O! it is pleasant with a heart at ease,
Just after sunset, or by moonlight skies,
To make the shifting clouds be what you please (…with thanks to Samuel Taylor Coleridge)
As we sweltered and gasped through one of the hottest summers in memory, it would have required considerable effort to pay attention to the cloudscape. Now, with the August Bank Holiday safely behind us, it is more appropriate to take a detour into the cloud landscape – this time, in its SaaS, or software as a service manifestations. Hopefully well rested and with a “heart at ease”.
Previously we focused attention on “Private Cloud” and “IaaS” (Infrastructure as a Service) and its offspring but before we follow IaaS towards the logical conclusion of its development, it would be useful to investigate the concept of SaaS – Software as a Service – which has a lot in common with, and sits alongside both IaaS and “Public Cloud”
||Software as a Service (SaaS) is a software licencing and delivery model where cloud hosted software applications are made available via subscription rather than purchase. SaaS is also sometimes known as “Software on Demand”
SaaS has been around for well over a decade – and most law firms will already make extensive use of it (whether the non-IT community is aware of it or not)
- In essence, the SaaS provider supplies an outsourced, hosted system or platform (the application), which remains in, and is accessed “in the Cloud” (via the internet) and the firm simply uses what resources / services it needs.
- Instead of merely hosting the infrastructure and looking after it, the supplier provides an entire solution, and takes care of hardware, software, updates, development – everything!
- Well-known instances are email filtering, security applications, business continuity and archiving, secure (or not!) large file transfer solutions, digital dictation platforms, more recently client extranets and now, increasingly, even critical line of business applications such as Document Management Systems. For the smaller – or even mid-sized firm, a completely “hosted” integrated practice/case management/ document solution may be the answer – and increasingly, SaaS offerings in this space are coming to the fore. Insofar as innovation and “new technology” is concerned, many AI (or rather, machine learning) solutions are now being offered in a SaaS format.
Often, SaaS solutions are paid for on a per user per month basis thus making them flexible, scalable and reduces the initial investment. Alternatively, it could be invoiced quarterly or annually, but based on usage, number of users or some other measure of the services consumed.
Cloud evangelists may not necessarily regard SaaS as “Cloud”, but we challenge them to come up with a definition which excludes SaaS. The growth of services in this area is exponential – just think of the Microsoft offerings: Office 365, Sharepoint On-line and Dynamics to name but a few applications. The rate of adoption of these SaaS applications represent a tsunami of change.
Benefits of Software as a Service
From the Law Firm’s perspective, the benefits are obvious:
SaaS is usually based on a subscription model. No expensive up-front purchase of licences and then an ongoing maintenance fee is required. Instead, whilst there may be a one-off set-up cost, usually the cost is subscription based (quarterly, annual – or even, in some instances, monthly). Thus, the cost of using the application becomes an operational expense – like rent – and no capital investment is required. There may even be tax advantages.
Note: Just to confuse the issue further, some vendors are now offering their traditional solutions (i.e. ones the Firm has to install and maintain) as “SaaS” solutions by providing the option to pay monthly based on number of users. This is purely a financial arrangement, and is not to be confused with true Cloud “SaaS” delivered solutions.
- There are rarely any “hidden extras” in the day to day running of the service. The subscription fee should cover all the costs associated with running the application – i.e. no investment in hardware, no additional support costs, no costs for back-ups, Business Continuity and Disaster Recovery and no costs for upgrades and maintenance. However, as ever, buyer beware! Ensure you check any fair use policy, minimum commitment and exit terms including, most importantly, how and when you will obtain return of your data on termination of the contract
- SaaS is usually scalable. As the Firm’s requirements increase (or decrease), you can flex the service seamlessly, without the investment or lead times required by more traditional on premise or hosted systems. A word of caution though – most SaaS providers will bind you to minimum subscription quantities, making it difficult to downscale. Careful negotiation is required. Of course, with services taken from the tech giants (Microsoft, Azure, etc) you stand little chance to negotiate a more flexible contract. Other providers may not be so obdurate.
