How can I be sure that my data will be secure?

Dane Anderson, Research VP of Springboard Research, believes that "companies should not take privacy or security lightly when leveraging SaaS (Software as a Service)and that they should ask their provider relevant questions, but after taking the necessary precautions the risk is acceptable and manageable." 

Security and privacy are concerns whether you subscribe to SaaS or purchase software and implement it on in-house servers. A SaaS vendor you can trust offers you the level of security you need while saving your organization the expense and effort required to house, deliver, and back up an application. 

When you're considering a SaaS subscription, ask the vendor the following security-related questions: 

• Is your production equipment housed in a state-of-the-art colocation facility?
•  What are the security arrangements for the facility? Are they in place 24 hours a day, 365 days a year?
• On what type of infrastructure do you host data? What are the virus protection arrangements?
•  Do you contract with an independent third party vendor to receive periodic external and internal vulnerability scans?
•  How often do you back up data and where are the backups stored?
•  What level of data encryption do you use to protect website transactions?
•  What is your privacy policy?

How do I know the application will be available when I need it?

SaaS is not a new, untested software delivery model. NetSuite and Salesforce.com have been around for more than five years and have tens of thousands of subscribers, including large Global 2000 organizations, such as AOL and Nokia. 

Reliable SaaS vendors put safeguards in place to ensure near constant availability of their applications. When considering a SaaS subscription, ask for a service level agreement that guarantees a specific percentage of uptime. In addition, ask the vendor the following questions: 

• Do you offer full hardware redundancy to avoid consequences from equipment failure?
• Does your data center have redundant power supplies, such as battery and diesel generator backups, to avoid consequences from a power failure?
• Is your server farm scalable to quickly meet a sudden increase in demand?
• Does your staff include a highly qualified Operations team that monitors the site 24 hours a day, 365 days a year?

Will I lose control of my data?

When you subscribe to a SaaS application, your application data is stored on the vendor's servers rather than on your own servers.

If you're concerned about losing control over your data, ask the following questions:

• Do you have a data back up process in place?
• Where and how do you store the backups?
• Can I export my data in a format that I can easily re-use?

Should I use an open source or a "Standard" application? 

Paul Gillin, in a column on the SMB News website, points out that an organization looking for a solution outside of the traditional licensed software model can go in a couple of different directions.

The organization can choose an application from the "exploding open source market" or contact one ofthe "scores of new vendors that host applications outside of the customer's site and deliver service overthe Internet."

But which is the better choice? As Gillin points out, that depends upon which factors the organization cares most about. The following table compares open source and SaaS on four different criteria: