Evaluating and selecting a SaaS vendor is more of an “Art” than “Science”. Each SaaS vendor has an unique identity and offers different products and services for different industries.
I am an early adopter of SaaS….back in early 2006 when the SaaS concept was taking shape and new terms such as IaaS, PaaS were popping up. I was truly amazed with the whole concept as it was “truly” different than its predecessor “ASP” model and a “true” pay as you go model.
For every business/IT initiative, I see whether we can go the SaaS way. So far I have evaluated, selected and implemented 12+ SaaS applications across various business functions and processes – Enterprise Collaboration (Socialtext), Social Media(Higher Logic), Document Management (Box.Net), Video Collaboration(Delve Networks), Electronic Fax (Protus MyFax), CRM (Avectra), HR/Payroll(Ultipro), IT Service Desk, Operations & Management ITIL V3 (Numara Footprints), Mobile Applications (QuickMobile), Digital Publications/eBooks (Texterity) etc.
We also ended up going for a Hybrid Cloud based on-premise SaaS solution to address the Single Sign-On & Identity management (Symplified) for SaaS applications. This one was the “Mother” of all SaaS apps. This is a common challenge that many organizations are facing or will face soon as the number/usage of SaaS apps increases. See a related article on Federation 2.0: An Identity ecosystem. I have shared some comments/ideas.
We have also taken SaaS adoption and use to the next level by integrating 4 SaaS apps to provide an unique product and value to the business. For example, we integrated Document Management (Box.Net), Video Management (Delve Networks) and IT Service Desk (Numara Footprints) to our Enterprise Collaboration Platform (Socialtext). Click here to see this architecture.
As business units are free to scan the market, evaluate and select the SaaS applications without IT’s involvement (the frustration and blockers comes in when the SaaS app needs to integrate with other SaaS apps, AD or enterprise applications, it’s too late at that time), we found a way on how to manage this as well. We made IT as a “true” partner for the business and showed/demonstrated how IT can provide value to this process. We have also developed expertise in legal review of contracts (very interesting to review contracts for a change).
Top 12 Questions and Requirements for SaaS & Cloud Vendors – Technology, Security, Identity Management, Compliance, Standards
Cloud Security, Identity Management & SaaS Single Sign-On – What’s the business value?
We implemented a simple SaaS vendor evaluation and selection framework to meet our goals, objectives and needs. Please use this as a sample or for reference purposes.
Vendor Evaluation & Selection
This section covers 7 categories and primarily focuses on the vendor. I use the baseline framework and then customize the items in each category based on the business needs, requirements and product area.
- General – management team, financials, strategy, road map, support etc
- SaaS/Cloud Computing – service limits, hosted infrastructure, security, privacy, contract, SaS 70 II compliance etc
- Legal – Payment Terms – Costs based on milestones, travel expenses etc
- Legal – Specifications/Service Level Guarantees etc – Performance standards, SLAs etc
- Legal – Warranty, Indemnification – Compliance with laws, industry standards, contract terms etc
- Legal -Security – PIC, HIPAA etc
- Legal – Miscellaneous – Termination conditions, breach, extensions, options etc.
Click here to see the complete list (powered by Box.Net, our popular SaaS app for document management & collaboration). Assign the weights
based on importance, rank them and total up.
Product Features Evaluation
This section covers 4 categories. Again I use the baseline framework and then customize the items in each category based on the business needs, requirements and product area.
- Features – List of all the features that link to the business requirements.
- Architecture, Security & Support – Hosted, On-premise, Architecture, Performance, Scalability, Support reqs etc
- Integration – SAML or HTTP fed for SSO, Web services, API, database access etc
- User Experience – Ease of use, self-services, navigation etc
Click here to see the complete list. This is the sample framework that was created for Enterprise Collaboration Platform project.
With regard to SSO capability, we give a lot of importance to SaaS apps that are SAML capable (Security Assertion Markup Language). This makes integrating the SaaS apps to our internal network/identity management much easier and helps users not to remember one more login/password. (Users hate when they have to remember multiple logins/passwords for different SaaS apps as each has different password policies, I hate that as well!!!). Luckily we don’t have that challenge anymore as we have implemented Hybrid Cloud SaaS based SSO/Identity management application powered by Symplified. We are also looking into Symplified for mobile based access to SaaS apps to meet the growing use of mobile devices by users.
SaaS Reference Model
With many different options available today – Private, public, hybrid cloud based SaaS apps, it is important to understand the benefits, value, pros and cons of each model. Over the past 1 year, a new model “Hybrid Cloud” (part of category 1) is becoming popular as it provides the benefits of both SaaS and on-premise (appliance or VM). Benefits & value – behind the firewall security, better integration to the network system/AD for SSO, close proximity to internal enterprise applications etc. I have implemented 2 SaaS apps (one of them is the Enterprise Collaboration platform) on this model and it’s working out great.
- Off the Shelf Application
- Custom built application
- Hosted application
- Custom built, co-located
- Custom built, Cloud hosted
Click here to see the reference model.
SaaS Legal Addendum
Based on many SaaS implementations, we documented a standard SaaS legal addendum (with legal’s help) that we give it to the shortlisted vendors early on. This saves both the vendor and us a lot of time and helps us to focus more on the product, features, SLAs etc.
Click here to the see the sample addendum.
By demonstrating and showing the above vendor evaluation and selection process to the business, we became a “true” partner to them as we do due diligence on more items (architecture, integration, SSO, SLAs etc). As all the SaaS contracts have to go thru legal, we partnered with the legal team. So if any SaaS contract comes the legal way and IT was not part of it, we get notified and we meet with the business unit and show the above process. This framework is working out successfully and helping the organization as a whole.
Appreciate your feedback and comments.