header20tech1

June 26, 2012

Watching the Ball – IT Concerns for SaaS, Hosted and In-House

Security of client information has always been a top concern for Information Technology (IT) teams. Even with a security focus, education and the right tools, security is frequently weak.

Randy Johnston

From the July 2012 Issue.

Security of client information has always been a top concern for Information Technology (IT) teams. Even with a security focus, education and the right tools, security is frequently weak. If your IT team takes their eye off the security ball, you will have a problem. You must also watch the ball for new methods of using applications including Software as a Service (SaaS), hosting and the more traditional approach of running applications in-house on your own network.

It is wise of the management team to verify the internal IT team or outsourced IT team selected strategy. With SaaS applications still representing a relatively new development in IT strategy, we believe a checklist methodology may help you communicate your IT concerns. Consider the lists provided a starting place, and certainly not comprehensive. There are certainly other articles discussing the benefits of SaaS or hosting applications that are worth additional review.

SaaS Concerns

Running your applications through a browser has potential benefits as well as weaknesses for your firm. Examples of the benefits include: the software remains up-to-date, rapid deployment, ease of access from multiple locations particularly where a browser can be used, known recurring costs and more. Possible weaknesses include: poor performance, lack of customization, difficulties with integration, outages beyond your control, and difficulties in downloading your data including the loss of history during conversions.

IT Concerns for you to discuss with your team include:

  1. Service Level Agreement (SLA) guarantees – What is the contracted commitment of availability? What is the consequence if this standard is not met?
  2. Security of the data – How is access protected? Is it simply a user ID and password? What happens if the user ID and password is compromised? Is any data left behind from the browser session? Is any data stored locally on the machine or device used?
  3. Compatibility with browsers – Although compatibility is improving with more use of HTML5 and less use of Flash in applications and web sites, there can be notable differences in experience if products are run in different versions of web browsers or in different web browsers. For example in the Microsoft browsers Internet Explorer 8, 9 or 10, there are notable technical differences and user experiences. The complications become more pronounced as Google Chrome, Mozilla FireFox and the Safari browsers are added to your mix. How does your organization support, test and protect the organization?
  4. Speed issues – What is the organizational plan to deal with unforeseen performance issues? Most browser based applications run consistently, but if there is an issue, how is it resolved? Speed and compatibility issues are frequently beyond the control of your IT team to resolve. What will you do if this is an issue? Unfortunately, there have been a number of providers of SaaS applications that have gone through growing pains and have had trouble providing sufficient performance and scalability. Some routing problems across the internet sometimes can’t be resolved by either the provider or your IT team…the issues lies with a third party.
  5. Upgrades – A benefit of SaaS applications is that the provider keeps the software up to date. How will you keep your people trained on the application, particularly when there is a major change in the user interface? This year alone we have seen multiple upgrades that did not seem like a step forward, and the user interface change was particularly disruptive.

Hosted Concerns

Hosting applications can eliminate some traditional IT problems, but may create issues at the same time. For example, QuickBooks hosting is popular, and it is convenient to not go through the installation or upgrade process. The cost of hosting can frequently be passed on to clients, making the option even more attractive for a firm.

Like SaaS, hosting can provide benefits including: software updates are applied by the hosting vendor, hosting makes remote access easier, and infrastructure expenses such as servers, backups and other upgrades may not be required. Possible weaknesses include: poor performance, restrictions on integration, outages beyond your control, and restrictions placed on application use.

IT Concerns for you to discuss with your team include:

  1. Certifications – Is the hosting company certified? Has the hosting vendor met minimal standards such as the Service Organization Controls (SOC) in SSAE 16?
  2. Licensing – Do the applications we want hosted have any restrictions in their end user license agreement (EULA)? How is the software licensed? Does the hosting company provide the licensing? Do we?
  3. What protects our data? – Is the data backed up and copied off-site? Is the security set up to prevent other firms from seeing our data? Unfortunately, this problem has occurred more than once this year by well-known hosting companies.
  4. How do upgrades occur? – Does the hosting company install new applications or updates? What is the charge for this? How frequently are the updates made?
  5. End-user support – How do issues with applications get resolved? What happens for after-hours issues? What are the charges?

In-House Concerns

Using local area networks and personal computers for business has only been done for around 30 years. Although more time has allowed us to be more comfortable with in-house deployments, there are benefits and risks here, too. In-house implementations have benefits including: software updates can be applied on your schedule, remote access support for specific devices or needs can be implemented, costs are more likely to be lower, integration can be comprehensive and with today’s managed service options, experts can securely provide services on your system from afar. Possible weaknesses include: need to upgrade regularly, poor local support, lack of understanding of your applications, lack of expertise in a technology you need, security shortfalls, and catastrophic failures at your location.

IT Concerns for you to discuss with your team include:

  1. Technology Plan – What is our technology strategy and tactics? What is the budget for our activities?
  2. Business Continuity and Disaster Recovery – How have you covered the IT portion of our firm-wide BC/DR plan? Can you show me your IT documentation?
  3. Single Points of Failure – What technologies do we have where failure of a single item could disable us?
  4. Security – How can we be assured that we have adequate protection? What is your plan for firewall maintenance? How is data encrypted in motion and at rest?
  5. Backup – How is our in-house IT protected? What is the data backup strategy? How do you know it is working? Who is your backup in case something happens to you?

Most of the IT concerns for in-house have to be addressed whether you are only in-house, or use some hosting or SaaS applications. As you have probably perceived, the IT concerns listed in all three categories barely scratch the surface of what has to be considered. There are many sources for good IT checklists, but the key formula in each case is applying your knowledge and business needs to the list. If you’d like to discuss your needs directly, it would be a pleasure to do so. The most important thing to do is to act and make a plan that can guide you now and in the future.

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Tags: Technology

Leave a Reply

Randy Johnston 2020 Casual PR Photo

Randy Johnston

MCS, MCP

Randy Johnston has been an entrepreneur, technologist, and teacher for most of his career. He has helped start and run many businesses, and founded Network Management Group, Inc. and owns half of K2 Enterprises. He has written for accounting and technology publications for four decades, and for CPA Practice Advisor since 2000.