Here is a question I have been asked several times recently: “what happens to my data if my SaaS service provider/remote hosting service/other outsourced service fails as a business and is forced to close?”
This is one of the big fears for many potential users and there is no clear cut solution. The most sensible, if conservative answers I have heard so far essentially duck the meat of the issue – namely they say, make sure you do not put any business critical applications, services or processes on an outsourced service. So I asked some service providers for their thoughts.
Don’t put mission critical services/applications on to a service provider, at least until you are sure you have a good idea of its reliability, still remains a popular answer though there were some additional thoughts offered. One obvious step is to ask to see the financials of the service provider – or at least sufficient data to make a reasonable judgement on the long term viability of the business.
An obvious step is for users to keep backups of their data, either on their own systems or on a different remote service. This does prompt the thought that, if a user has their data on onsite systems already being kept (expensively) operational, one of the key arguments for SaaS and other remote services is greatly diminished.
There was also the suggestion that users write contracts stating they have the right, should the service provider become insolvent, to get a copy of the application with the customers data. This is effectively a form of the "source escrow" popular with traditional software. This might overcome the problem that, following a service provider’s failure as a business, a customer’s data may well be valueless unless the customer also has rights of access to and use of the associated business logic.
It might also be dependent on the structure of national legislation. For example, one opinion suggested that in the UK the failing company would probably go into administration and all existing contracts would be considered null and void. So there is the chance that a user’s date might just become an asset that the administrator could sell to the highest bidder (quite possibly a competitor). It is unlikely, but I suspect company law is a long way from being up to speed in this area.
It can be argued, of course, that there is less chance of service providers failing. The annuity business model of service provision means that, so long as the fixed costs of the business – together with a continual contribution to the upgrading and expansion of resources - are being exceeded by the revenue stream there is no danger of the business going under. In simple terms it seems a more predictable business model with fewer opportunities for `surprises’. But that does not mean it won’t happen.
But, as I have observed before, this is a psychological minefield for the users, and one where the service providers may be obliged to `be seen’ to offer more tangible support. There has been at least one attempt at an insurance scheme – SaaS Capital. But that did not get much traction in the marketplace.
One alternative that might work is the model adopted by travel agents, certainly in the UK. The Association of British Travel Agents (ABTA) runs a Bond scheme, where all members contribute to a fund that is intended for use when a travel company fails. The fund is then used to repatriate customers and, if possible, reimburse pre-payments. Perhaps a similar model could be established by service providers, if only so payments could be made to the administrators of failed service providers for releasing those `assets’ that are arguably the property of that company’s customers.
Some service providers seem to like the idea, in theory at least, but doubt it will happen in practice. The reasons are tied into user perceptions and brand images. For example, some service providers will use their financial viability (assuming they have it) as a marketing message. The corollary of that, of course, is that any service provider that is a Bond member might be seen as indicating to potential customers that the management suspected it actually might fail.
Martin Banks has been an observer and commentator on the technologies and businesses of the electronics and IT industries since 1968. As one of the UK’s leading specialist journalists he has observed the development of IT systems and their impact on both individuals and business since the emergence of the first semiconductor memory chips and, subsequently, the first microprocessors. Martin recently took on the Infrastructure Implementation brief for Bloor Research, in which role he specialises in covering the infrastructure and systems required to deliver applications and services to enterprise users, from servers, mainframe systems and data centres through to architectures and operational concepts such as Service Oriented Architectures (SOA) and Software as a Service (SaaS).