The Risk of SaaS

6/28/2010 Carsten Howitz Cloud

Software-as-a-service or SaaS is a convenient way of outsourcing some or all of your IT infrastructure where someone else will host your software and you basically rent it on a monthly basis. If you like to know more about SaaS please refer to my article “What Is Cloud Computing and How Can You Benefit from It?”.

Apart from the financial aspect of renting your software and never owning it, are there any direct disadvantages to SaaS?

I think there are two major disadvantages that you as a business must weigh up against the benefits of SaaS.


Although SaaS vendors almost always promise an uptime of 99% or better, you have to ask yourself what to do in the few instances where the software is not available.

Intuit is a major SaaS vendor with,, and other extremely popular and heavily used services that are only available online. Recently Intuit experienced a major outage where all their servers were down for days (see Intuit’s Web Sites Hit by Major Outage

So if you as a business rely on your software to be up and it isn’t, you are out of luck. Since you are not hosting the software you are relying completely on the capabilities of your SaaS provider to bring the system back up. Maybe it wouldn't affect your business to be down a few hours, but if you were relying on processing your payroll and the software is unavailable past the deadline there is nothing you can do about it. Paychecks will not be available for your employees on time. If your credit card processing software is unavailable your can run out of cash and checks may start to bounce with penalties to follow.

When you outsource your software you also give up the control over its availability. If it is unavailable you can only sit and wait for it to come back up and you most often have no idea when it gets back up.


When you rent your software your data is hosted by the SaaS vendor offsite. You rely on your vendor to protect your data from unauthorized access and also to perform the necessary backups.

If you will be hosting very sensitive or confidential information with a SaaS vendor you better make sure they have the best security to protect your data. But can you really be sure they do what they claim? If you host the data yourself you are in control of the security and can set up the necessary protective measures to ensure your data, but once you let someone else protect your data you no longer have control. Would the US government host top-secret information with a SaaS provider in China? I doubt it. Should your business do the same?

The SaaS provider is also responsible for backing up your data and making sure to be available for an eventual restore should your data be deleted or the hardware crashes. How fast will you be up again? Can you afford to be down this long? What happens if the SaaS vendor didn’t back up your data? What if they forgot or it didn’t work? Will this destroy your company?

I once consulted with a company that hosted their data with a company in the Far East. They were promised 97% availability and daily backups. That was good enough for this company and the price was very competitive. Three years down the road the SaaS vendor’s server crashed and all the company’s data with it.

The SaaS vendor promised the company they would be up in less than one day, but after that they never heard from them again. They simply ceased to exist.

Imagine what that could do to your company.

SaaS is definitely a convenient and cash flow efficient way to get access to software, but there are also risks associated with SaaS and as a company you have to weigh the benefits with the risks.

If you want to be able to control the availability or security of your software and data you have no other option than to host it yourself.


Social Media