Do you buy software as a service?

Replies to This Discussion

Permalink Reply by Andrew Gouty on June 22, 2009 at 8:04pm

The model is attractive from both ends of the spectrum. Providers like it because it expands their market. Buyers (especially in the small business world) like it because it makes software accessible to them. A few quick examples:

Quickbooks Online - Quickbooks makes more money on the monthly fees rather than a one-time software purchase, and the software's location in the cloud makes financial information readily available to CPAs for review, rather than carting documents and files back and forth. Brilliant.

Address Two - a local example of the CRM market space. Again, the lower monthly cost makes it easy for small business to swallow, while a local entrepreneur banks on a great idea. Comparables include Salesforce.com, Sugar CRM - all SaaS models.

Google Apps - A FREE service to manage documents, calendar,domain-hosted e-mail, and other collaborative tools, Google's non-secret allows web-savvy organizations to manage certain aspects of their life in the cloud rather effortlessly and cheaply.

All easily accessible from anywhere and cheap. I must have overlooked something. Naysayers?

▶ Reply to This

Permalink Reply by Brett Atkin on June 22, 2009 at 10:15pm

I use all the 37 Signals apps (Backpack, Basecamp and Highrise). I use Gmail, Google Calender and Google Docs along with Google Reader. The day I dropped Outlook and moved to Gmail was the best move I ever made. I can access just everything from any computer or web-enabled phone. I don't have to worry about moving files from my desktop to my laptop. It also eliminates the whole syncing thing. It took me about 20 seconds to get Gmail on my Palm Treo and the iPhone. If my desktop crashed right now, I could pull out my laptop and be up and running in the amount of time it takes to boot. It just makes life easier. I would be willing to bet that Google, 37 Signals, Salesforce, Quickbooks Online, etc. have a more robust and timely backup procedure than 75% of the small businesses out there too.

Honestly, I just don't understand why many companies are so resistant to the many SaaS solutions out there. The benefits far outweigh the negatives.

Some argue that their data isn't safe in the cloud... Well, do you think your ISP doesn't have copies of all your emails and all those Word/Excel files that you send as attachments? If you have a web site with a db back-end, that data is sitting in the cloud on some level. Even if you have your own server at Rackspace, if your web site can talk with that db, so could a hacker given enough incentive. In the end, your data is probably safer sitting in the cloud somewhere than sitting on your desktop that is connected to the internet 24/7 through your broadband connection.

For me personally, my biggest failure with SaaS solutions is that I don't fully utilize the functionality provided.

Brett

▶ Reply to This

Permalink Reply by Chris Baggott on June 23, 2009 at 11:28am

We use Compendium Blogware of course as well as ExactTarget, Salesforce.com, Omniture, 5 buckets, Google Analytics....I'm sure I'm leaving something out :-)

One of my favorite books is The Big Switch by Nicholas Carr:

"A hundred years ago, companies stopped generating their own power with steam engines and dynamos and plugged into the newly built electric grid. The cheap power pumped out by electric utilities didn’t just change how businesses operate. It set off a chain reaction of economic and social transformations that brought the modern world into existence. Today, a similar revolution is under way. Hooked up to the Internet’s global computing grid, massive information-processing plants have begun pumping data and software code into our homes and businesses. This time, it’s computing that’s turning into a utility."

Think about it, when Edison invented the light bulb you had an entire "IT" department responsible for all aspects of generating and distributing electricity. Very similar to technology today. As software applications move to the cloud, business will be able to reallocate resources to application uses and execution; and focus less on implementation and maintenance.

Forrester did a report a couple of years ago called the Pain of Marketing, that basically looked at why marketing wasn't better. 80% of the pain of marketing had to do with technology management not actual marketing. This is why marketing applications are such early adopters to the cloud. Marketers don't want to mess with IT.

Finally, to a point alluded to with the other commentators...SaaS brings tech democracy into every organization. It used to be that whoever had the most money could afford the best technology. (rich companies bought SAP, tiny companies bought goldmine). With SaaS it's consumption based and easy to use, so now the playing field is level.

