Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=202102628
Software as a service is an alluring concept to IT pros faced with endless software upgrades, patching, and license wrangling. Gartner estimates the market for enterprise applications as a service will enjoy compound annual growth of 22% through 2011. That's more than double the rate for all enterprise software.
One big reason businesses turn to SaaS is cost savings. According to a total cost of ownership study conducted by Network Computing in March, CRM as a service for 105 users saved as much as $135,000 over three years compared with on-premises CRM. Savings came primarily from eliminating the need for hardware and software.
IT pros shouldn't dismiss SaaS without articulating your reasons. Line-of-business folks have been known to make end runs, so if SaaS isn't appropriate for a given app, be prepared to explain why.
Another significant driver is speed of deployment. There's no hardware to provision, and product evaluations and due diligence are streamlined because potential customers can easily test the service.
Make absolutely certain that your network and the service provider's network are up to par, and insist on a service-level agreement. Poor network performance can slow applications to a crawl, frustrating users and harming productivity. In the worst-case scenario, a total service outage can bring business to a halt. Negotiate SLAs that clarify how service delivery is measured, and specify penalties or compensation in the event something breaks.
SaaS is a way to access capabilities that would otherwise be too complex or expensive to do in-house. For instance, Web application security assessments require specialized skills, and the cost of a full-time employee or outside consultants can be prohibitive. A service-based assessment is a lower-cost alternative.
NOTHING TO CHANCE
Speaking of security, you won't feel so smart if sensitive data stored at facilities outside your control goes missing. IT must vet the provider's data centers, including physical and logical access controls, network security systems, data backup and archiving, and business continuity and disaster recovery plans. You may want to invest in software and hardware to extract data from the provider to ensure that you always have a copy of critical information.
On the application security front, many SaaS providers rely on Ajax and other rich Internet application capabilities, which can introduce new vulnerabilities. Ask about software development practices, and be clear on how the provider will respond to bugs and security flaws.