Don’t Rush Headlong Into Software-as-a-Service
The benefits are many, but there are some serious potential problems as well.
Magazine publishers are embracing software-as-a-service (“SaaS”) solutions in an attempt to save money and time. Recently, research firm IDC announced the SaaS market reached $13.1 billion in revenue and would experience compound annual growth near 26 percent through 2014. Before jumping on the SaaS bandwagon however, the prudent publisher should take a step back and consider the particular risks and benefits of a SaaS solution.
In its most common form, SaaS replaces the information technology associated with a business function (software and often the associated hardware and personnel) with an Internet-based service. The service is accessed via a browser and the vendor not only provides needed software, hardware and personnel, but it also stores the publisher’s data. For a monthly fee or a “pay-as-you-use” price, publishers can push and have pushed numerous business functions to the web including Web site analytics, content creation and management, customer relation management, sales lead tracking, publication production/editing and advertising management.
Pluses and Minuses
On the plus side, SaaS can save money while reducing the time it takes to deploy a solution. SaaS eliminates the upfront cost of purchasing software licenses and spending fees on customizing and configuring the software. As a solution, SaaS provides fairly uniform and standard (i.e. not client specific) features and functions. This homogenization means the transition to SaaS usually can be done quickly without drawn out and costly implementations and testing. As a hosted solution, SaaS also offers the benefits of on-demand scalability and elasticity, which allow the publisher to adjust its service consumption in real time to meet its needs. It can also be more convenient to exit a SaaS solution because there is no in-house software and hardware to dispose of or repurpose; simply terminate the services agreement.
On the minus side, SaaS requires the publisher forfeit control over its data, some of which may be highly sensitive or confidential. Inability to access company data because the SaaS solution is not available can hurt profits and reputation. Even worse, data theft can mean not only loss of face with customers but legal liability. Businesses are subject to an ever expanding range of state and federal data security and privacy laws, document retention requirements, and other standards of accountability. Moreover, the long arm of the law does not care if the loss or theft was the fault of the SaaS vendor, the publisher is still on the hook.
Accordingly, consider both the sensitivity of the data and the criticality of the business function that would be pushed to SaaS. The more sensitive the data is or the more critical the business function is to the publisher, the less likely SaaS is a good solution unless the publisher negotiates a detailed and protective agreement with the vendor. On the opposite side, a lower sensitivity or criticality tends to increase the appropriateness of using SaaS. The graphic below summarizes this balance of risk:
Requirements: 24/7 Support
If an informed decision is made to deploy a SaaS solution, then the prudent publisher needs the vendor to stand behind its solution. Specifically, a publisher should ensure that the SaaS vendor is legally promising near 24/7 availability of the service (and monetary penalties for failing to do so) and strong data protection and back up. Moreover, the publisher should find out where the vendor’s data centers or help-desk personnel are located; if outside of the United States, that is a problem because typically, no opportunity exists to inspect the foreign location. No global privacy law or standard exists yet and thus data protections vary widely.
Lastly, consider self-insuring against the risks associated with SaaS. A cyber-liability insurance can help protect the business against unauthorized access to a computer system, theft or destruction of data, hacker attacks, denial of service attacks and malicious code or violations of privacy regulations.
So look before leaping into SaaS. Understand the salient risks specific to your business and make sure the associated benefits outweigh those risks. No one wants to be the next lemming jumping off the cliff.
Christopher C. Cain is a partner in the Information Technology & Outsourcing practice of law firm Foley & Lardner LLP. He routinely counsels media companies and other businesses on issues arising from technology transactions and acquisition of SaaS solutions. Mr. Cain can be reached at firstname.lastname@example.org or 608.258.4241.