Getting SaaS up to scratch with SLAs
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
Get the latest news from Computerworld delivered via email.
Sign up now
As software-as-a-service (SaaS) adoption rises, managers mustn't overlook a key issue when selecting a web-hosted applications suite: a service-level agreement.
SLAs bind the SaaS provider to meet specified levels of service. An SLA can address various aspects of the service, such as application uptime and performance, as well as data security, backup, recovery and integrity. The SLA outlines penalties — often in the form of credits — if certain standards aren't met.
An SLA is of particular importance for a hosted application, since in that case, the customer is giving up control over the software and thus has little or no power to fix problems that arise on the SaaS vendor's end.
In other words, a manager must make sure that a selected SaaS vendor can provide the level of reliable service the company needs. "IT [and business] managers need to understand the consequences for their operations if there's a problem. [They should] determine what downtime they can tolerate and compare that with what the vendor is offering," says Eric Maiwald, a Burton Group analyst.
Unfortunately, SLAs are far from prevalent among SaaS vendors — and when offered, the standard agreements typically are thin and limited. "For the most part, SLAs haven't been in place for the broad cross-section of SaaS [offerings] currently available," says Jeff Kaplan, a ThinkStrategies analyst.
For example, the Google Apps Premier Edition suite contains an availability guarantee only for its Gmail portion (for 99.9% uptime) and offers no commitment for the other components, which include word processing, spreadsheet and presentation software.
"It would be comforting to have an SLA that covered the entire suite," says Mark Harrison, founding partner of Abraham Harrison, a provider of online marketing services.
Abraham Harrison has been using Google Apps Premier Edition for about a year, and the uptime of its hosted applications and services, though not 100%, has been excellent, according to Harrison.
Still, should a significant Google Apps outage occur, it certainly would impact the company, which is highly dependent on the suite. The company chose Google Apps in order to give its geographically dispersed staff an array of software to use for communication and collaboration. In addition to the suite's productivity applications, the company also uses Google Talk instant messenger and Gmail for email. The company's 22 employees, located in six countries and four continents, operate in 14 different time zones, and since most of their work is collaborative, Google Apps — which lets users jointly edit documents located on a central server — was a better alternative than emailing Microsoft Office documents back and forth.
That Harrison would feel more at ease with an SLA is telling. His company isn't an ordinary Google Apps customer; the Google Apps team has singled it out as a model small business whose feedback it regularly seeks. As a result, Harrison is in close contact with the Google Apps team.
What should a business manager look for in a service level agreement? The most basic item should be an uptime commitment for application availability, ideally 99.9% of the time or above. It should also address planned maintenance downtime, which, if too frequent, can become bigger burdens on customers than accidental outages.
When negotiating, ask whether the SaaS vendor owns its own datacentres or whether it depends on a partner, and be sure to investigate who the partner is and the extent of its infrastructure. Also verify that the SaaS vendor has key certifications, such as the SAS 70 Type II audit.
The SLA should address performance, as well, because an application that is extremely slow will affect a company's operations. It's also a good idea to include provisions for the data created with the applications and to put in writing what responsibility the vendor will assume for data that is lost, corrupted, or stolen, along with statements about the vendor's data security measures and data backup and recovery services.
ThinkStrategies' Kaplan recommends assuming the worst — that the vendor may go out of business altogether. To protect against that eventuality, customers can request that the vendor bring in a third-party "escrow" provider that will, for example, house the applications source code and data, in case the SaaS vendor goes under.
Managers need to remember, too, that they must be proactive in securing a satisfying SLA, because SaaS vendors are understandably reluctant to volunteer generous service guarantees. Many elements outside of a SaaS vendor's control can interfere with the performance of its applications and with the integrity of data. Such external factors can include interference from security software on users' PCs, problems with the customer's local network, ISP issues, and structural internet hiccups.
"Every provider will write an SLA, especially if you ask them, but it's going to cover things that they can control," Burton Group's Maiwald says.
Still, industry experts agree that, little by little, both buyers and SaaS vendors are recognising the importance of SLAs, so managers should find securing them progressively easier.
Help is coming indirectly by way of large enterprises, which initially limited their SaaS deployments to small groups and individual departments but are now extending their rollouts, sometimes company-wide, says Forrester analyst Liz Herbert.
As vendors — such as Google, with its Apps Premier — set their sights on the enterprise market, they are hearing the message that feeble SLAs won't cut it there, says Eric Berridge, co-founder of Bluewolf, which provides consulting services to large companies adopting hosted applications.
"Google is probably 12 to 24 months away from being considered an enterprise play with Apps. They need to work on the SLA piece," Berridge says, adding that the suite's SLA must be extended beyond Gmail for enterprise acceptance.
SaaS applications have so far been used for important processes — including office productivity, email, customer relationship management, project management, and human resources operations — but they're not as common in operations in which downtime is deadly, such as back-end stock-trading systems and real-time point-of-sales transactions. When SaaS gains more traction in that critical application area, robust SLAs will follow. "When we get to that point in the SaaS market, you'll see a whole new type of SLA emerge," Berridge says.
Those and other factors will move the SaaS market toward stronger SLAs. "It's going to be an evolutionary process, driven a lot by customer demand, competitive pressures, and the specific nature of applications and their target audience," ThinkStrategies' Kaplan says.
Already, some SaaS vendors are adopting aggressive SLA postures. Mailtrust, which provides hosted email primarily for small businesses, offers a 100% uptime guarantee. "We want to make it known to our customers that downtime is just not acceptable," says President Pat Matthews.
Mailtrust, which is backed by parent company Rackspace, a managed hosting specialist, also doesn't lock customers into long-term contracts, but rather renews the engagements on a monthly basis. Thus, dissatisfied customers can walk at any time, with no penalties.
In addition, Mailtrust has invested in troubleshooting and diagnostic tools so that it can help customers identify problems, even if they aren't on Mailtrust's end, something that Matthews says customers appreciate. "We embrace that [troubleshooting] part of our business, and we work really hard to make sure we don't get in the habit of blaming customers or third parties," he says. Mailtrust's uptime stands at 99.997%, according to RealMetrics.com.
Meanwhile, OpSource, which provides services to software makers of all sizes that want to deliver their applications over the internet as SaaS, also offers 100% uptime for its servers and for the availability and performance of its customers' applications in its OpSource OnDemand service, says chief marketing officer Richard Dym. "We made the decision that it made sense not to fool around," says Dym, whose company's clients include BMC and Business Objects.
Dym also sees a broader shift in the SaaS market toward stronger SLAs. "With SaaS, the SLA concept is now making inroads into the delivery of software over the web," he says.