Sia Partners Insights when Considering a SaaS Solution
- 1. INSIGHT MAY 2019 CONSIDERATIONS BEFORE INVESTING IN A SaaS SOLUTION A Best Practices Guide to Selecting a SaaS Software Vendor
- 2. 2 Is your company looking to employ new software, or to decommission old in-house systems? Evaluating vendors and selecting software with functionalities that most closely meet your business requirements can be a significant undertaking. When presented with this task, companies are increasingly starting to consider cloud-based SaaS solutions due to the benefits SaaS provides, such as the ease of implementation, increased accessibility, minimal maintenance, and reduced costs. In this paper, we will discuss best practices for selecting a SaaS product and provide key considerations before investing in a solution. Cloud Delivery Options There are two primary delivery options within a SaaS model. These options include deploying resources within a Private or Public Cloud. Public Cloud In a Public Cloud model or “SaaS Multi-Tenant,” the provider hosts resources such as servers and databases on an infrastructure shared with multiple customers. Almost all public clouds employ a multi-tenancy model, which allows multiple users to use the same servers and database. Logical controls prevent data from comingling. Public clouds are cost-effective and low-maintenance solutions that are highly reliable due to the vendor’s ability to provide ongoing maintenance and updates. Multi-tenant solutions are easily configured, which make the upgrade processes quick and seamless. There also exist offerings known as “Hybrid Public Clouds”. In a hybrid public cloud model, there is only one tenant per database, but several tenants on the same instance. Private Cloud In a SaaS private cloud or “single-tenant” model, a cloud instance is dedicated to one organization. Compared to public clouds, they offer greater flexibility in terms of customization, as well as increased security, as data is not co- mingling in the same cloud instance. Ultimately, single-tenant solutions offer more enhanced control and as a result, are generally more expensive than public clouds. Therefore, they continue to remain the less popular option of the two. What is SaaS? Software as a Service (SaaS) is a cloud service model, in which a vendor leases software to a customer. In a SaaS model, users access services through the web. The vendor owns and manages the services in the cloud environment, including the software, databases, operating systems, IT infrastructure, operations and security. SaaS utilizes a “pay as you go” pricing model that offers customized and scalable price points and low set-up costs to customers. Unlike traditional software sold on a perpetual flat-rate license with a hefty up-front prepaid cost, SaaS fees are subscription- based. Therefore, customers only pay for what they use, which is a cost- effective method for many organizations. This pricing design is similar to that of Tesla, media streaming providers, and smartphone contracts, as the subscriptions are tailored and scaled to the individual user.
- 3. 3 Infrastructure as a Service (IaaS) Along with SaaS, another popular cloud option is the Infrastructure as a Service (IaaS) model. In an IaaS model, customers rent infrastructure from a vendor. The vendor owns the servers, and the customer manages the servers remotely. Similar to a SaaS model, services are delivered over the internet. Customers receive the benefit of storing data offsite without having to invest and physically maintain the equipment. Additionally, the IaaS provider is responsible for all infrastructure security elements, which are often more secure and less costly than on-site options. Companies with specific customization needs that are looking to employ a cloud solution tend to benefit significantly from IaaS solutions, as the customer still owns and manages the software. Key Considerations To Build, Customize, or Buy? Companies looking to implement a SaaS solution should first consider whether their business needs would require them to build, customize, or buy a new software. Customization involves the development of specific code to transform an application to fit a company’s needs (e.g., adding a new field, developing custom business rules). Configuration only involves adjusting parameters within an application (e.g., changing thresholds, adjusting labels, logos, importing data). Companies that have specific requirements that cannot be achieved by an already existing solution in the market may elect to build or customize their software. If your company decides on such an option, a SaaS product would not be a viable solution, as customers cannot customize rented software. However, even when customizing or building software is preferred, many companies still choose to buy software due to various reasons, which can include the following: Price constraints: Building software requires organizations to deploy many resources, which can be a costly endeavor. Additionally, customizable software is often more expensive than SaaS software. For this reason, SaaS solutions tend to be the preferred option when budget constraints come into play. Implementation target dates: Building and customizing software can be a lengthy process. If companies have strict implementation target dates, a SaaS solution may be more effective in meeting those deadlines. In general, SaaS software implementations are quick and efficient processes compared to its alternatives. IT Operations Strategy: In some cases, companies’ internal departments have mandates or strategies that favor SaaS solutions. These strategies could be due to a number of reasons including those described above. These department wide approaches take precedent in decision-making. Ultimately, if your company’s vision aligns with any of the above descriptions or if your organization determines that a specific SaaS software can add value to your business operations, then a SaaS solution may be worth considering further. Next, it is important to look at your company’s policies regarding data storage to confirm that SaaS remains a feasible option.
