Tough Questions to ask Your SaaS Vendor

Smart Company – An Australian online business magazine ran an interesting story today about the proliferation of software-as-a-service vendors and the attraction of this model for SME’s.

Whilst this isn’t news, Michael’s story delved into the important issues surrounding the need to ensure your SaaS vendor has the right infrastructure, expertise, and security in place to protect your business data.

Ask questions and review the provider’s written policies. Your questions should cover the:

• Type of facilities and security arrangements in place – reputation and history are important.
• Infrastructure and virus protection used.
• Backup procedures and storage – think business continuity planning.
• Privacy policies.
• Level of data encryption to protect website transactions.
• Hardware and power redundancy.
• Qualifications of operations staff.
• Hours and procedures of site monitoring.

I think Michael only addressed half the issue. In reality customers need to also examine what contracts and legal terms are in place to govern data ownership. As we’ve seen in the US this year, when SaaS vendors go bust it gets very ugly very quickly for customers.

So whilst your data might be secure what are you going to do if the service is shut off by the Administrators?

Customers need to be asking questions including:

1. Do you have clear ownership of your data AND the right to demand your data from the vendor or whomever is in control of the vendor if the service is shut down for a period of more than X hours?
2. What recourse do you have to get your data in a timely manner?
3. Is the vendor obliged to warn you in advance of a likely shut down of the service?

Now let’s take that a step further.

Data is one thing, but what about the customisations you have built into the SaaS solution? The sales reports, the sales process, the email templates, your marketing campaigns, your business dashboards, knowledge base, quote templates, and document library – do you see the broader issue? Yep, the data’s secure but we’re screwed as we can’t get it and nor can we get our customisations.

So whilst it’s important to ensure the vendor has a proper data centre and knows what they are doing you need to ask a lot more questions and be prepared to put the vendor under a pretty harsh spotlight. Your ability to operate your business depends on it. The worst case scenario is you pay a premium to get your data back and are then faced with having to implement a new CRM system – more implementation cost, more training cost, more unproductive hours.

These types of issues are why we chose to partner with SugarCRM as the core CRM platform that we recommend for our customers. No other vendor in the CRM space provides customers with the options and peace of mind as SugarCRM.

Here’s why two key reasons why I make that statement:

1. SugarCRM can be deployed on your own infrastructure, Sugar’s Cloud, or a hosting partner of your choice
2. If you choose a hosting provider it’s a very simple process for them to extract the system structure and send this to you so that you also have a back up of the CRM system – in addition to the system data.

This is peace of mind. This is SugarCRM putting control in your hands.

Social Media Policy – Telstra Tries Hard

Telstra announced today the release of its social media policy. Given they’ve been in the Twitter space for a while I was surprised it took them this long to get a policy in place. Whilst it’s good to see a large Australian company formalising how they participate and the obligations upon its staff, aspects of the policy seem somewhat draconian.

Several aspects of the policy (as reported by Smart Company) puzzled me.

Firstly, Telstra employees need to undertake accreditation – or social media training. This seems like a fair request given Telstra probably uses this training to set expectations, reinforce the strategic objectives, ensure the right skills are in place (i.e. can the person spell…)

But after an employee has been accredited:

Employees will also need authorisation from their department head and the company’s public policy staff.

I’m not sure how effective this is going to be in the long run. Does this mean a Telstra employee running an official Twitter account needs to get approval from two layers of management before they can reply to a Tweet? I get the impression that whilst Telstra wants to convey the impression that they are progressive in reality it would seem they don’t trust their staff to be prudent and responsible.This flies in the face of how other large corporations (like IBM, Microsoft, US Air Force) set and manage their social media policies.

I guess this is more evidence of the fallout from the Fake Stephen Conroy saga that Telstra found itself in the middle of.

Will Government in Australia ever get Social Media?

Smart Company had an interesting story yesterday about the brains trust at StateRail of NSW working hard to crush innovation.

This story amazes me.

The idea that a Government department would seek to crush someone trying to help them do their job is just stunning.

Why wouldn’t they engage this person and seek to exchange ideas? Who cares if they are building their own mobile app? (a) it’ll suck anyway, and (b) what’s wrong with choice?