Possibilities, Promises and Perils in SaaS

Though originally dismissed as a passing tech fad, the general agreement is that cloud computing is here to stay. While there are several common forms of cloud computing, the one that financial professionals are probably most familiar with is software-as-a-service (SaaS). In a cloud SaaS model, a customer subscribes to software hosted in multitenant environment and delivered via the internet. This means that all customers of that software access the same version of it through unique login credentials, and their information is stored along with that of other customers in a single data source.

It’s also interesting to note that a growing number of share service outsourcing (SSO) offerings are being introduced in the cloud; potentially offering a ‘best of both worlds’ approach by allowing companies to outsource application infrastructure while still maintaining customer unique environments.

A large multinational firm with many internal and external interfaces has different business requirements than a small- to medium-size regional firm. Both have the need to operate as effectively and efficiently as possible, but is a SaaS model appropriate for everyone? It’s important when making a hosting decision to not only consider the possibilities but also the impact – on business as well as IT – of that decision.

Possibilities and Promises

Reduce total cost of ownership:

By eliminating the capital heavy investment in standalone infrastructure, customers no longer have to maintain hardware, software and networks all necessarily to successfully operate software. SaaS is generally offered at lower prices than traditional hosting models, which can reduce capital expenditure (capex) and help companies deliver better cash flow. Flexible pricing models have also evolved to meet customer needs, providing pay per user/per month and subscription/per transaction options.

In addition to infrastructure support, customers of SaaS models can also (theoretically) redeploy IT resources to other projects internally.

Implement/Upgrades:

With all customers leveraging the same instance of hardware/software, implementation times can be shortened with a SaaS model as there are fewer opportunities to divert from the standard offering model. Having standard templates for implementation increases the efficiency with which data can be loaded and information can be displayed.

Once implemented, upgrades to the software are automatically introduced and made available to all customers, typically, at the same time. So all customers are running on the same version and maintenance of the upgrades and troubleshooting version-related issues becomes much simpler for the SaaS provider.

Resilience:

With the company’s data and software residing in the SaaS provider’s data centre, should disaster strike its primary operational site it could be up again and running quickly with access to the internet.

Perils

Security:

Security is often the main concern when considering a SaaS hosting model. It’s easy to understand why; sensitive financial data is being willingly sent to a third party to be stored alongside that of other customers’ – and potential competitors – data in a common environment. While it can be argued that data is actually more secure at a SaaS provider site, thanks to better physical access control and more experienced operators, it fails to address concerns countries and companies have with issues brought to light by the National Security Agency (NSA) security monitoring.

Flexibility:

Each business is unique and there are many complex reasons why a company chooses to operate the way it does. Using the same application version that other customers are using can be limiting in terms of implementation flexibility and integration flexibility. Being forced into set templates – with a more vanilla approach – to support the masses can be limiting if the business has unique requirements, or interfaces that are not already supported by its SaaS provider.

In addition to implementation flexibility, the company may also be limited by the speed with which enhancements can be delivered, if at all. Being part of a much larger community, changes need to be vetted across the community as a whole. A customer who isn’t the biggest donor or ‘squeakiest wheel’ may find it hard to see its enhancement come to fruition.

Compliance:

With data residing in a SaaS provider’s location, it’s important to consider local and country requirements.

Hidden Costs:

Along with some of the benefits of the SaaS model also come hidden costs.

A company accepts when it leverages a SaaS product that it’s not going to be on an island and will need to be connected with other internal and external applications or data stores. In cases where a pre-existing API or connection does not exist, the company may incur responsibility for the cost of building and maintaining these interfaces.

Looking at pricing models, a pay per user model might look great when the initial scope is five users, but assuming you become comfortable with the software and roll it out worldwide, that group could grow to 50 users, and consequently the cost/benefit changes.

Conclusion

The choice of vendor is particularly important and should not be taken lightly. While it’s possible for a SaaS provider to reduce operational risk by leveraging better in-house skills and support, it’s also entirely possible that with the wrong SaaS vendor the company could find itself vulnerable to increased risk while at the same time eliminating all alternative fail-safes. Once treasury has narrowed down its search, it should take time to vet each vendor thoroughly. Ensure they can provide all required functionality, support volume capacity, internationalisation and languages, to eliminate any nasty surprises further down the road.

By definition in a SaaS model, a customer is turning over control of hardware, software, data, security and maintenance to the SaaS provider. However, with that loss of control comes several substantial benefits. While there is no ‘right answer’ to the hosting question, it’s important to understand the business impact ranges beyond IT agreeing that security is adequate.

15 views

Related reading