As organizations have adapted to the evolving digital landscape, there has been a meteoric rise in popularity of Software-as-a-Service (SaaS) as a business model. This is best illustrated by Gartner’s predicted increase in worldwide SaaS end-user spending value to reach $176.6 billion in 2022. The analyst firm further predicts worldwide public cloud spending to reach almost $500 billion by the end of 2022.

Affordability and flexibility are the principal drivers for businesses to move their data environment and applications from their own infrastructure to centrally located services on a remote cloud network. However, trusting arguably their most important asset — their data — with an outside entity often raises some concerns around data governance, compliance, costs, and beyond. Before making an investment, it’s sensible to carry out a self-assessment process on the basis of ten most commonly asked questions:

Is a SaaS solution right for the business?

Ahead of signing a contract for cloud services, it’s important to ensure that this type of solution is appropriate. For instance, specific regulations or organizational policies and procedures may dictate that data should be stored on its own infrastructure. Public sector organizations commonly experience this. In certain regions, such as Poland, most have no regulations prohibiting data storage in the cloud.

What’s the typical legal process before signing a contract?

Early on, it’s sensible to assess any industry-respective legal restrictions. Specific regulatory requirements usually apply to banking, finance and insurance, telecommunications, and all entities subject to the Act on the National Cybersecurity System. Only when empowered with the right legal information can the business verify whether the proposed solution from the provider will be compliant with the legal requirements, standards, or guidelines that apply, both today and in the immediate future.

Will a SaaS solution truly address the business needs?

The right solution provider will evaluate the business’ needs and use cases for the current data environment. The solution should be tailored to these requirements and be easily adaptable to changing business needs. As SaaS solutions are easily scalable, they can flexibly adapt to the increasing amounts of processed data.

SaaS solutions address a broad range of customer needs and can be divided into business support systems and tool systems. The first category features those supporting end users, for instance Microsoft 365® or CRM systems. Tool systems includes systems that process data and offer AI-based data analysis, security systems for local and cloud environments, and data backup solutions. Advanced tool solutions can run entirely in the cloud, which avoids the need to pay for infrastructure maintenance, and some can even be deployed in just a day.

How do I know if a particular provider is trustworthy?

Before partnering with a SaaS provider, assessing its credentials — especially rankings and mentions in industry reports — such as Gartner. Having confidence in the vendor’s experience and previous ability to deliver for similar customers to yourselves is vital.

Will the business retain ownership of our data?

Maintaining ownership of the organization’s data throughout the contract is vital, especially not for any unagreed purposes. To be sure, the senior team should always doublecheck contractual terms, to confirm in particular the descriptions of data processing in the contract for entrusting all processing of personal data.

Who has responsibility for the business’ data?

It’s vital to agree the legal responsibility for data entrusted to the provider. The contract should define specifically who bears responsibility and will be held accountable — especially as cloud services most often involve more than one entity.

It’s critical to understand that this is a legal relationship, not only with the selected provider of said solution, but often also with that provider’s existing partners, for instance providers of the infrastructure on which the SaaS solution runs — a “shared responsibility model”, i.e. PaaS (Platform as a Service) or IaaS (Infrastructure as a Service) solution providers.

The contract may mention third-party contracts, and should be reviewed to clarify who is responsible for what. In this situation, graphical representations of any shared responsibilities, in diagram form, can be useful.

How will the business sign the contract?

It’s a generally accepted practice to sign a contract through a so-called clickwrap or clickthrough. This means approving a specific version of the document with a click of the mouse to indicate acceptance of the contractual terms and log this information. However, for those who prefer a more traditional contract signing process, asking the provider for this is not an unacceptable request. The provider should allow signing of the contract via electronic signatures or on paper.

Can a SaaS solution support compliance objectives, such as GDPR?

The ideal SaaS solution will deliver support for compliance objectives. For instance, a cloud backup solution can prevent end users from choosing to move data outside the cloud, while supporting the management of data retention periods. It’s worth knowing that for any solution designed to process personal data, procurers need a separate contract for entrusting the processing of personal data.

Will a SaaS solution have any hidden costs?

A SaaS service contract should always be meticulously reviewed for any unexpected or additional costs. It’s important not to overlook the conditions for terminating the contract with the provider, particularly in light of vendor lock-in risks.

What happens if the SaaS provider doesn’t meet the conditions?

In situations where a SaaS provider under-delivers on service levels, one commonly-used mechanism is the ‘service credit’. This is a discount for service in subsequent periods. It’s important to clarify service level parameters, conditions for applying for this compensation, and what constitutes eligibility to terminate the contract.

Fully understanding the investment ensures success

It is clear there are some key considerations before choosing a SaaS solution. By performing a self-check of the critical business needs against proposed deliverables, assessing the provider’s credentials, and clearly defining data ownership, success metrics, legal and compliance implications, and other key factors, a business will ensure that it minimizes risk and chooses a SaaS solution that truly addresses its business needs.

Photo credit: Alexander Supertramp / Shutterstock

Jakub Lewandowski is Global Data Governance Officer at Commvault.