Whatโs holding users back? Potential security risks and a loss of IT control topped the list of perceived barriers to software-as-a-service (SaaS) adoption. With so much trepidation in the air, Computerworld decided to get the real scoop, so we interviewed six executives who have tackled SaaS projects.
What has been the greatest benefit from your use of SaaS?
Ken Harris, Shaklee Corp.: โThe first, far and away, is the ability to get solutions up quickly. You donโt have to build out an infrastructure or expand your IT staff.โ
Kevin Raybon, NEC Unified Solutions Inc.: โI call it value control. When I have features and functions that need to be developed, I can roll them out and keep moving. Iโm not in the IT department. With IT, there is always a big-bang initiative that lasts about 18 months, and the pace of our business does not lend itself to that.โ
Daniel Flax, Cowen and Co.: โThe ability to deliver services to a worldwide audience.โ
Daniel Wakeman, Educational Testing Service: โThe key benefits are speed and the lack of capital investment.โ
Kevin Harding, Imagine: โItโs being able to get more information out to more people. Managers can get real-time financial information on their departments.โ The predecessor in-house financial system gave only monthly reports, he says.
Is security an issue?
Flax: โSecurity certainly is a potential problem, and anyone who says no is not being realistic. We vet our potential vendors very carefully, and we get our audit and compliance people involved as well.โ
Daniel Chiazza, Harris Interactive Inc.: โSalesforce.com had a big scare with phishing recently. So they basically took a listing of all the IP addresses that access our applications โ where our users are, where they log in from โ and put that in a whitelist. They were very quick to react.โ
Quicker than an internal IT department might have been?
Chiazza: โYes, it can take forever to turn something around internally.โ
Wakeman: Itโs a โhuge shortcomingโ that SaaS vendors do not embrace โfederated identity managementโ standards allowing centralized identification and validation of users via a single sign-on process, he says. โWe have to manage the identities of our employees at multiple SaaS providers. We canโt say that this employee has terminated and automatically shut him off from all the systems he has access to.โ
Raybon: โThere are two ways to handle security. First, have strong contracts that hold people accountable should something happen. Second, we put information about processes in the cloud, but we keep all our proprietary corporate data back in our system of record. I keep track of sales opportunities in [Oracle CRM] On Demand, but once it turns into an order with credit information, that stays inside.โ