Making the switch to SaaS

Making the switch to SaaS

Even if there are actual or perceived financial gains from moving to this model, there are also some risks depending on the nature of the software and how it is used.

Businesses are constantly looking to their CIOs for ways to improve the cost effectiveness of their IT systems, especially in these trying economic times. As a consequence, some businesses look to rationalise their software licensing and support costs by moving to a
SaaS (software as a service) supplier or some other similar outsourcing model. As we know, SaaS usually involves accessing the agreed software via the internet, often on a real time basis. This is distinct from more traditional software licensing, where an object code version of the software is installed on servers or other equipment operated by the customer. Depending on the circumstances - the type of software and the supplier’s pricing - the SaaS model can be more cost effective as customers can sign up to pay for only what they use, when they use it, while the costs associated with variable numbers of users can also be a benefit. In contrast, the more traditional licensing models often involve a degree of cost redundancy due to being structured around enterprise-wide pricing models; or designated equipment pricing models; or an agreed number of user models. Even if there are actual or perceived financial gains from making this switch – there are also some risks depending on the nature of the software and how it is used.

What are the risks?

The more likely risks relate to data security, retention and retrieval, as well as privacy, disaster recovery and business continuity. These risks arise because the customer’s data (possibly including third party data) is often loaded onto and stored on the supplier’s remote servers, possibly offshore somewhere. The customer may know little about the location or security of its data, or how they can access that data (other than by standard internet access). Consider the following scenarios:

• You discover that your outsource service provider has gone into liquidation and all of your business critical data is currently stored on servers located in Thailand. You are unable to access the software/service due to the liquidation and the liquidator is not returning your calls. Without your business critical data, or software to use it with, your business becomes ‘strangled’, or;

• You recover your data, only to find that the time it will take to purchase new software and ‘go live’ using that software after likely data conversion or migration issues, is months (and at a considerable cost) – again your business becomes ‘strangled’, or;

• You discover that your service provider (based offshore somewhere) has far from best-practice data security systems and processes and that your data has been leaked or otherwise accessed, possibly by a key competitor.

How can these risks be mitigated?

These risks can be mitigated by a combination of the following:

• Thorough technical and process related analysis of the proposed outsourcing, both pre and post-contract signing. This will, amongst other things, involve the review of your disaster recovery plan and your data security and maintenance plan. In the circumstances it may be prudent to require the service provider to supply regular backups of data in an agreed form, so that you can store that data as ’ready to use’ if required. The type and form of those data backups might also be discussed with a fall back service provider. You may also agree to a ‘quick’ transition plan with that service provider if required.

• Ensure that the contract with your service provider effectively covers these issues, allowing for any offshore jurisdictional legal issues as may be required.

Sean Lynch is a Partner at Hesketh Henry and is also a PRINCE2 certified IT project manager. He can be contacted on 09 375 8722 or

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cloud computingCIO rolecostfinancial crisisopinionnew technologies

Show Comments