▶ Reply to This

Permalink Reply by Shelly Arens on June 23, 2009 at 4:59pm

I'm also a SalesForce user and I am looking into 5 buckets (great new company, Right On Interactive - way to go, Hoosier Business!!) I would be intersted in learning how 5 buckets has helped augment your SalesForce use for marketing and sales.

On another note, I used to work for a SaaS development company in Carmel - a Strategic Sourcing tool that worked well within large ERP solutions. Great tools that really demonstrated significant ROI. I'm a SaaS believer.

▶ Reply to This

Permalink Reply by Robby Slaughter on June 23, 2009 at 4:06pm

Do I buy software-as-a-service?

Of course not. That's because almost nobody actually sells software as a service. You don't rent software to install on your computer, you either acquire it outright, or you trust somebody else to run that software for you at a remote location.

So why is there a multi-billion dollar SaaS industry? That's because someone decided to rebrand the old term "Application Service Provider" as "Software as a Service." But the service you receive is not really software. Rather, it's the right to use someone else's software on someone else's infrastructure.

This is an essential difference. When you buy electric power or water as a service, you pay someone to deliver the resource to you, and then you can do anything you want with it. You can store the electricity in batteries or the water in tanks. When you subscribe to satellite radio as a service, you can listen to the information live or you can record it and listen to it later (although some lawyer might tell you that's not okay, even if the RIAA says otherwise.)

But SaaS -- or actually, the right-to-use-someone-elses-software-on-their-infrastructure-as-a-service does not have this benefit. It is the software provider that decides what you can and cannot do with their software. They can remove features, control access, and even attempt to prevent you from backing up your content if they want.

Finally, so-called SaaS creates a serious trust relationship with the SaaS provider. If they make a mistake, modify their business model or make other changes that impact the way you use their service, you could be in trouble. This is not the case with electricity, water or radio. All of the power you've saved, water you've collected, or songs you've recorded are still yours. But with SaaS, if the company goes down, your data is gone.

This does happen. For example, JournalSpace went dead and thousands of users lost all data instantly.

Now, does that mean you should never use what is incorrectly called SaaS? No---rather, it just means you should understand that it is not actually software for rent. It's not like the difference between buying or leasing a car, it's like the difference between having your own car and having a car service which also keeps lots of your irreplaceable stuff in their cars. If you implicitly trust that service, you are fine.

Personally, I only use software applications hosted elsewhere if there is a way for me to seamlessly leave that platform. If I use WordPress.com to host a blog, it's only because I can download the contents of that blog and instantly republish it again elsewhere, since WordPress.com is widely available. If I use Constant Contact for email marketing, it's only because I can download my templates and my email list and get going again pretty quickly on a competitor site or on a locally hosted installation. And if I use a service which suggests I use their name as my definitive address (such as FeedBurner), I instead use a redirector so that I can point people somewhere else later.

Software-as-a-Service is a myth. It's actually the right to use software that is usually proprietary to someone else which is hosted on their infrastructure and only in the prescribed manner that they allow. If you're fine with those caveats, go for it. If you don't know what they mean, make sure you know the risks before giving up Freedom Zero.

▶ Reply to This

Permalink Reply by Tino Marquez Jr. on June 23, 2009 at 6:26pm

Thank you! As an IT consultant I've been leery of pushing any of my clients to jump on this bandwagon. Also, from what I understand, is that the SaS provider can be subpoenaed to allow gov agencies access to your data without even being obligated to inform you? And another thing, is this really a viable solution and money savings miracle for small offices like everyone claims it to be. If a small business is dependent on 24/7 connectivity to the SaS provider for their applications and there is an outage of any kind, let’s say the small business internet connection, they would be in a world of hurt.

And you also nailed it about the backups… Then there are documentation issues, specific to your data. You don’t have this control with SaS. It is probably in the fine print of most SaS providers (and almost all Software EULAs I’ve ever seen) that you can’t not place any blame on them for any damages, etc. For my type of work, some of the SaS I’m looking into acquiring, should I ever want to leave the SaS, I have to pay a hefty fee to have them hand me my data…and even then it is in RAW tables only (dump).