- 4. 4 What Can Be Stored in the Cloud? Given that data is hosted remotely and managed by a third party, it is crucial to consider the risks involved in storing data on the cloud. These risks stem from the public communication channels used between the host and client. These interactions travel through a public network and are not protected. To mitigate these risks, many SaaS vendors offer controls, such as encryption and two-factor authentication, as part of their support package. Another consideration when reviewing security requirements is to assess the location of vendor data centers. Your organization may be subject to varying regulatory restrictions depending on the vendor’s data center location. For example, companies that are subject to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) must ensure the security of Canadian citizen’s personal information. Although PIPEDA permits the transfer of Canadian information across borders, it is common for companies subject to this regulation to prohibit the storage of Canadian citizens’ data outside of the country as a safety measure for certifying compliance with the Act. Therefore, it is important to consider any potential storage restrictions, including those mandated by regulators and by your company through internal policies. As a best practice, before contacting vendors, you should discuss your company’s data and IT policies with security personnel at your organization. To assess the feasibility of storing data on the cloud, it is important to ask the following questions: What is the nature and sensitivity of the data in question? Is my organization subject to any specific regulations (e.g., GDPR, CCPA, PIPEDA)? Does my organization have any internal policies (e.g., data classification, cybersecurity policy) or contractual obligations that require the setup of certain controls (e.g., encryption, storage in a specific data center location)? What are the consequences of a possible security breach, and how will it affect my organization’s data? IT security policies differ from company to company, and it is essential to identify any restrictions set in place by your organization before beginning discussions with vendors. Although there are risks involved with storing data on the cloud, a vendor can generally mitigate those risks by implementing robust controls. Depending on your organization’s internal policies, specific security measures may be more important to meet than others. Therefore, we recommend identifying your company’s mandatory requirements, assessing their impact within the organization, and communicating that information to vendors as soon as your organization confirms them. Once you have a full understanding of the risks involved in storing data on the cloud and have confirmed that SaaS is the best method of deployment for your organization, then you are ready to begin the SaaS vendor selection process.
