SaaS concerns and S+S

  • Article

I was pointed to an article by John Dvorak on the feasibility of SaaS as a business model given concerns around privacy. It reads as a bit of an alarmist article to me since its main point seems to be that US based SaaS providers are subject to US Government warrants and possible spying could take place.

That by itself is a valid point and should raise concerns as to the type of data that companies will host with their Software as a Service (SaaS) provider. But this is not news, as a company you always you have to decide which functions (and therefore data) are mission critical, sensitive or the focus of your business. These are not good candidates for the hosted model as they should be the differentiators of your company. Once you choose a hosted (Saas) model for a particular function (eg. Payroll), you’re basically saying this function is a commodity and not something that sets my company apart (basically a cost) and should therefore not be very sensitive (with the exception of email). 

 

Now it’s very true that the EU and Canada have much stricter privacy laws than the US, but this should lead to the conclusion that SaaS companies should be set up outside the US to allay these fears and this is what I'm looking to promote locally. There is also a lot of discussion on how US laws affect both US companies that deal with international clients and US companies that host their physical servers outside the US; but in summary, no one is really sure

 

The bigger issue, rather than the hypothetical scenario of the US government spying on you, is the breach of security that we see happening all the time.  Hosted data that is made available over the net (as the business model of SaaS) is much more open to attack than internal data. What SaaS providers are saying is that they’ll make it secure, because they’re the experts. This is what every enterprise has to think about.

In the article it mentioned both Google and Microsoft as being susceptible to these concerns, I think this is certainly true for pure SaaS providers but it only reinforces Microsoft's S+S strategy. As we always say, some things should be kept on-site (Software) and some hosted (Services) ; so if you’re concerned about privacy or spying, keep those things in house on Software and only use Services (SaaS) for the commodity things that are purely a cost center or to augment your software. This should be a lot more of a concern for companies that follow only the SaaS model, everything in the cloud, companies such as Salesforce.com and Google and many others.