By Larry Lange

After nearly a decade in the minor leagues, software as a service is being considered for a call-up to the majors. Software as a service provides CIOs with business applications hosted by a third party. Companies pay a subscription fee, rather than a more traditional licensing fee, and they access the applications over the Internet. The potential benefits include cost savings, reduced staffing requirements and rapid implementation times.

These and other benefits are driving this technology approach — better known by its initials, SaaS (pronounced like "sass") — from being a solution only for small and midsize organizations to one suitable for even the largest of enterprises. "SaaS is an IT-lifestyle decision, to be sure," says R. "Ray" Wang, a principal analyst at market watchers Forrester Research in Cambridge, Mass. "But there's real interest coming in now from the large enterprises."

With high bandwidth now all but ubiquitous, SaaS appears to be a model whose time has come. In fact, more than 60 percent of CIOs plan to use some form of SaaS, according to a 2006 CIO survey conducted by management consultants McKinsey & Co., up from just 38 percent who said the same thing in late 2005. Looking ahead, market analysts at Gartner Inc. predict the worldwide SaaS market will more than triple over the next four years, jumping from $6.3 billion last year to $19.3 billion in 2011.

Yet behind all this happy talk, some industry experts and participants are taking a far more cautious approach to SaaS. They cite concerns over SaaS' lack of functionality, the potential for CIOs to lose control over their mission-critical data, and issues with reliability and security. "SaaS is not a panacea; companies need to view it as an alternative application delivery channel to leverage when it makes good business sense," says John Meyer, VP of strategy at CA. "I see most companies ending up with a mix of application delivery models, for which SaaS is definitely positioned to pick up a piece of the action."

The benefits of the SaaS approach are real, having been field-tested by small and midsize companies. For example, among midsize technology companies, users of SaaS sales applications see sales leads and closes "at least two months earlier than they would with a traditional system," says Forrester's Wang. He adds that a typical return on investment (ROI) for a SaaS project undertaken by a midsize company is in the 20 percent to 30 percent range. It's that high, he adds, simply because a company can turn on and start using a SaaS solution right away, and with little training needed.

The SaaS model makes it viable to share one application across hundreds of companies to run in a common environment. As such, it's an obvious improvement over the traditional client-server model. And as bandwidth costs drop, SaaS becomes ever more affordable for companies to ensure levels of connectivity that allow online applications to perform nearly seamlessly.

Indeed, many experts are impressed at what a SaaS model can offer. Forrester's Wang serves up a litany of potential benefits: Rapid deployment. Rapid implementation. Operational expense vs. capital expense. Freeing up IT resources. The ability to take advantage of the better Web-based user experiences. Reduction of time spent by the IT staff on adding value to the business. Lower costs. And freeing bandwidth to better support existing applications.

Lower Overhead
SaaS can lower IT costs by helping CIOs avoid many traditional overhead expenses. A typical software implementation involves purchasing, housing and maintaining servers; installing and maintaining the software; and then training (and sometimes re-training) staff. None of this is necessary with a SaaS implementation, at least for small and midsize companies.

Further, SaaS offers a "pay-as-you-go" subscription model that frees CIOs from the commitment of long-term software licenses. Where traditional software involves a cycle of buying a software license, paying for a service contract and then having to pay for upgrades, small and midsize firms can instead simply pay a monthly fee to a SaaS provider. Plus, they can more easily switch providers, a daunting challenge for users of licensed software. What's more, some SaaS subscriptions are based on metered usage, meaning CIOs pay only for what they use.

SaaS can also help CIOs with rapid implementations. In one study conducted by Nucleus Research, companies that deployed traditional customer relationship management (CRM) applications typically needed 18 months to do so. But companies that used SaaS-based CRM typically implemented their applications in just one to three months, Nucleus Research found.

In the field, outsourcing consulting firm Pace Harmon has helped several companies implement the SaaS model to a successful outcome. In one engagement, Pace Harmon worked with a SaaS-based Vendor Management System that handled the management of contract labor. "By adopting SaaS, the company was able to concentrate on its top priority of establishing processes and controls for several thousand contractors," says Barry Rosenberg, a partner at Vienna, Va.-based Pace Harmon. The alternative, he adds, would have involved "spending countless hours implementing a new on-premises system."

Given all these benefits, CIOs might be surprised to learn that, until quite recently, the larger, more established software and solutions providers did not see much potential for growth in the SaaS market. While that's changed more recently, this situation allowed a wave of relatively small SaaS specialists to emerge.

Perhaps the best-known of these SaaS newcomers is Salesforce.com. In business for less than six years, Salesforce.com has already acquired more than 645,000 subscribers from some 20,500 companies. As for growth, the company's revenue has been rising by roughly 80 percent a year, according to Steve Garnett, the company's general manager.

Another SaaS provider, NetSuite Inc., has been in business for more than eight years, during which time it has built up a global base of some 70,000 subscribers at approximately 7,000 companies. Based in San Mateo, Calif., NetSuite offers a comprehensive suite of Web-based applications — including ERP, CRM and order management — for small and midsize businesses.

