SaaS puts focus on functionality

March 23, 2009 (Computerworld) When Steven John took over as CIO at specialty chemical manufacturer H.B. Fuller Co., he inherited a North American payroll system implementation that was expensive and going nowhere.

The business units hadn't participated in the technology decision, and the project was bogged down with customization issues and other concerns. John chose to relinquish control of payroll software and switched to software as a service, or SaaS.

"I wanted to do an implementation that was simple and straightforward -- to configure but not customize -- and see the benefits of a standard, global platform," John says. "This was a way to teach, save money and outsource a noncore system." Giving up control was an easy trade-off compared with the headaches he would face trying to fix the existing software.

Indeed, SaaS has become a viable alternative to in-house enterprise software. Those who were once concerned about losing the ability to customize applications, control upgrades and execute changes are finding out that control isn't all it's cracked up to be. Here's a look at how some IT executives resolved their own software "control issues."

Customize vs. Configure
Today's SaaS offerings allow more configuration choices, frequent upgrades and more end-user collaboration than their predecessors did.

"You're getting a lot more innovation," says Ray Wang, an analyst at Forrester Research Inc. "The products are a lot more configurable than what most people have in their own applications. You can change fields, rename things, and move attributes and workflows. So there's a good level of control there."

What's more, the configuration choices are more refined and well thought-out, giving users a few good choices instead of myriad options. John found that configuration rather than customization allows H.B. Fuller to maintain its "lean core."

"I believe that more standardization leads to more agility," John says. "SaaS allows us to say, 'This is good enough ... for what we need.' So you don't end up with these horrible situations where you have these highly customized systems. We go with [configuration] option A, B or C. If one of those three doesn't meet our need, we can try to influence the next release. But in most cases, A, B or C is going to meet the need."

SaaS offerings with limited choices have also improved processes at Eden Prairie, Minn.-based 2nd Wind Exercise Equipment, which turned to SaaS for its CRM, sales and financial applications.

"We wanted to use [software] that will expand and contract with [our business]," says Chief Financial Officer Tom Kelly. "We've actually improved our processes by using these systems. Instead of looking at everything the system doesn't have, just use the tools!"

4 steps to ensure SaaS data security
The security stakes rise when companies use SaaS for human resources management or other functions that include sensitive information like Social Security numbers or home addresses. You should take these four steps to ensure that your data stays secure.

1. Perform a security audit. It's essential to conduct audits of all prospective SaaS providers. "In some cases, their security may be better than your own, but you have to make sure of that," says H.B. Fuller CIO Steven John. "Do your due diligence and make sure they have the highest standards."

2. Know when SaaS isn't right for you. "If you're a government entity that requires all your data to remain on-site, SaaS can't help you there -- or if your data has to stay in country," says Ray Wang, an analyst at Forrester Research.

3. Trust the experts. If a SaaS provider has a security breach, it can be sunk as a business, so SaaS vendors tend to be highly motivated to make sure data is secure. "But again, I would never take that at face value, so you have to do the audit," says Jennifer Roberts, a supply systems manager at Sonoco Products.

4. Get it in writing. If the business unit is leading the implementation, ask for the vendor's security protocols ahead of time and bring in IT, Roberts says. Then write security protocols into the contract. "It should be a joint decision between IT and business," she says.

If your application needs customization beyond what's offered, SaaS may not be the answer. "If you like writing your own code, building stuff or changing this all the time, it might not be for you either," Wang says. "But maybe you want to look at platform as a service as an approach. It gives you the best of both worlds. You run SaaS, and you host the application with a PaaS approach."

Losing Control vs. Gaining Empowerment

Capital equipment manufacturer Pearson Packaging Systems uses SaaS for CRM and sales force automation. President and CEO Michael Senske says he doesn't feel like the company has given up control of its software. Rather, SaaS has freed Pearson from software maintenance. "We don't physically have control of any hardware, but upgrades and infrastructure are taken care of for us. It's on a more stable, more current platform -- probably better than anything we would be maintaining ourselves. We can focus on functionality. From our perspective, we don't miss it at all."

Sonoco Products Co., an industrial and consumer packaging provider with $4 billion in sales, manages relationships with about 18,000 suppliers. "We really didn't want to bring them all into our network," explains Jennifer Roberts, supply systems manager at Hartsville, S.C.-based Sonoco. The business unit uses SaaS for its supply chain management software.

"For us, it was relinquishing the control for people coming into our system," Roberts explains. It also freed her from the need to deal with other problems, such as full disks and software patches. "Around here, applying a patch takes forever. With SaaS, someone else manages all that extra stuff," she says.

At H.B. Fuller, the move to SaaS for human resources tools allowed the company to empower its people. "I can do a reorganization and have it reflected within minutes, and I don't have to call someone in HR to update everything," John says. "I can also pull up other people's organization charts and see where they are and what they're doing and better understand the organization."

When it comes to managing SaaS, neither the IT department nor the business unit using the software should be eager to relinquish control.

"The buying decisions are shifting from IT to the business leaders," who often opt to charge the software as an expense rather than wait for approval through the capital budget committee, Wang says. Still, he adds, "it's very important to engage IT in these SaaS decisions because there are overall IT architectures and blueprints to consider." It becomes very costly when applications don't integrate or interoperate well with one another.

"It's good to at least have some parameters and policies in place so that people understand what type of apps will work better within the environment, what will be cheaper to share information and data with," says Wang.

Mitigating Other Control Risks

One of the problems with SaaS is that if your vendor were to go bankrupt, everything would shut down. You don't own the software. It's on lease. The question is, what do you own? If the vendor doesn't have a separate on-premises deployment option, "you need the ability to take out transactional data, master file information, any kind of migration programs, just in case, so you can convert it to an on-premises alternative if they were to go down," Wang says.

In the long term, Wang envisions an IT culture where software as a service is commonplace. "We may live in a world where everything is provisioned. All our applications don't stay on premises, and business leaders are out procuring applications," he says. "IT teams are testing them to make sure they work well in the environment and there are no bugs or viruses [and] things integrate well, and basically [the IT staff] will spend a lot of time provisioning services and implementing, integrating, doing installs. That's where we envision the market in 2020."