Software as a Service (SaaS) and Cloud Computing are changing the way companies buy, deploy, and manage software. SaaS vendors deliver their applications as an online service so that their customers do not need to concern themselves with deploying and managing the software in-house. In addition, SaaS is generally offered as an on demand subscription which has many distinct advantages over the traditional upfront license and maintenance fees that companies would normally pay for on premise software.

Given that the methods for deploying and managing SaaS applications are different than traditional on-premise software, companies need to take a different approach to evaluating and purchasing SaaS solutions.

We’ve put together this SaaS Buyers Guide to help organizations make sound decisions when buying SaaS and Cloud Computing services. There are a number of factors that companies need to consider when purchasing SaaS solutions and this guide describes some of the main items that need to be evaluated:

Solution Offering

One of the first things to look at when evaluating a SaaS solution are the features and functionality of the SaaS application to make sure they meet your needs. Most SaaS vendors offer their services for a free trial period, typically for 30 days. This enables you to evaluate the product to see if it meets your requirements, and to test the usability of the solution.

If the application is missing features or functionality that you require, then ask the vendor if those items are on their roadmap. One advantage of SaaS is that upgrading is generally seamless because you don’t normally need to change any software at the user’s site, rather the vendor should be able to deploy the upgrade on their server without involving the customer. Therefore, even if the SaaS application is lacking certain features today, the vendor might be able to roll them out relatively quickly in order to satisfy the needs of their customers.

A key factor to look at when evaluating a SaaS application it the ability to integrate with other applications such as back office systems, whether they are on-demand SaaS applications or on-premise software. The SaaS vendor should offer standards based Web Services connectors for integrating with other applications or they may be partnered with a SaaS integration platform that can provide out-of-the-box connectors to many applications. You may have legacy applications that don’t support Web Services, so check if the vendor offers other options such as CSV.

Another important aspect to asses is the flexibility of the SaaS application to be customized or configured to meet the specific needs of your organization. The SaaS solution should allow you to modify the workflows of the application to match your business processes, and you may be able to change the look and feel of the application according to your preferences.

If you are a global organization you may require the SaaS solution to support language localization, and for certain types of applications, such as accounting software, you may require local currency and tax code support.

Most SaaS solutions are accessed using a web browser, but there are those applications that require a small client installed locally. Check out the minimum system requirements to make sure your users can utilize the application properly.

Cloud Computing Infrastructure & Service Delivery

One of the main differences between SaaS and traditional on-premise software is that in a SaaS environment the software is hosted by the vendor and delivered as a service. The user is completely dependent on the SaaS vendor to deliver the service reliably and securely. Therefore, when considering purchasing a SaaS application one needs to look closely at the SaaS vendor’s Cloud Computing infrastructure and service delivery capabilities.

The following are some of the key Cloud Computing infrastructure and service delivery related items that need to be evaluated when considering buying a SaaS application:

Scalability: How quickly and efficiently can the SaaS solution scale to meet an increase in demand? The type of architecture that the SaaS application is built on can affect how easy it is to scale to meet demand. Most SaaS providers deliver their solutions in a multi-tenant environment, meaning they serve multiple customers from a single shared instance of the application. A multi-tenant environment enables the vendor to scale quickly, and to seamlessly upgrade customers to the latest version. There are a number of other types of deployments used by SaaS vendors including single tenant, isolated tenant, and more. These other architectures generally don’t scale as effectively as multi-tenant, but they do offer other advantages.

Availability: Many SaaS providers offer high “guaranteed” uptime of their services, with some guaranteeing 99.99% availability. Ask the vendor for their historical monitoring reports to see the actual uptime of their services and ensure that they have redundancy infrastructure in place to help guarantee reliability. In addition, many vendors offer real-time system availability monitoring on their website where you can view the status of their service. Most vendors have scheduled shutdowns for application maintenance, and you should make sure the vendor is clear about the schedule up front.

Performance: Because SaaS applications are hosted remotely and delivered over the Internet it is essential to test the performance of the service remotely. If your organization has users that will access the SaaS application from different geographies than it would be best to test the performance from each of the individual locations.

Security: When evaluating a SaaS application it’s important to assess the end to end security measures that the SaaS provider has put in place. The technology and methods that the vendor uses for authenticating users, data transfer encryption, security of the stored data, server security, and general data center security must all be analyzed. In addition, because the application is hosted by the vendor it’s essential to check their access control systems to see who from the vendor organization has access to the application and servers.

Hosting Facility:  Inquire as to where the SaaS servers are physically hosted. If it’s in a third party data center then make sure that the hosting provider is a viable company that you are willing to rely on. The servers should be hosted in multiple geographic locations in case on data center is down, and they should have a process for regular back-ups to ensure a smooth reliable service.

Service Provisioning: The SaaS provider should have a clear process for adding or removing users and for modifying existing user accounts. They may offer tools for self-provisioning where you can add or edit your own user’s information and application access rights, as well as track the application usage of the different users in your organization.

