Avoiding Disaster when Your SaaS Vendor Folds

More and more organizations use software-as-a-service (SaaS) offerings, but what happens if a SaaS vendor goes out of business?

Though such contingencies are rare, they are entirely possible. The SaaS market is overcrowded. Fierce competition can easily force a vendor to fold unexpectedly and a company's SaaS platforms often provide critical services. Possible interruptions to their SaaS service can put their overall function at risk.


Vendors could fold that offer file sharing, appointment scheduling, team collaboration, customer service management and any number of services that could stop the end-user's operations in its tracks. Aside from the obvious interruptions, additional functionality can be impacted.




What is at stake?

A company that has lost access to its data in the cloud and cannot access mission-critical applications in effect halts its own operations. It follows that guaranteeing business continuity means ensuring unconditional access to data at all times, whatever happens. In practice, this means having to run an alternative SaaS service in parallel. If that is not in place, data owners are courting losses of revenue, productivity, and data - not to mention irreparable reputation damage.

Another risk attending SaaS service interruption (and not only) is loss of compatibility. This arises where SaaS platforms lock clients' data and/or render it incompatible with rival platforms. If the small print in a SaaS contract reveals this is indeed the case, clients have in effect chosen to lock themselves into using only their current service provider; they are unable to move their proprietary data anywhere else without compromising it. Now, in a digital economy, data is the greatest asset. It follows that clients ought to guard against the compatibility loss scenario at all costs.


How can users can mitigate SaaS risk?

Clients looking for SaaS solutions ought to survey the entire field, focusing particularly on SaaS vendors' backing and viability. Cutting-edge technology does not immunize a SaaS provider from financial trouble or worse. Perhaps paradoxically, it also pays to be wary of SaaS vendors who are doing so well, they draw interest from mercenary investors. If a corporate marauder were to acquire them, they could turn all the reasons for success upside down. At worst, this might involve asset stripping and closure. At best, it would probably mean changing contract and service terms to affect data access, transfer-ability and compatibility. This is where an advanced SaaS escrow service might be useful. It protects clients' data in third-party storage all the way to possible copies of their apps' software codes.


A reputable SaaS provider will always offer a Service Level Agreement (SLA). Some articles in it repay more attention than others. Recovery Time Objectives and Recovery Point Objectives (RTO/RPO) are the key components. Clients should negotiate guarantees of business continuity in case of service outages. This might include switching to alternative platforms as necessary, or else explicit guarantees that minimum levels of SaaS service will be maintained at all times. The Proceedings of the Second International Conference on Software Business (ICSOB) show that a good many businesses pay little attention to these aspects, jeopardising their business continuity.


Business continuity über alles (about everything)

What, then, are the best foundations of business continuity? Available solutions allow businesses to enjoy uninterrupted operations even if their SaaS vendor should stop providing the service. The first of those are software escrow services. They guarantee businesses always have access to an operational version of their software.


Second, recovery-as-a-service provides a mirror for businesses data on third-party servers. This means affected users can switch immediately to the mirror version in case their SaaS service stops. A good idea with RaaS is to select a service that stores clients' data in more than one data vault. This means they run a real-time copy and also regular backups of it, and that they store these outside their main online system. This is, of course, more costly. It pays off, however, if access to data is lost for whatever reason. Data owners should also inquire how their SaaS vendors handle data protection compliance and how long it would take to transfer their data to another provider.

As always, sound common sense and proper due diligence determine how well data owners would cope with SaaS outages if push should come to shove. The very least protection should involve a backup service that kicks-in instantly, thus allowing business to continue uninterrupted.
About the Author
Jorge Sagastume is a vice president at EscrowTech International, Inc., with 12 years of experience protecting IP and earning the trust of the greatest companies in the world. Jorge has been invited to speak on IP issues by foreign governments and international agencies. You can connect with Jorge on LinkedIn here.