Really enjoyed reading this one friend.

▶ Reply to This

Permalink Reply by Robby Slaughter on June 23, 2009 at 6:52pm

I should reply to some of your points out of fairness:

Is it cheaper to use Google Docs than it is to use Microsoft Word? Under normal circumstances, absolutely. Google Apps is basically free, whereas you have to pay for Word. But of course, if Google loses your documents---and you don't have a local backup---you are up the virtual equivalent of a creek. (This does happen: http://www.google.com/support/forum/p/Google+Docs/thread?tid=26732e....) As you pointed out, Google Docs is worthless if your Internet is down. It's also problematic if you are using some feature that they decide to discontinue, etc.

Most fairly serious SaaS providers use forms of encryption that cannot be unlocked without your permission. Even if someone came knocking with a subpoena, they would not be able to look at your data without your passwords. But again, just because they can use secure procedures doesn't mean they actually do. The poster child for SaaS, 37 Signals, actually stores user passwords as plain text!

Ultimately, SaaS is about trusting someone else to make software available in the way you want it and to protect your data as well or better than you can yourself. If you are ready to take that risk, SaaS is right for you.

But please, we have to stop calling it SaaS. It's just Application Service Provider, ASPs, all over again.

▶ Reply to This

Permalink Reply by Tino Marquez Jr. on June 23, 2009 at 10:57pm

Agreed then ASPs. Lets take this further... as an IT consultant, I've had to conduct and document various industry audits, such as PCIDSS, SOX, and so on. If your entire infrastructure is "in the cloud", I wonder how you would have any control over these audits as I would have to imagine the ASP would not want to release vital details of the infrastructure to every customer. And certain industries require very strict retention/destruction policies of their backed up data.

Obviously, I've yet to experience this scenario, but in order to survive PCIDSS and address/document any issues, you have to have an intimate knowledge of the infrastructure. Some company reports I've had to do for SOX require knowing when the administrative passwords were last changed for the systems. I do not see an ASP wanting to give up this info either openly, but I could be wrong, but either way, the coordination between your techs and their techs would be frustrating.

And maybe on the far fetched side, but how secure is your data at the ASP when your competition also uses the same ASP? At least when your applications are internal, you're responsible for the security and at what level it is implemented, checked, re-checked, and further scrutinized. And when you’re a knowledgeable IT Director, Engineer over seeing staff, you have some say in the skill set of who is guarding your data. Not to be overly critical, but typically you will always be dealing with tier 1 support until something really hits the fan.

Don't get me wrong I do see some benefits, but it isn't the magic bullet that is marketed as in my humble IT opinion.

▶ Reply to This

Permalink Reply by Chris Baggott on June 24, 2009 at 10:17am

Couple of points. These are all marketing terms, but there is a difference between an ASP and SaaS. ASP are separate instances of software that are hosted by someone else. Oracle has a big ASP business. SaaS is understood to be a multi-tenant architecture, meaning a single instance of the software that is scaled, partitioned and shared.

I won't go into a debate here over the merits of each...it's obvious where I stand considering I've started two successful SaaS companies. :-)

As for security, the folks commenting on this are right. this is about who do you trust. SaaS companies have to undergo rigorous security audits, continual hacker attacks and a lot more scrutiny than any single organization would ever have to endure. I invite anyone to do some research on any of the published data breaches in the past 4 years. DSW, TJMaxx (who just settled their lawsuit yesterday) http://datalossdb.org/index/largest You will find that they all came from in house data management. The problem with in-house IT is the surgeon or lawyer thing.....everyone things that "Theirs is the Best".

Ask anyone going under the knife and they'll tell you all about it...ending with "My doctors the best" Of course this is impossible for normal people to know...it's a black box. Just like IT guys for most businesses. So who do you trust becomes a big issue. Do you trust a SaaS vendor who can document their security audits or do you trust Bill, a local IT guy?

I'm trying to understand Robby's point about who manages the software.

"This is an essential difference. When you buy electric power or water as a service, you pay someone to deliver the resource to you, and then you can do anything you want with it. You can store the electricity in batteries or the water in tanks."

