Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Five critical outsourcing considerations for SaaS and cloud services

Organizations are increasingly moving towards the use of SaaS and cloud services to meet their needs. But what outsourcing considerations should they be taking before leveraging these services?

Before adopting any kind of service, IT departments need to take many factors carefully into consideration. Cloud...

and SaaS offerings are no different. But what are the key considerations unique to cloud and SaaS that organizations will have to take?

In this piece, Steve Weissman examines those considerations -- and points out that the traditional "outsourcing" considerations very much apply when making decisions regarding cloud and SaaS services.

Not sure you have the in-house skills to construct your own technology platform? Lacking the budget to acquire something off-the-shelf? Then why not benefit from someone else's expertise while simultaneously chopping the cost into more bite-sized chunks?

That right there is the high-level rationale to avail yourself of a SaaS offering, many of which are tagged with the sexy label of "the cloud." Personally, I dislike all the hype that so often surrounds them because it distracts from the business issues that underlie what essentially is a decision to either build, buy or rent the capabilities you need. But there is a flame of value behind the smoke of marketeering, and it actually isn't a new one.

The model behind the madness is our old friend outsourcing, which in recent years came to be a political dirty word but is still very much part of the technology landscape. So let's take a few minutes to articulate some of the more significant factors to consider when deciding whether or not to move to SaaS and/or the cloud either wholly or in part.


The first of these speaks to what caused you to consider such a move in the first place. In a recent working group that I was privileged to facilitate, participants boiled their catalysts down to either broken processes or 'bent' technology -- ways of working that have long since lost their efficiency, or electronic tools that still function but can no longer pull their weight.

In most cases, these two are self-reinforcing. Perhaps the process would still flow effectively if the underlying technology had more horsepower, or maybe the technology would perform better if it were better matched to the process needs. Either way, making wholesale changes to either can be daunting -- especially if the applications and servers need upgrading or replacing -- so there's a compelling case to be made to leverage somebody else's work instead.


How compelling this case is depends upon just how complex your situation is. Are your processes relatively isolated and straightforward, or do they overlap and intertwine? Are the systems that power them largely homogeneous, or do they represent multiple versions and/or multiple vendors? Do these systems play well with others, or do they stand alone? Are they easy enough for most people to use without becoming irritated?

These questions are important to ask even if SaaS/cloud isn't on your radar because the answers go far toward dictating how agile your organization can be to meet new or changing market conditions. The answers also will tell you a lot about the skills sets your people need to have to manage/maintain/expand your infrastructure -- and help determine whether you should hire or rent the expertise you need to fill any gaps.


Corporate culture often is a major contributor to which way the decision falls, and extant philosophies generally hold either that "we can't trust anyone who doesn't work for us" (thumbs down to SaaS/the cloud) or "we aren't in the technology business and don't want to be distracted by such things" (thumbs up).

We've found that resistance to the idea often is generational, in that more senior (i.e., older) executives worry that they'll lose all control if the required staff isn't on their direct payroll, and security will go to pieces if their data lives behind somebody else's firewall. The irony, of course, is that their information may be better managed and more secure in the cloud than in their own, old home-grown systems, but demonstrating this is true can be a real challenge.

Compliance Support

Whatever your situation, it's important to remember that while the promotional material may not be false, there are serious business discussions that must take place before a SaaS/cloud strategy is embarked upon.

While security is a big deal -- "table stakes," a client recently termed it -- compliance support too often isn't, and important questions must be asked in this regard before any kind of service-level agreement is signed. For instance, will your provider honor your records retention policies by deleting affected data from the disaster recovery back-ups it makes every day/week/month? If you are sued for a privacy violation, will you be able to name your provider as a co-defendant since it actually tends to the data?

These are questions that your compliance people are well familiar with, and if the terms of your SLA do not align with your requirements, then you may be setting yourself up for trouble down the line. Remember this any time you're tempted to subscribe to a service by simply entering a credit card number and clicking "accept," for your terms there will be the same as everybody else's, even though their compliance needs probably are not.


This last consideration often is the first, though I am not convinced that money spent/money saved should always win in the end. (For instance, business agility to achieve or maintain a competitive advantage is one common reason other than cost control to invest in SaaS/cloud solutions.) At some point, though, every organization pondering the options needs to break out the calculator to understand just what the budget implications are.

Obvious areas of potential savings include software licensing, systems maintenance, and IT-related labor -- and for many, being able to account for a service as an operating expense (rather than as computing's more traditional capital expense) tips the scale because of the fiscal flexibility it can afford. These all need to be weighed against the hard costs of your service subscription and the migration of your data to the SaaS/cloud offering, and the soft costs associated with complexity, culture, and compliance as noted above.

Whatever your situation, it's important to remember that while the promotional material may not be false, there are serious business discussions that must take place before a SaaS/cloud strategy is embarked upon. The good news is that since such services effectively are nothing more than modern-day outsourcing options, there is much history to draw upon in terms of decision criteria. Just be sure you don't lose it in all the hype.

Next Steps

Discover key questions to ask cloud and SaaS providers

Learn about SaaS financial management applications

Weigh the pros and cons of on-premises vs. SaaS

Learn about transitioning legacy software to SaaS without losing functionality

This was last published in July 2015

Dig Deeper on Cloud and iBPM

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What are the biggest challenges with cloud SaaS services?
There are good answers to the question if “security will go to pieces if their data lives behind somebody else's firewall.” Gartner released the report “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data” in June 2015 that highlighted key challenges as “cloud increases the risks of noncompliance through unapproved access and data breach.”

The report recommended CIOs and CISOs to address data residency and compliance issues by “applying encryption or tokenization,” and to also “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys.”

Another recent Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.

Ulf Mattsson, CTO Protegrity
Thanks for mentioning the Gartner reports, UlfMattsson. I'll have to check them out.