Still, many enterprise software suppliers and large-enterprise CIOs are reluctant to jump aboard the SaaS bandwagon. One reason: Some software executives are concerned that SaaS may not be up to mission-critical enterprise tasks. Most SaaS providers, they say, cater to small and midsize customers by offering CRM, payroll and human resources applications, and collaboration apps like Web conferencing. While that's fine, these are basically functions that are not mission-critical and don't require strict data-security levels. "If you compare the traditional CRM suites with the SaaS offerings that exist today, the SaaS models definitely offer less functionality," says Meyer of CA. "The question becomes, 'Will [the SaaS offering] be able to grow with you and meet your business needs if the capabilities of your organization require more specialized functionality?'"

Another reason for SaaS reluctance: The SaaS model doesn't permit ownership of the core code. This means a company cannot modify the code, except to do minor interface design work. Similarly, explains Wang of Forrester, CIOs typically don't get to choose the timing of their SaaS application upgrades. Instead, upgrades are delivered to all customers at the same time.

Too General?
Yet another issue is that of "multitenancy." This refers to the process of hosting multiple customers on a single server, which is how on-demand service applications are provided: The code for the software runs on a remote machine, and one instance of code is accessed by multiple users. Critics of SaaS solutions say the model inherently lacks flexibility, and that the code becomes too generalized to meet the needs of all organizations under a particular umbrella.

As if that weren't enough, when it comes to connecting an organization's back-office systems to a SaaS provider's systems, there is the challenge of integrating a SaaS system with a company's ERP, inventory and supply-chain applications. SaaS doesn't have the ability to manage end-to-end customer processes like an on-premises application does. "The jury is out on whether SaaS can handle the ability to link into complex legacy environments and customer data," says Wang at Forrester. "You will pay a price for integration at some point. Yes, a SaaS implementation may be cheaper out of the gate, but what if you decide to take your systems back from off-premises? You're stuck." Bob Davis, senior VP and general manager, CA, agrees: "Integration issues [for SaaS] with back-office IT are big."

Yet another issue is compliance. Most SaaS vendors now offer fairly generic solutions. That means CIOs whose companies need to demonstrate, say, Sarbanes-Oxley compliance may find that SaaS solutions can't satisfy that need, or can do so only with custom programming. Michael Jones, president of Infocrossing, a Leonia, N.J., IT outsourcing services provider that offers three SaaS applications, has had to deal with Sarbanes-Oxley requirements and making sure the appropriate controls are in place during SaaS implementations. Expecting a service provider to behave as if it's an extension of your organization can be a complicated situation, " he says.

Perhaps the biggest concern for large enterprise CIOs considering SaaS is the solution's lack of security measures. While many small and midsize companies feel comfortable that their applications and data over an Internet connection are adequately secured, many larger enterprises would disagree (see sidebar, "How Secure Is SaaS?").

According to these SaaS observers, unless better functionality, value and security are combined with SaaS, the important connections between buyers and suppliers — such as procurement, logistics and supply chain management — won't be feasible.

For these many reasons, most enterprise software companies are taking a cautious, methodical approach to SaaS. They are rearchitecting their applications to make them work over the Web in a robust, mature and value-adding fashion. Companies like CA are also working behind the scenes to help large enterprises create an IT infrastructure that can safely and effectively support SaaS. "We will not compete with companies like Salesforce.com," says Davis of CA. "For customers of SaaS providers, we want to make sure their provider's technologies are governable, manageable and secure."

Jeff Chittenden, COO of Vertex, is also keenly awaiting SaaS versions of enterprise software. Prescot, U.K.-based Vertex provides business process outsourcing (BPO) services and employs some 9,000 people in nearly 70 locations worldwide. With that kind of scale, Chittenden is eager for the kind of cost cutting and added flexibility SaaS could deliver. "We'll be able to set up new call centers very cheaply, without having to deploy technology directly in the call center," he says. "We'll be able to change things centrally and make them standards-based, so we can seamlessly knit together the components we actually need from an application — and not have to develop an entire application."

Looking even farther ahead, some industry participants anticipate the evolution of SaaS into what they call IT as a service. "That's where it's going," Chittenden says. The old game, he explains, was to do BPO just with cheaper people. "But the new game is to take BPO and transform it, to do IT smarter, to make it more business-value oriented," he adds. "This makes the outcome better for the customer. IT as a service will be key in enabling that." (See sidebar, "IT as a Service")

As it stands today, however, the SaaS industry needs to mature over the mid-to long term while the big enterprise software firms work out the particulars of making the SaaS model truly workable. Few doubt that one day soon, the SaaS model will gain enough functionality, robustness and high-level security for mission-critical enterprise applications. But between now and then, there's still lots more work to be done.

Larry Lange is a freelance writer and former senior editor at TechWeb, PlanetIT.com, EE Times and IEEE Spectrum.