I was talking to Zach Nelson, CEO of NetSuite recently and he commented "People think of SaaS as changing the software industry. Our impact will be even more profound on the outsourcing industry".
Outsourcers have to get used to smaller, more iterative projects around his products and those from salesforce, Workday and others - a big adjustment from their SAP and Oracle practices. But even more dramatically they will have to adjust to up-time, responsiveness, ease of upgrade, price and other benchmarks emerging from cloud world.
Then I read Phil Fersht of AMR Research and he disagrees:
"What concerns me with SaaS delivery is the lack of provisions for compliance, business continuity, security and privacy of data. Moreover, there is often a far-reduced level of control over data and processing, for which a well-crafted outsourcing contract caters. Outsourcing goes to great lengths to stipulate where data resides, how it is protected, who has access, which measures are in place to accommodate political or natural disasters, and how data management complies with regulations. In addition, outsourcing providers are SAS 70 compliant, but are all SaaS providers?"
"With SaaS, companies can sign up, flip a switch, and they’re up and running with zero upfront investment. Does this mean they are going to invest nearly as much attention on governing these processes? My experience so far is no. Companies move into SaaS because it is cheap and easy, and often overlook the internal business transformation then need to go through to manage these processes effectively in an outsourced environment. "
So where's the reality? Somewhere between Zach's optimism and Phil's cynicism.
Yes, SaaS vendors will increasingly go through more tire-kicking from customer due diligence teams. Actually it's already happening. If you ask Marc Benioff he will tell you what some of the largest companies in the world have done to crawl through nooks and crannies of his data centers. In SaaS deals I have been involved in, attorneys are already fighting over SAS70, data portability, privacy, IP issues.
And Phil has an overly rosy view of what outsourcers sign up for. Their standard force majeure (for disasters) language is typically weak. In many cases, all they have to do is declare it, and that basically buys them a few weeks of service degradation. You have to amend their language to say they will do x and y and z in a disaster. The credits for not meeting SLAs in many outsourcing contracts would barely buy you a cup of coffee at Starbucks. The termination fees in many outsourcing contracts would by themselves pay for several years of NetSuite, salesforce, Workday contracts.
The good news in all this is buyers should use clouds to benchmark outsourcing arrangements. And what we have learned from outsourcing due diligence and failures (and there are plenty of those) to benchmark clouds. And get the best of both worlds in economics, performance, security, scalability and many other dimensions.