Analyst Report Advocates for Cloud, Saas Buyers' 'bill of Rights'

The report from Constellation Research lays out what the ground rules for SaaS vendors should be

By Chris Kanaracus
Mon, November 12, 2012

IDG News Service (Boston Bureau) — With SaaS (software as a service) having become a preferred deployment model for new software purchases, customers should be entitled to a clear-cut set of rights and expectations from vendors, a new report from analyst firm Constellation Research argues.

Despite a perception of SaaS being easy to acquire, cloud contracts require all the rigor and due diligence of on-premise licensed software, analyst Ray Wang [cq] wrote in the report.

"CIO's, CMO's, [line-of-business] execs, procurement managers, and other organizational leads should ensure that the mistakes they made in on-premises licensed software aren't blindly carried over," Wang wrote.

Current conditions make it all too easy for that to happen, with some 81 percent of new enterprise software license sales offering customers a cloud deployment option, the report states.

Vendor lock-in, always a specter of the on-premises licensing world, is just as scary and maybe more so with SaaS, according to the report. For one, SaaS is leased and not sold via perpetual license, limiting users' rights and control, the report states.

And while customers keep control of their data, it's expensive and difficult to switch cloud providers due to differences in architecture, metadata models and other factors, according to the report.

Third, "vendors currently eager for business may grow fat and lazy," moving away from today's "customer-friendly policies," it adds.

Meanwhile, SaaS' many benefits, such as quicker implementations, easier upgrades and more frequent product improvements stand to "trump potential fear of vendor lock-in," the report states.

Overall, SaaS customers should expect vendors to provide benefits and enact policies that fall into a number of key areas, according to the report.

One is general customer experience. "Customers should expect the management team's commitment and accountability for customer success," it states. "Product and sales accountability should be tied to specific individuals and customer satisfaction should be tied to compensation metrics."

Customers should also be kept abreast of major shifts and changes to product road maps, pricing models and personnel, according to the report.

Customers also "should not have to fight for access to their own data"; should be given an ongoing and clear sense of a vendor's financial health; must be given the opportunity to try out software before buying it; should receive pricing and discounting metrics up-front; and be provided with a one to two-year long product road map, according to the report.

Moreover, SaaS vendors must be helpful to customers when they want to move to another product, whether by providing "necessary transition tools" such as temporary hosting and data migration, or allowing customers to purchase the source code, the report states.

In a recent interview, one IT professional whose company uses SaaS heavily offered some additional perspectives on the sort of rights SaaS customers should have.

One is "what we call a security or breach notification," said Ken Stineman, senior director of enterprise architecture and security at Genomic Health, which develops diagnostic tests for cancer. "We require within 48 hours that if they have a failure or lose our data, that they notify us. That's been tough to negotiate but it's required of almost all of our SaaS vendors."

Genomic also requires "evidence of ongoing security due diligence," such as access to SaaS vendors' vulnerability reports and the right to run automated tests against their services, he said.

The company has more than 20 SaaS applications, and is using a tool called Okta to manage employee access to them.

Beyond bringing in such tools to help governance efforts, Genomic has been tweaking some of its previous SaaS contracts, which may have been negotiated by a business department without much involvement from IT, in order to get the rights and protections it desires, Stineman said.

Constellation Research's Wang released a similar bill of rights report in 2009. The changes since then in the SaaS industry have been significant, he said in an interview.

"The buyers have gone from the departmental, swipe-and-buy as the primary pool to now large corporate deals," he said. "So these rights now have to be enterprise-class, meet procurement team requirements and of course new legal scrutiny."

"The small quick deals are still there that you can sign with a terms of service [agreement,]" he added. "But because most delivery is moving into the cloud, we're seeing new complexity evolve."

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com

Our Commenting Policies