Protecting your saas investments

by admin on August 19, 2009

in Cloud Computing/SaaS

One of the key questions I get asked is: ‘What happens if my saas provider goes away?’ There’s no denying the market is moving very quickly and that vendors are popping up almost on a monthly basis. It is therefore a legitimate question when there are so many players, the market is immature and has yet to consolidate. The risk that you might wake up one day and find you can’t gain access is real. The recent demise of tr.im (and its subsequent resurrection) is a case in point. There are plenty of other examples in the TechCrunch deadpool. Similarly, you can never be sure if your provider is building to flip as a potential acquisition target. What happens when a vendor gets acquired?

Past experience suggests that many applications are slowly but irrevocably retired or don’t see the development effort customers might otherwise expect. That isn’t always the case. I can easily imagine a large vendor coming to the market by acquisition though I would be sceptical about how well that might work.

One answer is to request that code is put into escrow. One announcement caught my eye:

“A recent report from Forrester shows that SaaS backup and security policies are one of the three major concerns of companies interested in SaaS, which Gartner predicts will comprise 9% of total software sales by 2012. Escrow Associates designed their SaaS contract to address the fears of the growing market, protecting data and software at a secured location, and making it available when needed.”

The internationalization of saas doesn’t make managing this aspect any easier. However, for the UK, the NCC has put out a helpful set of resources that buyers might find useful.

Comments on this entry are closed.

Chris Tanner August 20, 2009 at 12:05 pm

We've been talking closely with Jon Leigh at NCC recently about escrow. Being a full blown business app, day-to-day operation of our clients would be seriously impacted if we or our service were to become inaccessible… way more than perhaps it would be for a SaaS accounting-only app. We've lost some major deals because we don't have escrow in place.

Escrow however is however no mean feat for a SaaS vendor that may be changing their released codebase every 4 weeks. Escrow suppliers charge per upload, and provide different levels of "quality testing" -
- can the uploaded source code be read (ie are files corrupted)
- can the code be opened and installed by the client
- can the code be taken to a fully operational position by the client within a timeframe short enough to mitigate business interruption

SalesForce don't do escrow, as far as I'm aware, and I'm told that Netsuite doesn't. Not sure about Xero, probably not so much of a need since you can yoink your data out and get up and running on any other accounting app without too much hassle.

Imagine trying to migrate 150,000 sales orders, along with 10,000 product SKUs, 50,000 journal entries and 50,000 customers (typical contents of a Pearl account). Getting a copy of the source code to attempt an install on your own servers sounds much more attractive than trying to squeeze all of that into a Mamut or SAP package.

It's perhaps the biggest risk for our larger clients, but the benefits of moving their business to Pearl from "Sage-and-the-jigsaw-of-other-bolted-together-apps" tends to heavily outweigh the disadvantages. A big, scary commitment!

Escrow for SaaS seems pretty undeveloped, we need the offerings to be more cost effective, but more importantly we'd need to start re-engineering our product so that what you get out of the other end as a client would actually be usable. Building your product so that it can be used more easily after your demise? Truly a noble cause indeed.

Dennis Howlett August 20, 2009 at 12:10 pm

@chris Interesting you bring that up as a pinch point in sales: it's indicative of market risk perceptions that all/new vendors face. Yesterday I advised a buyer to obtain source code for an on prem app they need. It's the right product but the risks are there. Source code provides some peace of mind.

SFdC and NS have $$ millions in the bank and in SFdC's case $1bn+ pa sales so I doubt anyone would seriously doubt the company's viability. If anything, they're likely to be acquired. Xero is well funded so again, the risks are minimal – at least for the forseeable future.

Stuart Jones August 20, 2009 at 2:59 pm

You must have been reading my mind Dennis because if I am going to recommend a particular product to a client what should the client do (or more likely I do!) to safeguard their data.

A request from a single potential user isn't going to count a great deal I would have thought. Any ideas?

Dennis Howlett August 20, 2009 at 3:32 pm

Good question Stuart – will put recommendations into a fresh post

Previous post:

Next post: