Odds are, if you are a small to medium business (SMB), you have considered using a Software as a Service (SaaS) provider. A SaaS provider can let you do things like offload the burden of non-core (but essential) functions like email, workflows, and CRM.
When evaluating SaaS vendors, it is important to look beyond their solution offerings, beyond ‘features and benefits,’ and at the vendor itself.
Building on an earlier article (Selecting a Vendor—Things to Consider), there are some additional things to consider:
Regardless of a firm’s size, employing a SaaS provider is not without up-front costs. It can range from customization (e.g. workflows) to simple opportunity-costs involving staff retooling. You want to be sure you’ve not just spent a large % of your budget only to have the vendor abruptly close their doors (giving you a glorious opportunity to explain why you were caught off-guard).
Financial standing also directly impacts the SaaS vendor’s ability to scale to meet your own (and their other customers’) growth. Insufficient working capital directly impacts the vendor’s ability to invest in new equipment, servers, storage, and bandwidth. Earlier this week I posted a question on LinkedIn asking about readers’ top-reasons their SaaS vendors failed them. Arguably, each of the top-5 could be directly related to poor infrastructure re/investment or training–in other words having $$.
On the flip side, responding to RFP/Q/Is, I remain amazed at how infrequently customers asked even a single question about the vendor (us) or our finances. Sure, some do, but it was hardly the majority.
Here we are talking about a potential SaaS customer presuming a vendor’s security is adequate because of their size, customer base, or the like. Presumptive Security: two words that say a lot. It is important for customers to pay specific attention to the security instruments a SaaS vendor may provide them (just one facet of the ‘security’ picture).
Certifications that may sound impressive (particularly to the less informed SMB), like a “SAS 70”, are often restricted to -select services- provided by the vendor. Further, they are an internal assessment which does not extend to include the potential customer. A complete security assessments must look at the—vendor and customer—security environments together as a whole.
In subsequent post(s), I’ll spend some time talking about ASP vs. SaaS and multi-tenancy vs. single.
(photo credit: Achim Sondermann)