Originally posted on on the e-Sourcing Forum [WayBackMachine] on Saturday, 24 June 2006

Yesterday we discussed the considerable benefits of on-demand software which delivers functionality over the Internet from an application instance that may be shared across many clients, the increasing adoption rates, and the overwhelming benefits that were discovered by Aberdeen Research in a study released earlier this year. We also pointed out that there still remain some naysayers with a much darker view of the model who have done nothing but offer up a myriad of critiques. (I should note that many of these naysayers are also sellers of traditional enterprise software packages who get huge commissions with every sale and have every reason not to like a new model that slashes prices which used to fatten their bank accounts.)

However, since I would personally question any promoter of on-demand software who fails to address each and every potential concern brought forward, here is the long list of concerns that I have found and the associated truths that should set your mind at ease.

( 1) Your Data is Not Secure (especially in a multi-tenant model)

I think PepsiCo’s CTO said it best: “Our data is probably safer behind [the provider’s] firewall than behind our own”. IT is your provider’s business, and the security of their data and yours is their utmost concern. Not only will they have developers on staff with security expertise, but many work with leading security firms who will conduct regular audits and monitor your provider’s domain(s) for external assaults, stopping them before they even get to the firewall.

( 2) You cannot guarantee reliability

Aberdeen’s recent study found that even in areas such as system uptime and application response time, more enterprises reported that these solutions out-performed traditional enterprise applications run by their internal IT department or a third party ASP. Remember, your uptime is your on-demand provider’s business. Since you can leave if you’re not happy, they tend to be much more responsive then your IT department whose jobs are a lot less dependent on the up-time of any single application.

( 3) You cannot manage your own data

It is true that you have less control over how it is distributed across the database instances, but it is also true that you do not want this control. Unless you are a database expert, you will not know how best to partition your data for maximum performance. Furthermore, as we discussed yesterday, chances are your provider is much better at backing up your data for quick recovery than your internal IT department.

( 4) New on-demand offerings lack functionality

Opponents state that many on-demand offerings only have 70% to 80% of the functionality offered by their traditional behind-the-firewall installed applications. I will concede this point, but then remind you that most organizations use less then 50% of the functionality offered by most applications. Therefore, these offerings are still offering you an average of 33% to 50% more functionality then you will actually use, so this is a moot point.

( 5) You have no control in a disaster

True, but this is not something you want. When a disaster happens, you want someone to clean up the mess for you. And more importantly, you want someone who is prepared. For a software-as-a-service provider, application uptime is their core-business, downtime will kill them. If you are a manufacturer, this isn’t nearly as true and chances are your IT department is so swamped that they haven’t even thought about disaster recovery recently while most on-demand vendors will have detailed plans that they will run through and up-date on a regular basis.

( 6) A vendor can afford to be sloppy

Providers of traditional software argue that because on-demand software providers always have immediate access to their software, they can afford to be sloppy and roll out upgrades without a lot of quality testing, adopting the “if something happens, we’ll just fix it later” attitude. In fact, the opposite is true. Since most on-demand providers use a multi-tenant model where all customers are on the same instance, a single bug, no matter how minor, could bring down all of their instances, and customers, simultaneously! In contrast, even a bug in a commonly used feature will generally not affect more then a small number of customers in an enterprise software provider’s user base. Thus, on-demand providers are generally much more diligent and thorough when preparing to roll out upgrades or modifications. After all, if they go down, chances are every customer is going to be calling in within an hour wanting to know what’s going on – and no one wants to be around when that happens.

( 7) Upgrades are forced upon you

I’ll concede this as a truth as well, but would like to know why this is bad? On-demand providers understand that the last thing their customers want is the rug to be pulled out from underneath their feet and take great pains to minimize the impact on what’s already there when planning an upgrade. Often the net effect is that if you do not look for it or read the upgrade announcement, you might not even know a new feature is there. I like to compare the free upgrades to your cable company deciding to offer you more channels for free (even though I know this would never happen in reality, or at least not with my cable company). You wouldn’t be forced to watch them, but if you wanted to, you could. What would be wrong with that? Compare this to traditional enterprise software providers who think nothing of rearranging the entire interface between releases and forcing you to relearn the entire product, just because they thought the new interface was better. (Something even Microsoft is guilty of. Last time I upgraded Word, half of the few features I actually used weren’t where they used to be.)