Ok....but 99% of us just want to wash dishes not manage water. Why would anyone want to add an extra cost and distraction of managing water? Sure we could, but why? I've never heard of a SaaS company that didn't listen to their customers or not give back Data? One other great thing about SaaS is that the switching costs are really low. I'm on ExactTarget for our Email. If I want to change I could download my data and be up with a new vendor in about 45 minutes. Same with Salesforce.com, might take a day to switch to NetSuite and trust me, just like moving my 401K the vendors are happy to do this work for you. Compare that to the switching costs of installed solutions.....

▶ Reply to This

Permalink Reply by Robby Slaughter on June 24, 2009 at 11:45am

Whether a vendor's application is hosted on as independent instances on separate infrastructure or is running as one monolithic application is not a significant business model distinction. In fact, there is considerably *more* risk in the latter approach in some regards, because a bug in the software which originated in one corner could affect many people.

Consider the Google outage of May, 2009 (see http://www.pcworld.com/article/164946/google_outage_lesson_dont_get...). Millions of people held their breath because the architecture of their software/hardware system was not sufficiently segmented to prevent this kind of failure.

In either case, the essential offering is a remotely-hosted software application. There are many engineering solutions to mitigate risks and reduce the chances of cross contamination, but no matter which you use all have the above problems. That's not to say that remotely-hosted software applications don't have their benefits, just that they aren't a panacea.

As for security, the folks commenting on this are right. this is about who do you trust.

The flip side of trust is verification. If you host your application yourself, or if you use a vendor which gives you full access to their facility and codebase, than you can verify their work. Sure, there will always be problems of expertise. But if I am trusting a remotely-hosted application provider to do the right thing I also want to be able to verify their work. You can hire another accountant to review your books or get a second opinion from another doctor, but it's much harder to have someone do an equivalent review of business practices at a hosted application vendor.

Now, Chris is right that many "SaaS vendors" are going through the compliance process to meet rigorous auditing standards. This is a good step and will help address risks and enable the "verification" to occur by qualified experts. But it's only beginning and there are still lots of vendors with varying degrees of competence. As a customer, all I can do is check the reports and do simple, non-conclusive tests like three-click monte.

Ok....but 99% of us just want to wash dishes not manage water. Why would anyone want to add an extra cost and distraction of managing water?

Water as a service does not force you to manage water, it just gives you the right to manage water in any way you want. The water company doesn't really care what you do with the water, as long as you pay for it. If you want to store it, resell it, waste it, that's your prerogative.

But a remotely hosted application provider is not like someone delivering water as a service so you can wash dishes. Instead, it's a centralized location where you can show up with dirty dishes and make use of the latest and greatest technologies that they offer. If you come up with a different use for water---say filling up your new water-powered car---the remotely hosted water-for-dish-washing-service gets to decide if you can do that. They can also deny you access if you show up with a dish that they don't want to clean, or is too large or fragile for their systems. Of course, if they decide to change their offering, you are out of luck, since you can't "save up" visits like you could "save up" water. Your rights for how to use the resource are limited by the vendor.

But again, if your vendor is someone you trust hopefully this won't be a problem.

SI and the Ning platform are a great example of the risks of so-called SaaS. I recently tried to find and old comment I posted to help someone out---and learned that due to a glitch that content was gone. I had to reproduce the text basically from scratch.

However, I do think it's unfair to imply that the costs are cheaper when switching between one remotely hosted application provider and another versus installed solutions. If anything, the installed solution should be easier because the customer has maximum control over the application. The customer isn't going to be limited by say, Internet connectivity, usage or bandwidth caps, or the vendor's uptime. From a practical standpoint, there are much better tools for data export/import and ETL for installed solutions than over the web (although there's no technical reason why they cannot be equivalent.)

