When SaaS Works and When It Hurts, Putting Your Business at Risk to Save a Buck - Part I

Whether you are a manager or the CEO of a company, you have decisions to make about what software you use, where your data resides, and what your company is willing to pay for such services. This article explores the business risks of Software as a Service (SaaS) which is very prevalent in industry today. While there are many variations of vendors providing some type of SaaS, we will define various general types and explore the impacts of each on your business. Examples and stories help the understanding process so throughout this article we will view each situation through the eyes of Tony’s Automotive Part (TAP). TAP is not a real company and Tony, the CEO, is not a real person, but we can live and learn vicariously through Tony as he journeys though decisions regarding SaaS.

What is SaaS?

Software as a Service (SaaS) is a software distribution model in which a provider hosts applications and makes them available to end-users over the internet. The availability comes in several common forms but there is a spectrum of distribution models from a provider that provides a complete system, including all data storage to a provider that gets reports from agents providing services based on the results of analysis. Prior to the prevalence of SaaS over the internet, SaaS used to be provided via a Business-to-Business (B2B) VPN connection. While very secure, it is also much more costly to deliver due to the per customer expenses involved. If there are security concerns for your operation, data, or business, B2B connections are definitely the best solution for your company. SaaS today is generally thought of as software services delivered over the internet. Next, we will explore some common types of internet delivered SaaS so that you can see and understand the impact of each decision on your business.

Full-Service SaaS Solution

A full-service SaaS solution is a service that holds all the data needed to deliver the service. These are usually the simplest to understand and discern the value of the service. Right now, TAP has just one store and about 30 employees who span the workforce from store clerk to CEO. Tony needs to pay his employees and his payroll bookkeeper just left for another company. Tony is surfing the internet looking for a solution and comes across a company that offers timekeeping and payroll services, and the system looks pretty easy to use. All Tony has to do is sign up, enter data about his employees, issue them accounts, and he is off and running. Each employee enters their time in the web-based timekeeping app, Tony validates their time, and the system pays his people. Simple. This saves Tony a lot of hassle, seems to be good value, and everyone is getting paid, but is it a good business decision? Let’s examine it in detail.

Non-Critical SaaS

Is the data provided to and held by the payroll company critical to TAP?

The system allows Tony to download reports regarding time and pay. This information is sufficient when Tony provides it to his accountant for taxes. Given this, the information the payroll company is holding is not directly critical to Tony’s business.

Is the payroll function core to Tony’s business?

TAP is an auto parts store, so employee payroll, while important, is not core to his business.

If the data being held is critical to the operation of the business, a SaaS solution is fragmenting your business. This is not advised for critical data because the data can’t be aggregated and utilized to make broader smart business decisions. Otherwise, non-critical data and non-core to the business make the SaaS solution a question of value provided rather than a business risk.

Critical SaaS

Tony’s Auto Parts has really been growing. TAP now has 20 stores and a distribution center. Tony is now looking at some automation within the distribution center to support the critical online store system. He is considering using a really cool cube robotic system that will make the e-commerce side of his business very fast and effective. However, the software provider is requiring them to use a SaaS platform that manages the picking and inventory within the robotic cube system. Is it a good business decision? Let’s examine it in detail.

Is the data provided to and held by the robotic controller SaaS software critical to TAP?

The SaaS solution requires data regarding inventory levels and exact part locations to be sent from within TAP to a third-party. TAP knows how much inventory it has inserted into the e-commerce robot, so at a summary level, it still retains the level of inventory data. It is losing the exact part location and real-time quantities available to the SaaS software.

Is e-commerce delivery of auto parts critical to Tony’s business?

TAP’s online store has been growing and providing a larger and larger portion of the overall revenue. This makes it critical to the future of TAP, which means that Tony needs to dig into the situation more and proceed with caution. To understand the business risk, TAP needs to understand several aspects of the SaaS offering.

1. Multi-Tenancy and Data Isolation – With any SaaS offering, multi-tenancy is expected. That is, the service is simultaneously supporting multiple companies while providing the services directly for you. There is an expectation that the data provided is isolated from other companies, but levels and types of isolation vary and need to be examined for business risk based on the type of data and criticality of loss or corruption.