SAS 70 Certification: Statement on Auditing Standards (SAS) 70, created by the American Institute of Certified Public Accountants (AICPA), is an auditing standard for service organizations.  A SAS 70 audit examines the service provider control objectives and activities, including their information technology related controls and processes. SAS 70 Type II certification includes the description of the controls that the service organization has put in place, as well as detailed testing of those controls. When assessing a SaaS provider, it is important to check that they undergo SAS 70 audits regularly, and ideally they should have SAS 70 Type II certification in place.

Disaster Recovery: If the application you are assessing is mission critical then it’s important to ensure that the SaaS vendor has a disaster recovery plan in place. There are three main types of measures that should be included in a disaster recovery plan – preventive, detective, and corrective. In addition, the plan should include key metrics of recovery point objective (RPO) and recovery time objective (RTO) for different processes. RPO refers to the point of time to which the data must be recovered, and RTO is the length of time and service level within which the service needs to be restored after a disaster.

Data Migration: When evaluating a SaaS solution it is essential to ensure that if you decide to eventually move to another vendor you can take your data with you. In order to avoid SaaS vendor lock-in, where it would be very difficult for you to move to another provider, you should check the provider’s data portability policy and processes and ensure that they are covered in the contract. If at some point you decide to use a different vendor you should at the very least be able to receive all the data you stored on the vendors systems, and you may be able to obtain the log files, audit trails, and application access logs as well.

Service Level Agreement (SLA): The SLA is the part of the SaaS service agreement that defines the level of service that the SaaS vendor guarantees. The SLA should include the service operation functions described above including items such as the SaaS service availability, performance, maintenance, backup, and disaster recovery. The SLA should also cover security and data portability related issues, as well as how frequently the SaaS vendor will undergo SAS 70 audits.  The SLA should also guarantee response times for technical support and should include an error resolution process for different levels of problems.

The SLA should also define penalties in case the SaaS vendor does not meet the service level obligations. Most vendors offer Service Credits if they fail to meet the SLA, and some vendors even offer cash penalties that they pay to their customers in the event that they don’t meet the guarantees. Finally, play close attention to the termination clause to see how you can get out of the contract if the SaaS provider continuously fails to meet their SLA commitments.

Customer Support

When evaluating a SaaS solution it is essential to examine the SaaS provider’s customer support set-up. Many SaaS vendors offer 24x7 support, but at a minimum you should ensure that the vendor provides support during your normal business hours. It is advisable to inquire about the number of support staff, where they are located, and if they offer support in multiple languages. Ask to see their customer support policy and their error resolution times to make sure that you have a clear understanding of what level of support to expect.

Pricing

SaaS vendors generally charge a subscription fee for their services. The subscription is typically a monthly, quarterly, or annual subscription, and the contract term is usually between one and three years. The subscription could be based on a fee per user, concurrent users, transaction fee, or other metrics that are relevant to the specific SaaS application.

You should make sure that the billing and payment terms are clearly defined in the contract, and the contract should specify any additional costs such as possible initial set-ups fees, professional services charges, or customization costs. In addition you should find out the level of training and support that are included in your subscription. It is also advisable to examine the SaaS vendor’s policies for making changes to your subscriptions, such as adding or reducing the number of users on your account, and the contract renewal terms. Lastly, you should check whether there are any early termination fees if for some reason you decide to end the contract early.

Company Stability and Experience

Buyers of SaaS solutions rely on the vendor to deliver the service day in and day out, so it’s critical to ensure that the vendor has the stability and experience to deliver the service reliably and consistently. When assessing a SaaS provider, find out the year they were founded, the location of their headquarters, the experience of the management team, and the number of employees, specifically the number of customer support personnel, development engineers, and quality assurance specialists.

One important aspect to look into is the SaaS provider’s financial stability. Check the SaaS vendor’s website to see if they are a publicly traded or private company. If the vendor is public then review the investor relations section on the website where you can find their recent financial reports. If the company is private then find out whether the investors are individuals or from a professional investing firm. A good source of information is on the news section of the SaaS vendor’s website where you can review their press releases to see if the company announced any recent investments.

One key to assessing a SaaS provider’s capabilities in delivering a quality service is to check their customer references. The vendor should share customer references and case studies, and they may even connect you to customers that you can speak with directly. It’s also a good idea to try and find out how many customers the SaaS vendor has and the customer renewal rate, which is a good indicator of how satisfied the customers are with the solution.

To summarize there are many factors that need to be evaluated when buying SaaS solutions. We’ve discussed assessing the solution offering, Cloud Computing infrastructure & service delivery capabilities, customer support, pricing, and company stability and experience. There may be other aspects that are not covered in this SaaS Buyers Guide that you may need to evaluate depending on your organizations specific requirements. And you should of course consult your own attorney, accountant, technical consultant, or any other people that could help you select the SaaS solution that is right for you and your organization.