Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

SaaS: Red Light, Green Light: Page 2 of 5

Next, know what data analysis options the SaaS app provides. Canned reports and exports are nice, but most vendors charge extra for direct database access or customized reports. Another item to check is the vendor's ability to merge or consolidate data in the case of acquisition. One respondent to our reader survey cited data access as one of the biggest downfalls he's found regarding SaaS: "When hosted externally, databases are usually considered proprietary. If we want to analyze our own data it becomes a three-month project with huge costs."GET YOUR QUESTIONS READY
More than two-thirds of survey participants cite data security as a factor weighing against SaaS vendors. It's a slippery slope for IT: You're responsible for your internal data security, but how do you extend your requirements and mandates to your SaaS partner? A few simple lines of questioning will help clarify its capabilities. Consider:

  • Published RTO/RPO service levels: Get promises around recovery time and recovery point objectives in writing. If your rep needs you to tell him that RPO stands for "recovery point objective," find another provider. If the vendor claims five nines, ask for its disaster-recovery white paper.
  • Data center review: What's the provider's data center model? How many redundant sites does it maintain, and what geographical diversity is available? What's its replication strategy? Check its policy on providing data dumps to comply with your disaster-recovery program, including promised timelines for delivery. Are there additional charges for data archiving?
  • Penetration testing and vulnerability assessments: What outside company does testing for the provider? If it doesn't engage an independent expert, ask what security certification models it follows. As the industry continues to evolve, look for vendors to adopt a certified best-practices approach, whether leveraging ISO, ITIL, or another recognized standard.
  • Track record: The vendor landscape is awash with providers as everyone from communication providers to app vendors like Microsoft to pure-play SaaS players looks to cash in on the service trend. Yet none of these categories captured more than 30% of those currently using SaaS in our survey.