- As with IaaS (Infrastructure as a service), someone else will be taking care of the boring, routine tasks of infrastructure management, monitoring, patching, upgrading and securing, and your internal IT team is freed up to focus on more value-added tasks;
- You don’t have to worry about physical failures – i.e. disks, power supplies etc. These become “someone else’s” problem. Of course, you will need to pay particular attention during contract negotiations to Service Level Agreements and service credits to ensure that the Firm has adequate recourse in the event of difficulties i.e if the service is not stable, and Service Level Agreements are frequently not met – more of which latter.
- Economies of scale: the cost of maintaining, upgrading and developing the application is spread over a greater or lesser number of users. Thus SaaS can be considerably more cost effective than traditional solutions, whether simply hosted in house, or developed in house.
Disadvantages of Software as a Service
- Almost by definition, your and your clients’ data will reside on a shared infrastructure. This could be problematic, since some clients will not find this acceptable. There is then a difficult choice to be made – do you risk losing the client(s), or do you forego the benefits of SaaS? Some SaaS providers do offer either a “private platform” or an on-premise alternative to cater for this situation, but then, unfortunately, you will be sacrificing at least some of the benefits of a true SaaS solution and the costs may well increase.
- One size fits all: You will benefit from the R&D spend of the SaaS application provider. On the other hand, there may well be limitations on the extent to which you are able to customise the application to suit your Firm’s exact requirements. The development roadmap may well not align with your Firm’s strategy. A good question to ask: what is the development roadmap, and to what extent will you (and other users) be able to influence it. Is there an active user group?
- You may very well be locked into a minimum subscription – both in terms of duration, number of subscription licences or in some other way. Sometimes the Firm may be able to negotiate its way out of this up front, but even when this is not possible, just be aware of the limitations on flexibility.
- There may be a further catch – should you scale up your subscription during the course of the contract, you may become locked into the higher subscription commitment, and may be unable to scale back down to your original, lower commitment should circumstances change. Again, a matter for negotiation.
- Service Level Agreements – increasingly, business critical solutions are delivered by SaaS providers (including Document Management and Case Management). Ask yourselves – how long can you survive/ carry on with delivering services to your clients should the SaaS service fail for any reason. Even a 99.99% uptime (the measure frequently used) may translate into several hours of service non-availability. Should this occur during core business hours, the Firm may be significantly affected. Good questions to ask are details of historical uptime records, and how the uptime is measured (over a year, a quarter, a month?). Should you negotiate financial penalties in the event of systems downtime?
- Service degradation may be another matter for concern. The SaaS solution may be excellent, and the provider undergoes rapid growth. Bravo! But do they have the infrastructure in place to cope with a sudden increase in clients they have to service, without performance degradation?
- A well-defined exit strategy is critically important. Issues to consider are early termination if the service is unsatisfactory (a clear definition of “unsatisfactory” is necessary), ease of accessing and retrieving your data in an acceptable format and timescales at the end of the contract, whether terminated for breach (by either party!) or by simple expiry.
- Information and cyber security: You are handing over some of your and your clients most precious assets to a third party. It is advisable to get an expert Information and Cyber Security adviser to validate all the accreditations of your chosen partner and do a thorough validation on all the security they have in place, both from a process and a technology perspective. You may hand over your and your clients’ data to a third party, and under GDPR they have obligations as a “processor”, but you are ultimately responsible as Data Controller as well as for the obligations under SRA Guidance.
- You may need consent from some of your clients to move their data to a third party. There may also be particular geographical/jurisdictional requirements.
The trend to “Cloud” is unstoppable – everything is driving you that way. However, for many of us it is a new world we are venturing into. Great care and the development of different skills are required.
In the next instalments we will be dealing with the true “public Cloud” and the “Hybrid” or “multi-Cloud”. We wish you a productive autumn, without any storm clouds gathering!