- 5. 5 Selection Process The process of selecting a vendor encompasses several steps and can vary depending on many factors. Below, we highlight key steps to consider during the selection process that can be effective regardless of the product or industry. Step 1: Define your Business Requirements One of the most important steps in the selection process is to understand all of your organization’s business requirements. This step should be a priority in your process and should be the first step executed. To ensure your understanding of your business requirements, we suggest that you ask the following questions: What is my organization’s target state? Will the new system interface with any existing or future systems in the target state? What are the mandatory requirements that the product must meet? Are there any requirements that would be nice to have, but are not necessary? We suggest that you outline all of the criteria that is necessary for vendors to meet and rate each criteria’s importance according to your organization’s priorities. It is helpful to write down these requirements in detail. If you decide to issue a Request for Proposal (“RFP”) during your selection process, these requirements should be included in the RFP questionnaire. The RFP should be tailored to your organization’s needs and when possible, should avoid generic questions that will not provide any insight regarding a vendor’s product capabilities. Step 2: Research the Vendor landscape It is important to conduct preliminary market research on the vendor landscape to ensure that you have a full overview of all relevant products offered in the market. This can help you narrow down your list of vendors to be contacted. We recommend that you generate a list of five vendors that meet your high-level requirements. Step 3: Assess Product Capabilities During the selection process, organizations typically employ two common methods to assess product capabilities. The first method, as mentioned above, is to distribute a questionnaire to vendors, allowing them to indicate which requirements they can or cannot meet. The second method is to organize a product demo with each vendor. Demos should be structured based on company requirements and can involve use cases to illustrate specific product functionalities and stay out of the generic “sales pitch demo.” It is important to invite all key stakeholders to these demos, as their feedback will be instrumental as you compare products. We suggest that you employ these two methods of analysis during your selection process. The questionnaire will provide an unbiased view of each product, while the demo will allow potential users to see the product interface and assess the user experience. Step 4: Compare Prices During an initial proposal, vendors may compute their solution costs using various assumptions. For example, certain contracts may include adjustments for inflation, differing
- 6. 6 implementation methodologies, or fixed fees. Solutions are often priced for the length of the agreement, which is typically 3-5 years. In order to compare solution prices, we suggest you build a model with similar assumptions for each vendor, which can include but are not limited to, users, modules, architecture setup, and implementation methodology. Additionally, it may be beneficial to consider how the cost will change once the contract ends. Therefore, if you decide to project the price for a more extended period, you should adjust for estimated cost increases, which will give you a more accurate model of comparison. Attention Points As mentioned throughout this paper, the selection process can be complex and present certain challenges. However, it is possible to avoid potential roadblocks by being aware of the attention points described below. Define the objective of the solution from the beginning. It is important to define your solution’s critical requirements and the purpose of your solution before starting the selection process. For example, some organizations may be replacing an existing system, and therefore, require the new system to have highly specific functionalities similar to the existing system that operate in a more efficient way. On the other hand, some organizations may be looking to employ a new system to replace manual processes. In this case, requirements may not be as specific. In some instances, organizations may be looking to replace in-house software that requires the implementation of more than one SaaS solution. In all of these scenarios, defining the purpose of the solution beforehand is critical in helping organizations build out requirements and assess the priority level of each requirement. Security is a critical element when choosing a SaaS provider. It is important to make sure that you have the appropriate conversations with your organization’s security team before starting the RFP process. If your organization has mandatory security requirements that are non-negotiable, it is critical that you communicate those requirements with the vendor and ensure that they have the desired capabilities before proceeding with any next steps in the selection process. You want to avoid the risk of shortlisting vendors with superior products that fail to meet your organization’s key security requirements.
- 7. 7 YOUR CONTACTS ABOUT SIA PARTNERS Sia Partners is a next generation consulting firm focused on delivering superior value and tangible results to its clients as they navigate the digital revolution. With over 1,400 consultants in 16 countries, we will generate an annual turnover of USD 280 million for the current fiscal year. Our global footprint and our expertise in more than 30 sectors and services allow us to enhance our clients' businesses worldwide. We guide their projects and initiatives in strategy, business transformation, IT & digital strategy, and Data Science. As the pioneer of Consulting 4.0, we develop consulting bots and integrate AI in our solutions. Abu Dhabi | Amsterdam | Brussels | Casablanca | Charlotte | Denver | Doha | Dubai | Frankfurt | Hamburg | Hong Kong | Houston | London | Luxembourg | Lyon | Milan | Montreal | Riyadh | Rome | Seattle | Singapore | Tokyo | Toronto | DANIEL H. CONNOR CEO US + 1 (862)-596-0649 [email protected] CYRIL SAYADA Supervising Senior Consultant + 1 (929) 363-9791 [email protected] Follow us on LinkedIn and Twitter @SiaPartners For more Information: www.sia-partners.com LIANA MARZANO Senior Consultant +1 (732) 403-4167 [email protected] Copyright © 2019 Sia Partners. Any use of this material without specific permission of Sia Partners is strictly prohibited.