By Bassam Hemdan, Regional Vice President, Americas, at Metallic.
For many organizations, the pandemic forced a change in how data and applications needed to be managed. But even before that time, businesses were taking advantage of a new business model that has gained enormous popularity in recent years.
Software as a Service (SaaS) allows companies to move their data environment and applications from their proprietary infrastructure to the cloud. One of the biggest benefits is cost savings, but it also takes many time-consuming and complex tasks out of companies’ hands, offering enterprise-grade data protection, easy deployments, automatic upgrades, no hardware costs, and a predictable subscription model.
That said, for many, the thought of entrusting your most valuable assets to an outside entity can be concerning.
What do you need to consider when deciding on SaaS? Here are answers to some of the top questions asked by companies when it comes to this business mode.
1. Can I even consider a SaaS solution?
Before you consider signing a contract for cloud services, youshould ensure the use of this type of solution is acceptable for your business, and in your industry. For example, it could be that specific regulations or the accepted practice of the organization requires data to be stored on its own infrastructure. Most often, this can occur with public sector entities. Nevertheless, it should be emphasized that in Canada and the U.S. there are no regulations prohibiting storing data in the cloud for the vast majority of organizations.
2. What are some of the legal considerations I need to know about before signing a contract?
You should take into account any legal restrictions associated with your industry. Certainly, specific requirements (for example, imposed by regulators) will apply to banking, finance and insurance, and telecommunications. Equipped with appropriate knowledge, you will be able to verify whether the solution as proposed by the provider ensures compliance with specific legal requirements, standards, or guidelines.
3. Will a SaaS solution really address my needs?
The short answer: Yes.
Your solution provider partner, by analyzing your needs and use cases (the way you use your current data environment), will offer a solution that is specifically tailored to your requirements. What’s more, the solution can be modified to keep up with increasing needs. This is one of the biggest advantages of SaaS solutions – they are easily scalable, which means they have the ability to adapt to the growing volume of processed data.
SaaS solutions can address a wide range of needs. From the practical point of view, they can be divided into business support systems and tool systems. The first category includes those supporting end users, such as CRM systems. The second includes systems that process data and offer data analysis performed by artificial intelligence, security systems for local and cloud environments, and – more and more often associated with SaaS – data backup solutions.
4. Will the data remain my property?
It is especially important to make sure that you remain the owner of your data throughout the duration of your contract with a provider and that it will not be used for purposes other than those to which you agree. This may seem like an obvious operating model, but it’s important to check the contractual terms of this matter – in particular, the descriptions of data processing in the contract for entrusting the processing of personal data.
5. Who will be responsible for my data?
Another key issue is the legal responsibility for the data entrusted to the provider. The agreement should clearly define who bears such responsibility and will be held accountable for it – especially since cloud services will usually involve more than one entity.
When you decide on a SaaS solution, you become a party to a legal relationship not only with the provider of that solution, but also often with its partners. Specifically, this means the providers of the infrastructure on which the SaaS solution runs, i.e., Platform as a Service (PaaS) or Infrastructure as a Service(IaaS) solution providers.
Then you are dealing with a shared responsibility model. Inevitably, your contracts may contain references to third-party contracts, which you should also review. When analyzing the contractual provisions (and often the documentation of the solution), it can be useful to determine precisely who is responsible for what. Graphical representations of such a shared responsibility, such as diagrams, can be very helpful.
6. How do I know if a particular provider is trustworthy?
Before you decide to work with a provider, you should track its past achievements and check how it compares in industry reports, such as those from Gartner and IDC. This information can provide a good overview and help confirm the credibility of the provider.
7. How will the contract be signed?
Experts often note the generally accepted industry practice is to sign a contract with a SaaS provider via clickwrap or clickthrough, i.e., by approving a specific version of the document using a mouse. With this format, the fact that you have accepted the contractual terms is logged. If you prefer the traditional form of concluding a contract, you should explicitly ask the provider to do so – then you can also sign the contract using electronic signatures or even on paper.
8. How can a SaaS solution support compliance, e.g., with GDPR?
An optimal SaaS solution should also support your compliance efforts. For example, a cloud backup solution can simultaneously prevent end users from moving data (for their convenience) outside the cloud or support the management of data retention periods. If the solution is to be used to process personal data, note that you will also need to sign a contract for entrusting the processing of personal data.
9. Are there any hidden costs in a SaaS solution?
It’s important that you carefully review your provider’s contract for any additional costs that may be associated with using theirservice. It is also worthwhile to analyze the exit option – the conditions for terminating the contract with the provider, in particular as it relates to the context of any vendor lock-in risk.
10. What if the provider fails to meet the conditions?
One of the most frequently used mechanisms is the service credit – a special discount for service in subsequent periods. It is worth determining the boundary conditions for applying for such a compensation and in what cases it will be possible to terminate the contract.
At the end of the day, when selecting a SaaS provider, you should ensure you feel comfortable and confident in your partnership – and only sign on when you are completely comfortable.
_____________________________________________________________________________________
Bassam Hemdan is Regional Vice President, Americas, atMetallic.
