SaaS To The Rescue

When I joined the Humane Society of the United States in mid-2005, our new CEO, Wayne Pacelle, had just begun a vigorous acceleration of programs and fund raising for animal advocacy. Since then, revenue has jumped significantly, and so have requirements for IT to support new initiatives. This is a happy situation for any CIO, and one in which SaaS has helped us rapidly implement new applications.

Fund raising stimulated our first encounter with SaaS. Many contributions are made via credit card, and a major requirement for organizations processing credit cards is compliance with the Payment Card Industry Data Security Standard, or PCI. Compliance requires, among other mandates, that merchants maintain a secure network, encrypt stored cardholder information, have vulnerability management processes in place, and regularly monitor their security posture. Failure to comply can be costly: fines, restrictions, and even permanent expulsion from card-acceptance programs.

PCI went into effect just before I joined the Humane Society, so there was an urgent mandate to protect our revenue stream with compliance. We already had strong security measures in place, but we lacked a reliable, automated way to conduct independent network security audits and securely transmit compliance reports to acquiring banks. That's when we discovered SaaS.

Qualys introduced us to the notion of on-demand with its SaaS-based network vulnerability management and compliance service called QualysGuard. Our heritage with IT has been the do-it-yourself approach of running an in-house infrastructure of servers and software applications. Our main constituent database is housed on an IBM AS/400. We also run a VPN that connects eight regional offices and field representatives in more than 30 states. We control everything internally.

SaaS opened our eyes to a new way of doing things. With QualysGuard, we didn't need to install any software or infrastructure. QualysGuard runs on Qualys' own secure global infrastructure, so we run security audits on-demand over the Internet with a standard Web browser. The application automatically finds all vulnerabilities on our local and remote network, provides directions to our IT staff for remediation, and submits PCI audit reports to our acquiring banks.

Automation eliminated a major concern for PCI compliance. Trouble was, I had reservations about relinquishing control of such a vital application to a third-party service provider. In years past, I probably wouldn't have considered SaaS. On the other hand, our small IT department was finding it harder to do ongoing maintenance of existing applications. A concomitant initiative to implement disaster recovery for key applications made me rethink SaaS as an opportunity. As it turns out, we were able to use QualysGuard right away without incident.

This positive SaaS experience erased our reticence in considering the on-demand model for new applications. Suggestions for these typically arise during monthly meetings of our technology steering committee. I established this cross-functional team to bring together business users, who are far more informed about their apps and requirements than technical experts. Our IT staff uses this forum to demonstrate potential solutions to business problems defined by our user community and to gauge which solutions will be a good fit.SAAS ON THE FRONT LINESOur senior director of member loyalty, conferences, and events pushed for more automation in her group, which has been especially affected by new initiatives to increase contributions and interaction with members. E-mail has been the group's lifeblood, and an uptick in membership activity caused messages to swamp employees' in-boxes. Although the increased volume was affecting response time, it didn't make financial sense to add staff to answer routine queries such as address or name changes. A push for more automation resulted in the addition of SaaS applications for event management, gift matching, and member support.

SaaS will help ease the burden of routine e-mail with an on-demand customer service solution. The system selected will be integrated with the Humane Society's Web site to provide a self-service customer portal, which is backed by a knowledge base for instant responses to a wide range of typical questions from members and even our own staff. A built-in query-ticket system allows unique questions from members to flow through customized rules and filters for faster response. The membership department is working closely with our online communications department to ensure seamless integration of the SaaS application into our Web site. Deployment will take about four months.

Humane Society events also are an important mechanism for member interaction. Planning and managing them used to be a labor-intensive manual process, so we deployed another SaaS application to automate tasks such as event e-mail marketing, online registration, payment processing, and reporting. The process of deployment took about one month. For fund raising, we're implementing a SaaS gift-matching service for our Web site to help donors instantly know if their employers will match a gift, how much the employer will contribute, and related procedures to process the funds.Cost-consciousness is in our DNA, so we'll continue to consider SaaS for deployment of new applications and replacement of old ones. SaaS is our future, and it has earned its place as a technology-delivery path for improving our business.

Beverly Magda is CIO and director of information systems and technology at the Humane Society of the United States.

Continue to the sidebar:
SaaS CIO ChecklistContinue to the story:
Tips For Making The Most Of SaaS