A SaaS-heavy organization sounds like one set up for success.

Even Forrester has quipped that “if you aren't using SaaS broadly, your business risks falling behind”. With everyone looking to use data to drive revenue, reduce costs and boost loyalty, SaaS is becoming an invaluable way to progress a transformation strategy. A 22.9 percent year-over-year growth in SaaS adoption indicates that many organizations are investing in the technology to assist with digital transformation. So with this in mind, is it even possible to go wrong with SaaS?

Perhaps an unconventional analogy for the modern technology landscape is pop culture. Like in IT, sass is everywhere there, from RuPaul’s Drag Race to Brooklyn Nine Nine. A personal favorite is the Dowager Countess of Grantham, known for her acerbic one-liners.

So what does the legendary matriarch, played by Dame Maggie Smith, teach us about business SaaS usage? That deployment, like one-liners, needs to be managed and controlled in a comprehensive company narrative to maximize results. To put it another way: while SaaS-based offerings can help in any number of departmental data strategies, they need to be supported by other actors, and integrated into the wider business data landscape to be truly effective.

– Getty Images

SaaS comes with a lot of subtext

The first part of that control is knowing what you’re getting in to. When a character is being sassy in a TV drama, you’re not only getting the comment itself, but a whole range of insinuations and emotional implications. When it comes to a SaaS contract, there are some parallels. While the agility and cost-saving aspects of SaaS may be front and center in the buying decision, there’s a lot going on under the surface that needs consideration.

When your business signs up to a SaaS application, you need to consider that amongst other things, you’re handing over availability, recoverability and security to the SaaS vendor. And when you use that vendor for things outside of its core functions, costs can also rise.

A good example of this is Salesforce. As a company that stores your customer data, it certainly works hard on security – it has to or it would not get subscribers. Look beyond that area though, and you might be surprised to know that if you ask Salesforce to recover your system, you’re in for a wait of six to eight weeks and will incur a cost of $10,000. Yes, you read that right. And if you start dropping large files into Salesforce, your storage costs will also start to rack-up beyond what it would cost to store it yourself.

To its credit, Salesforce does recommend the use of 3rd party tools to create your own backups, and it provides APIs for 3rd party storage, so with the right software you can mitigate both issues. It’s also fair to say that this sort of recovery is a last resort, though I personally have not been involved in a business where they would choose to set a service level like that for such a critical application.

SaaS control and GDPR

Now being savvy with your data – across both SaaS and your own systems – and using it in ways your customers have not consented to, is going to make you fall foul of GDPR. Too many separate SaaS tools could also leave you with data management issues – both in terms of risk, and the ability to extract value from it.

This is particularly important when considering unstructured data stored in a SaaS solutions like Office 365. If those stores contain personal information, users could easily (intentionally or in error) make that data accessible to a third party without consent, fail to keep the data up-to-date, or erroneously change it. Unless you take steps to control data in Office 365, you are also leaving your users in control of data retention too, another challenge of GDPR compliance. Ideally, organizations should manage these SaaS environments with tools that can help them across their entire hybrid cloud.

At the same time, in order to ensure compliance with GDPR, you need to know what data you have where – and, if it’s in a SaaS environment, that the SaaS provider is also compliant as a data processor. While providers like Microsoft go to great lengths to ensure their service is compliant, that doesn’t make your business compliant as you remain the data controller. And while Microsoft itself does offer add-on compliance tools for Office 365, these do not extend over different SaaS offerings, clouds or on-premises. As such, a third party tool can positively impact your entire compliance landscape, including, but not limited to, SaaS platforms.

In most organizations, SaaS subscriptions may come from departmental budgets and not from IT, and can even escape IT scrutiny. Even when IT is fully engaged, you need to understand:

  • what SaaS solutions your organization is using
  • exactly what data you are putting in these services
  • what the availability, security and compliance requirements are for the data you are putting into these services
  • what the services are capable of i.e. are there features you made need to put limits on or disable

This information needs to be compiled regardless of department, team or usage, and all the different offerings should be data-mapped – if you don’t understand your data, you can’t be compliant. There is also the likelihood is that’s it’s costing more than it needs to, and that it may not be as available as you would like.

SaaS is often viewed as a turn-key solution; switch it on and your business transforms faster than it would if you were doing it yourself. The reality may be different though, and you could be taking risks that you never would otherwise. So, when reviewing SaaS offerings, consider what extra third-party tools you might need to overlay; they could save you money, keep your business afloat and ensure you stay on the right side of GDPR. Even the Dowager Countess couldn’t be too sassy about that.