There’s a lot of promise in the new SaaS (software as a service; what used to be called ASPs, or Application Service providers, till Microsoft crapped all over that acronym) and newer PaaS (platform as a service) spaces (and look for a steady stream of new “aaS”es to come).\u00a0 However, there are a lot of gotchas in signing on with a SaaS vendor.\u00a0 You’d like to be able to believe that they have decent performance, uptime, security, etc., especially after the tell you “Oh, all kinds of big companies use us; Dell, IBM…”\u00a0 This is exacerbated by SaaS often being an “end run” around IT in the enterprise, so naive users can get sold a bill of goods without proper technical oversight.\u00a0 SaaS is a big buzzword now, and there are a lot of startups springing up that do not necessarily have experience running large scale sites.\u00a0 Think about how many MMORPG games still get scuttled due to poor operational performance.\u00a0 SaaS is the same.<\/p>\n
Here’s some things to keep in mind when selecting a SaaS vendor, laced with real life horror stories from our experiences.<\/p>\n
1.\u00a0 Performance\/Availability.\u00a0 Set a hard performance\/availability SLA in the contract.\u00a0 Many vendors won’t even have an SLA clause, or they’ll have one that says “99.9% uptime!” without any remedy clause for what if they don’t hit that.\u00a0 You want a clear SLA with a clear measurement method and clear “money back” if they don’t hit it.\u00a0 We use a 2 second global performance SLA as measured by a Keynote Global 35 monitor.\u00a0 But the SLA isn’t the whole story – you are counting on these people to accomplish your goals.<\/p>\n
<\/p>\n
True story.\u00a0 We did an implementation with a new SaaS supplier.\u00a0 Everything looked fine but the team had not done performance testing.\u00a0 With only a week to go live, they finally loaded in a full set of data into the system and saw performance that was horrible, clearly in the ~30 second page load time even in the US (much worse internationally).\u00a0 But it isn’t as simple as “Oh, you’re not hitting the SLA, goodbye…”\u00a0 We have months of time invested in this supplier.<\/p>\n
2.\u00a0 Privacy policy.\u00a0 Make sure you know what they’re going to do with your user data they collect and make sure that matches what your privacy policy says.\u00a0 We’re international and so have to abide by a fairly restrictive EU-compliant privacy policy.\u00a0 Many SaaS vendors don’t know what exactly that entails, and so can run you afoul – remember, you’re legally responsible for your site whether you’ve outsourced parts of it or not.<\/p>\n
3.\u00a0 Security.\u00a0 One, if you have compliance concerns like PCI etc. you need to make sure they’re complaint as well, and certified as such by an auditor (don’t take “Oh, yeah, we’re PCI complaint” at anyone’s word).\u00a0 Two, you are almost certainly going to have to exchange user credentials, so a user can log in across you site and the SaaS site with the same login, and the “right ways” to do this, like SAML, are supported by about one tenth of one percent of SaaS vendors.\u00a0 You need to carefully review how you’re going to do it to avoid security problems.<\/p>\n
4.\u00a0 Contingency plan.\u00a0 Companies go out of business, or the relationship between them degrades.\u00a0 You have to have a plan in place for when your SaaS vendor dies, gets bought by HP and has their price quadrupled,or you decide you hate each other, or the cost isn’t what you anticipated (see point 5 below). \u00a0 You need some of this in your contract – in any event, you get your data andif they are dying, a perpetual license to their software.\u00a0 (If you’re really lucky it’s one of these firms that has a software package and an ASP version both.)<\/p>\n
True story.\u00a0 Our ni.com forums were hosted for many years by a company called QUIQ.\u00a0 In the big bubble bust, they went down and had the revenooers show up to unplug them. \u00a0 We were very lucky in that they were interested in helping us despite their own problems, and that we had bad ass technical folks on staff.\u00a0 We paid to have a QUIQ engineer come down and load up their forum software on our systems (and this wasn’t a bundled software solution, it was their internal-only stuff) and transition our data over.\u00a0 We then supported this as our forum solution for a couple years, often having to take measures like decompiling the Java to make changes.\u00a0\u00a0 But that was better than being dead in the water.\u00a0 Now with our new forums vendor, we do things like get regular backups of our data, gateway the forum to NNTP, etc.<\/p>\n
5.\u00a0 Cost.\u00a0 SaaS vendors almost universally charge you by usage.\u00a0 Which is “fair” – but the Internet is a wild place.\u00a0 What about when that new Chinese experimental spider (soso, you suck!) decides to grant you a couple hundred thousand extra page views one day?\u00a0 You get stuck with the bill.\u00a0 Corporations have to be able to budget for their expenditures, and there is risk in thsi business model that one time events and\/or unexpected growth will fundamentally alter your cost and ROI structure.<\/p>\n
There are several potential mitigations here.\u00a0 One is to get a SaaS vendor that implements throttling, so you can meter back untoward amounts of traffic.\u00a0 Another is to have specific payment scales that mitigate this- you want to avoid “cell phone” type plans that give you a certain amount and then an abusive overuse charge like the plague.\u00a0 Look for plans like ISPs, where you pay for the 90th percentile peak of traffic, for example.\u00a0 Or have a prepay agreement, and\/or specify what kinds of traffic you’ll pay for.\u00a0 (On many Internet sites, spiders account for 30% or so of the traffic and thus the expense.)<\/p>\n
6.\u00a0 Quality.\u00a0 Do a pilot\/proof of concept.\u00a0 DO ONE!!!\u00a0 A SaaS vendor is not yet a commodity in most areas.\u00a0 You are getting as deep in bed with them as if you bought hardware and software and in house programming.\u00a0 Don’t sign the contract until you have seen it work for you.\u00a0 Build deliverables and payment schedule into the contract – “You get 1\/3 upon requirement completion, 1\/3 upon signoff of a test version, and 1\/3 upon go live” is popular.\u00a0 We have one purchasing agent who likes to push “Sign the contract, and have a 30 day ‘out’ clause if things don’t go well.”\u00a0 But this ignores the deep investment into even a SaaS vendor (and the fact that most implementations aren’t fully baked in 30 days).\u00a0 As a result, we have several business units even now signing up with ASPs without doing a formal pilot, and every one of them will come to regret it bitterly.\u00a0 Only the rich and the idiotic buy a car without a test drive and a mechanic checkup.\u00a0 Any SaaS solution will be much more expensive than any car.<\/p>\n
None of this is to say that SaaS is bad or should be avoided.\u00a0 But it needs to be evaluated just like any other solution.\u00a0 Is the 5 year TCO really better than in house, not just the first year cost?\u00a0 And does it really do what you need – functionality wise, but also in the areas of performance, security, and these other areas which make your functionality meaningful to the users?\u00a0 If you can’t answer these questions, you are betting a lot of money and your reputation on an untried horse.\u00a0 Find out the answers.<\/p>\n","protected":false},"excerpt":{"rendered":"
There’s a lot of promise in the new SaaS (software as a service; what used to be called ASPs, or Application Service providers, till Microsoft crapped all over that acronym) and newer PaaS (platform as a service) spaces (and look for a steady stream of new “aaS”es to come).\u00a0 However, there are a lot of […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[188,98],"tags":[99,629],"class_list":["post-29","post","type-post","status-publish","format-standard","hentry","category-featured","category-saas","tag-asp","tag-saas"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-t","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/29","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=29"}],"version-history":[{"count":2,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/29\/revisions"}],"predecessor-version":[{"id":132,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/29\/revisions\/132"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=29"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=29"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=29"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}