An interesting post on RWW this morning asks whether Facebook for business use is really going to happen. Josh correctly points out that Facebook is already being used by business operatives, they’re just using it for their personal networks rather than business ones. Josh went on to point out that the biggest barriers to business use of Facebook are the concerns around productivity drain, and the security issues.
These thoughts (and my attendance at an ICT Outsourcing conference) got me thinking more widely about security in an outsourcing situation.
I heard today an example of an outsourcing situation gone wrong. Seems a hospital in the US outsourced its transcription requirements to a US outsourcing company. That company then sub-contracted the grunt work to an Indian company. When an argument around debt occurred, the sub contractor started to release confidential patient records in order to coerce the customer into paying some money.
It’s a sort of funny/sort of scary example, and points out the fact that enterprise does have some valid concerns around outsourcing in general (and SaaS in particular).
The biggest challenge around SaaS uptake in enterprise (actually there’s a few but one of the biggest) is around risk management and governance. The problem until now has been that SaaS has been seen as a small business solution. Small businesses generally don’t require the same sort of certification and security SLAs that big business requires. For example what real legal agreements are in place between clients and SaaS vendors such as SaaSu, Xero, PlanHQ etc etc?
It’s a big area of challenge for SaaS vendors and possibly one where a third party can offer them some value. In the same way that Apprenda and Force.com are providing development as a service/hosting as a service, perhaps they could also provide some guidance around development of sufficiently robust SLAs and security protocols.
What do you think – is security a real concern or will big business just get more flexible as time goes on?