Now, to be fair, it's probably the case that eventually, all software will be SaaS, in the true sense of the term. But I don't think it will look like what we have today---with proprietary, closed source software running on remote infrastructure. Instead, I think we'll eventually see all software as open source running on distributed infrastructure. This is already starting to be true: a significant part of the code that is running Smaller Indiana (a form of remotely-hosted application provider) is actually running inside my browser, not at the remote sites. And with the Compendium Blogware competitor WordPress, this is already the case. If you want to leave the paid version of WordPress.com and move your blog to your own infrastructure, it's almost zero effort: install the open source WordPress code, export/import, and away you go.

At the end of the day: who do you trust? Companies like CB have a great reputation and there is good reason to trust them. But ultimately, software is NOT sold as a service today. Your business is selling a temporary right to access proprietary application on your terms. The software is not sent to the customer; the customer comes to you and interacts in the way you think is best for your mutual benefit.

▶ Reply to This

Permalink Reply by Chris Baggott on June 24, 2009 at 12:41pm

Very well written and presented Robby. Let me ask one final question. Couple of things related to downtime. All software goes down, hosted or in house. So even though SaaS outages get well publicized they are still a lot more infrequent than most installed software. Here is a great analysis of the Google outage:

"...I think it should be expected. E-mail outages are not uncommon, regardless [of whether] the infrastructure is on-premise or hosted. If you were to look at an in-house infrastructure, it also experiences downtime. If Bank of America's e-mail goes down, they're not going to get on the phone with you and say, "Hey, guess what just happened!" They're not necessarily trying to keep it a secret, but they're not trying to make it well known, either. The Google Mail outages is given more attention, and it will give SaaS a black eye. But if you look at Google's records, Gmail is still well over 99% available."

So looking at outages on SaaS you still have to ask: Compared to What? Just like security...If I accept a standard for uptime, who do I trust most to keep that standard.

I'd also like to define "Customer". You present the case: "If you want to leave the paid version of WordPress.com and move your blog to your own infrastructure, it's almost zero effort: install the open source WordPress code, export/import, and away you go."

Who is going to do that? You imply that a "Customer" can do this.

I define the Customer as the user. To the user there is always a middleman that stands between the technology and the use of the technology.

What's easy for you to do is impossible for me, or for big companies might be a waste of resources. Small companies need to hire expertise to do this anyway, and big companies have valuable resources that add a lot of cost and complexity....call it 'friction' that stands between the software users and the suppliers. Often in big companies they find SaaS vendors to be significantly more responsive to their needs than in house tech teams.

In my own case, a director of marketing holds my life in her hands....where she might not even be able to schedule a meeting with Corporate IT.

Same point on security verification. The Customer can't do this, they have to hire someone to do it. So we hire a local person or we have an employee and hope he or she knows what they are talking about, or we use the SaaS software that has already been vetted by hundreds of companies.

I think the core issue in this particular discussion is that tech people think technology is easy. The rest of us think it's a nightmare. We just want to do our jobs, get the benefit of software without having to mess with "installing code" or managing hardware or accessing help.

Heading over to the Big Ideas Thing? Will I see you there?

▶ Reply to This

Permalink Reply by Brian Wolff on June 25, 2009 at 6:07pm

Chris: You've hit the nail on the head on both fronts - SaaS companies are delivering user functionality and business value by obscuring the need for IT expertise and by providing SLAs to guarantee uptime and availability. The market will decide if the functionality is worth paying for. With respect to uptime/downtime: If the site continously goes down -that SaaS company will either fail or they'll need inhouse experts on their side (or providers like BlueLock :)) who can engineer an infrastructure that will be up an acceptable level of time. SaaS providers have an advantage here because they can "spread" the cost of their IT expertise and infrastructure across their entire base vs. requiring each company to hire a cadre of IT experts dedicated to keeping the infrastructure and the software online.

Robby: I'm not sure I agree with you on the open source front - there are way too many "players" in the IT World with way too much market cap to protect to allow the World to go open source. Sure open source has it's place, but Oracle, Microsoft, SAP, IBM et. al are certainly not going to pack their tents and go home. They are creating and delivering value - again through their people/expertise in writing software that is "ready to use"....

Again - great discussion....additional thoughts?

▶ Reply to This

• First
• Previous
• Next
• Last