2. Reliability, Scalability, and Elasticity – Reliability is potentially the most important aspect of a SaaS offering for critical services to Tony’s company. The e-commerce system is a critical part of the business, so what happens if the SaaS system goes down? Does TAP lose all e-commerce solutions everywhere at once? Depending on the solution, that is exactly what happens and is the most likely case. Incorporating SaaS as a critical function in your core business is extremely risky to the continuity and reputation of your business.

   Scalability and Elasticity are important for growth. As TAP grows, can the service grow with them? Can the SaaS handle the holiday rush or expand for marketing campaigns? The scalability and elasticity of the service can be governed by where the SaaS is hosted, types of equipment doing the hosting, and the maturity of the SaaS management and monitoring solution. These topics are critical to TAP’s future business and should be examined in detail.

3. Security and Compliance – Security of the SaaS solution has to be an important aspect of the decision process. Security considerations include where the solution is hosted and how mature is the overall security solution. For most SaaS solutions compliance plays only a minor part, but for healthcare, credit card, and HR type solutions, compliance can be significant. Some good questions to pose and to take into consideration are:

   1. What are the ramifications to my company if the data is lost by the SaaS company?

   2. What liability does my company have if the SaaS company is compromised?

   3. What are your reporting obligations in case of a SaaS company breach? Regardless of who is providing the service, you are responsible for the security and compliance of your data. This includes the breach reporting requirements.

4. Service-Level Agreements (SLAs) – SLA are a great way to measure and hold accountable vendors and service providers, but you must understand the limitations of an SLA. An SLA does not prevent a breach of data protection, does not prevent the service from going down unexpectedly, and will not protect your reputation when something goes very wrong within the SaaS company.

So, what should Tony and TAP do regarding their e-commerce robotic solution. If I were advising Tony, I would be telling him to find another vendor. There is no good reason to use a SaaS solution for a critical function of TAP, and it is certainly not worth the risk to the business to rely so heavily on a third-party vendor.

Data Fragmentation

With TAP’s growing business, Tony has tried to maximize the value to his customers while minimizing the number of employees and costs of doing business. Tony has signed up for SaaS services to manage nearly all of the HR functions, accounting functions, and has several SaaS partnerships with part vendors in his stores. The partnership with vendors lets the vendor set the price for items and makes them responsible for restocking merchandise. The in-stores services have vendors coming into TAP stores, restocking shelves, turning over inventory, and providing TAP with an invoice that they compare against sales records for reconciliation. Tony thinks these services have really made a positive impact on current business. Now, Tony wants to see where to expand TAP next and is thinking of an AI based smart sales system that incentivizes his employees to sell certain items based on customer profiles, profit margins, and inventory levels.

Let’s examine what issues he might have. For the next expansion project Tony needs to have employee retention and salary data. He needs to have exact inventory data for all items from all departments in the store and he needs to have customer profiles, demographics, and sales histories for each customer.

With the HR functions being run by a service company, TAP doesn’t have direct or easy access to the employee retention data and the salary data is being a limited access HR system where TAP cannot easily export the data to use with other systems. With all of the accounting functions being provided by a different service provider, a good bit of the tax and financial data is not accessible for use in an integrated solution. While TAP has good sales records for each customer, the vendor partnerships have masked why some items have sold and others have not.

Without all of the required information, Tony will not be able to construct the smart sales system desired. HR data being in one system, TAP may not have access to which employees are benefiting from the incentives. Without direct knowledge and control overall of the inventory, decisions to sell certain items becomes impossible. The vendor managed solutions, while helpful in one part of the company will prevent TAP from implementing the AI smart sales system.

SaaS systems exacerbate the problem of data fragmentation because the SaaS solution holds the data you need to make good decisions so they can perform their function. This creates a fractioned system of information. AI and machine learning systems need a holistic view of the situation requiring data from all aspects of the company. SaaS data fragmentation prevents the collection of the holistic picture to make smart decisions.

As we have seen through TAP, SaaS can be a powerful tool. A company should examine the risks and options for each situation. Over reliance on SaaS can put your business or operation in jeopardy.

Thank you for reading Part I of this series. In Part II, we explore SaaS with agents and how these solutions differ greatly. Comments are always welcome. Post your comments, questions, problems and suggestions at No-Agenda.Tech.