SaaS realities

What's holding users back? Potential security risks and a loss of IT control topped the list of perceived barriers to SaaS adoption. With so much trepidation in the air, Computerworld decided to get the real scoop, so we interviewed six executives who have tackled SaaS projects.

What has been the greatest benefit from your use of SaaS?

Ken Harris, Shaklee Corp.: "The first, far and away, is the ability to get solutions up quickly. You don't have to build out an infrastructure or expand your IT staff."

Kevin Raybon, NEC Unified Solutions Inc.: "I call it value control. When I have features and functions that need to be developed, I can roll them out and keep moving. I'm not in the IT department. With IT, there is always a big-bang initiative that lasts about 18 months, and the pace of our business does not lend itself to that."

Daniel Flax, Cowen and Co.: "The ability to deliver services to a worldwide audience."

Daniel Wakeman, Educational Testing Service: "The key benefits are speed and the lack of capital investment."

Kevin Harding, Imagine: "It's being able to get more information out to more people. Managers can get real-time financial information on their departments." The predecessor in-house financial system gave only monthly reports, he says.

Is security an issue?

Flax: "Security certainly is a potential problem, and anyone who says no is not being realistic. We vet our potential vendors very carefully, and we get our audit and compliance people involved as well."

Daniel Chiazza, Harris Interactive Inc.: "Salesforce.com had a big scare with phishing recently. So they basically took a listing of all the IP addresses that access our applications -- where our users are, where they log in from -- and put that in a whitelist. They were very quick to react."

Quicker than an internal IT department might have been?

Chiazza: "Yes, it can take forever to turn something around internally."

Wakeman: It's a "huge shortcoming" that SaaS vendors do not embrace "federated identity management" standards allowing centralized identification and validation of users via a single sign-on process, he says. "We have to manage the identities of our employees at multiple SaaS providers. We can't say that this employee has terminated and automatically shut him off from all the systems he has access to."

Raybon: "There are two ways to handle security. First, have strong contracts that hold people accountable should something happen. Second, we put information about processes in the cloud, but we keep all our proprietary corporate data back in our system of record. I keep track of sales opportunities in [Oracle CRM] On Demand, but once it turns into an order with credit information, that stays inside."

Is loss of IT control a concern?

Harding: "It's kind of a double-edged sword. Yeah, it's not my baby anymore, but I also don't have to worry about it. The only downside has been when they roll out upgrades. We do have the ability to test, and we do test, but sometimes the upgrade breaks things. So when we see an upgrade coming, we just plan on having some problems for the next week."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.