The Software-as-a-Service Primer

By Renee Oricchio

Software as a service (SaaS) is a trend that makes many CIOs nervous. As with Web 2.0 technologies and other Web-based applications, SaaS -- also known as Web-hosted or on-demand software -- takes control out of the IT department and puts it in the hands of an outside vendor.

"SaaS kind of frightens people. But really, it's just a different method of deploying and licensing software," says Brenda Kerton, a lead research analyst from InfoTech, the IT research group.

Rather than buying a software license and installing it in-house on an organization's network, SaaS means paying by the month to access the software application on the manufacturer's network. As a trend, SaaS is picking up steam. In a recent survey of IT departments, InfoTech found that 30% of all businesses at the enterprise level are using some form of SaaS, and 50% are looking into SaaS solutions.

The good news: benefits of SaaS
The following are some of the benefits of SaaS:

• Saves money "There are very few up-front costs, no licensing fees, and no installation costs, and by switching to a monthly subscription service, companies avoid a huge capitol expense," says Frank Scavo, president of Computer Economics, an IT forecasting firm.
• Frees up IT staff IT departments are no longer burdened with installing the application, integrating it with the existing infrastructure, maintaining it, or managing upgrades and security.
• Fast deployment "Compared with the traditional method of deploying software in-house, deploying SaaS is 50-90% faster," says Kerton, quoting InfoTech statistics.

The benefits that organizations are realizing from SaaS may be new, but the concept of subscribing to a computer service has been among the offerings for large enterprises for decades now.

"The term is new, but the concept goes back a long time; all the way back to the '60s and '70s when companies leased time on mainframes. Only back then, it was because the hardware was so expensive. Now, it's about the software," says Scavo. The most recent manifestation, before SaaS, was the short-lived application service provider (ASP) model that came into fashion during the late '90s.

To get a better understanding of why SaaS is likely to stay this time, it's important to understand the two forms of architecture in which it is provided: single tenant and multi-tenant.

• Single tenant This is essentially the old ASP model. It means leasing the application and having it housed and maintained by the vendor on a single system built exclusively for the customer.
• Multi-tenant Under this scenario, the vendor builds one secure, robust system housing the application or applications, and then offers access to multiple clients on a subscription basis. This allows significant economy of scale for the vendor, which in turn enables those relatively cheap monthly subscription fees. Subsequently, it is this deployment model that is gaining steam and making SaaS a viable option for organizations.

The bad news: potential risks
Experts caution that there are challenges and potential risks to deploying SaaS solutions and giving up local control over a software application. First of all, CIOs need to understand that moving to a SaaS model is not a simple transition.

"The shiny object of faster deployment and a cheaper outlay of money often blind them from their normal discipline of implementing the technology in a secure, responsible way," Kerton says.

Here are some of the trickier areas to navigate:

• Sarbanes-Oxley (SOX) Compliance SaaS can be either a great benefit in meeting SOX compliance or a nightmare. It depends on the vendor. If the vendor has already been deemed as SOX- or HIPAA-compliant, that's one less headache the customer has to worry about. However, companies need to remember they are responsible for all their data regardless of who houses it. IT managers need to have a formal agreement of how data will be secured, audited (by a third party if necessary), and returned or destroyed at the end of the contract.
• Customization "SaaS thrives on standardization. If the application needs a lot of tailoring, SaaS is probably not the right option," says Scavo.
• Beware of vendor consolidations According to Kerton, 93% of all SaaS vendors are still privately held companies. Most of these companies have fewer than $5 million dollars in annual revenues. Kerton predicts there will be a rapid consolidation of all these companies that will hit critical mass by late 2008 and throughout 2009. Companies signing on now need to lock in protections for their account in the event of such a transition.
• Service agreement What all these concerns boil down to is a good service agreement that covers all the bases. In addition to compliance and vendor shake-ups, IT managers need to also look at security, disaster recovery and scalability.

Conclusion
While SaaS gives the capital budget a break and is cheap to deploy, CIOs need to look at the total cost of service over the life of the application. SaaS is typically tied to the number of users. The more growth expected in that area, the more expensive that monthly nut is going to get. An in-house deployment can cost more in the beginning, but it may scale up more cheaply on the back end. It pays to crunch the numbers in advance.

Renee Oricchio is a freelance writer in Norwalk, Conn. For the past 20 years, she has been writing and producing news segments about technology and business for CNN, MSNBC, Ziff-Davis, CNET, and a variety of Silicon Valley-based local news outlets.