( 8 ) Because they have your data, they lock you in

In these situations, I think the author is confusing old-school ASP with new-wave on-demand. Any true on-demand application is going to come with good data import and export utilities. Furthermore, you can verify up front that you can export your complete database at any time and most vendors will even allow you to build export support upon termination into the contract. (They might charge a small service fee for their representative’s time, but nothing compared to what your application integrator would probably charge.)

( 9) You lose the ability to customize the application any way you like

This is partially true, but again, this is not a bad thing. Name something you rely on everyday whose inner workings you do not fundamentally understand that you would honestly risk attempting a major customization on. If you were not a professional mechanic, would you risk rearranging the internals of your engine? If you were not a certified electrician, would you risk re-wiring your primary panel? Software is just as complicated, and extensive customization is best left to those that understand the inner workings.

Furthermore, nothing prevents a multi-tenant on-demand instance from being downgraded to a single-tenant instance on its own (set of) server(s), at which point, you or the on-demand provider can customize it to the nth degree. Most providers will happily give you a single-tenant instance if you do not mind covering the extra costs (which are probably still substantially less then traditional ASP rates), and many will do customized development if you are willing to cover the costs. Some will even sell you a license to customize and deploy the instance behind your own firewall if you so choose, but then you lose some of the on-demand advantages, and the advantage of having someone else administer and maintain the application in particular.

Finally, many on-demand solutions are built from the ground up to support a basic amount of customization capability on the UI and workflow so that the application can be configured to each customer.

(10) You risk losing everything if the provider goes belly up

This is probably the only real viable concern I’ve ever heard, but this risk is not unique to on-demand software. This inherent risk is always present when using a third party for any service, and you always deal with it in the same way – you have a back-up plan.

If your data is important, make sure you know how to do a full export and have someone do it on a regular basis. If your data base is very large, contract with the on-demand provider to do a full-export to tape on a regular basis for you and have that provider either send the tape to you or to a 3rd party storage facility.

If the software is important, look for a provider with an escrow agreement where their customer’s get a license to the source code and installation manuals should they ever go out of business. Then you could always have your IT department run the application internally until you found another provider. But if you choose a stable provider who is growing, chances are this is not a big risk.

(11) Where are the SLAs

I really do not know where this concern came from. Most serious on-demand software providers these days offer SLAs, and some to five nines reliability. What more do you want?

(12) Where are the value added services

Most traditional software providers argue that their offerings have more value because they often bundle a slew of value added services, such as consulting time, services, and free access to resource libraries as compared to on-demand offerings which often just offer the software. This is true, but it is also true that traditional offerings cost 5X to 10X as much. Let’s repeat that: 5X to 10X as much! With those profit margins, they can afford to throw in a consultant or two – they’re still making obscene amounts of money.
Therefore, this isn’t a fair question as the comparison is not fair. Traditional services build in a cost for every possible service you might use, even though they know most of their clients will not use most of the services. On-Demand providers charge you a minimal fee based on what you say you will use. Most providers will offer additional value added services that complement their counterparts for a small fee. Furthermore, when you add up the total cost from the on-demand provider for every possible service and compare that to the traditional enterprise price tag, you will still find that on-demand providers are still at least 3X cheaper when you consider what you actually will use.

(13) You don’t have control

As you’ve probably figured out by now, this isn’t true. They control the software, but you still own your data, and, more importantly, you have the leverage. If their service sucks, you can leave. If too many customers leave, they’ll go out of business. You have control, and don’t let anyone fool you into thinking otherwise.

And it’s only going to get better. Stay tuned!