An interesting post on RWW this morning asks whether Facebook for business use is really going to happen. Josh correctly points out that Facebook is already being used by business operatives, they’re just using it for their personal networks rather than business ones. Josh went on to point out that the biggest barriers to business use of Facebook are the concerns around productivity drain, and the security issues.

These thoughts (and my attendance at an ICT Outsourcing conference) got me thinking more widely about security in an outsourcing situation.

I heard today an example of an outsourcing situation gone wrong. Seems a hospital in the US outsourced its transcription requirements to a US outsourcing company. That company then sub-contracted the grunt work to an Indian company. When an argument around debt occurred, the sub contractor started to release confidential patient records in order to coerce the customer into paying some money.

It’s a sort of funny/sort of scary example, and points out the fact that enterprise does have some valid concerns around outsourcing in general (and SaaS in particular).

The biggest challenge around SaaS uptake in enterprise (actually there’s a few but one of the biggest) is around risk management and governance. The problem until now has been that SaaS has been seen as a small business solution. Small businesses generally don’t require the same sort of certification and security SLAs that big business requires. For example what real legal agreements are in place between clients and SaaS vendors such as SaaSu, Xero, PlanHQ etc etc?

It’s a big area of challenge for SaaS vendors and possibly one where a third party can offer them some value. In the same way that Apprenda and Force.com are providing development as a service/hosting as a service, perhaps they could also provide some guidance around development of sufficiently robust SLAs and security protocols.

What do you think – is security a real concern or will big business just get more flexible as time goes on?

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

2 Comments
  • The biggest challenge around SaaS uptake in enterprise (actually there’s a few but one of the biggest) is around risk management and governance. – I disagree. These are merely (!) issues to overcome just like any other product – if SharePoint “looses” all it’s data (as has happened on a small scale) what legal agreements are in place to safe guard the organisation? What if your Oracle database throws a wobbly, what is the legal ramifications. The fact the product isn’t installed on the organisations network shouldn’t make any difference

    I think the biggest challenge is that SaaS lives in the “cloud”. Living in the cloud means being inherently connected with the walls of the organisation no longer having a “protective feel”. That is a mind shift (not just an “issue”) and that’s the biggest hurdle that SaaS/Web2.0/Enterprise2.0 vendors are having to overcome.

    And the biggest weapon in their arsenal – consumers of their products are taking the fight into the enterprise for them.

    This diagram (http://i6.photobucket.com/albums/y211/miramarmike/Enterprise%202%20NZ%20Style/howdoconsumerandenterpriseproductsd.png) goes a little way for me to explain the shift …

  • Our observation has been that, at this point, large companies and government agencies use SaaS for collaboration with external offices and customers. Not for storage of mission critical data. There are certifications etc that SaaS companies could, and should, achieve that will provide a level of comfort as to the safety and security of customer data like SAS70 Type II.

    Ultimately, as these large organizations become more comfortable with the technology the adoption for the operational folks and the mission critical data will follow.

    Kevin Doherty
    PHASE 2 International
    http://www.phase2int.com

Leave a Reply