be equated to a one-size-fits-all solution designed for thousands of customers with alike and simple business processes.
More Marketing Noise
Other acronyms such as platform as a service (PaaS) and infrastructure as a service (IaaS) are further variants of ‘pay somebody else to do what my IT department used to do’. You may also come across the term XaaS which is the generic catch-all term used to describe these services.
Depending on your answers to the business questions outliner earlier, some of these services may be worth investigating. For example, PaaS would be a virtual server with the operating system, treasury application and database which could be ‘spun up’ by your IT department in the case of a complete failure of the vendor.
What’s Right for My Treasury?
As with all things in IT, there are positives and negatives on the extremes and as usual it comes down to cost versus function and security. Ask any IT person and they will tell you that the best practice would the PaaS option, where the customer has their own environment but it is hosted in a datacentre. Ask an IT business person and they will tell you that multi-tenant SaaS is the cheapest to operate. All prices being equal, which is right for your treasury?
The terms SaaS, ASP, hosted and cloud computing are used by marketing teams to try to differentiate their products in the marketplace. Having a clear vision of your goals when it comes to using and maintaining your treasury system will help you cut through the noise. Focusing more deeply on the functionality of the product and the requirements set out by your company’s IT security and audit requirements will ensure that the offering meets your needs.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.