A Martian reading up on application service providers (ASPs) might think that IT heaven was a place on Earth. Suppliers are not known for understating what they can do, but the Utopian blurb that accompanies the claims of ASPs has reached new heights. Reality bites when it comes to contracts and Service Level Agreements (SLAs), and our Martian could be mistaken unless he trawled through the small print too. The devil is in the detail, so what demons should potential ASP users beware of?
The first point to make is that while the ASP model is here to stay, not all ASPs will survive these bold, early days. Bullish growth figures hide the fact that the industry is in a delicate and precarious phase of its development and that means that customers will get their fingers burned too.
"The next 12 months may very well determine the future prospects of the ASP model, as ASPs scramble to position themselves in the market, chase down an ever-receding customer base and replace grandiose marketing claims with concise, sober-minded business propositions," says Ben Pring, principal analyst for Dataquest's Application Services Worldwide programme.
The issue is developed in a recent report from Stratecast Partners, a division of Frost & Sullivan. ASP Sector Assessment points out that only those ASPs with a well-defined business model, partnership strategy, distribution strategy and solid financial standing will prosper in a market that will become increasingly competitive. "In a market bogged down in hype and confusion, the sustainability of an individual ASP will be based on partnerships, focus on core strengths, distribution, market segmentation and branding," adds Diane Myers of Stratecast Partners.
However, with that preliminary warning, perhaps the fundamental issue when choosing an ASP is knowing what you want from it. And this is not as obvious a comment as it might sound. Many, perhaps most, IT decisions are made with only a vague sense of what is required or expected. ASPs must be tackled on firmer ground since their raison d'etre is to provide services and solutions efficiently and effectively. At best, those benefits will be lost in nebulous contracts. At worst, the agreement could collapse like the proverbial house built on sand.
To put it another way, just because a service is being outsourced does not abrogate the organisation from all responsibility. An intelligent choice of ASP and then working on the detail of the SLA is the way to assert control. Indeed, in a new market, the SLA might be the only way of guaranteeing service, since even a big brand IT supplier could lack real experience and a track record. Expertise and maturity are desirable but, at least when it comes operating strictly as an ASP, may be a luxury at this stage.
"The drawing up of an SLA or contract is the first step in building a customer relationship," continues David Alexander, director of strategy and marketing, Northgate Information Solutions. "The customer has to feel comfortable with the contract and this means that principally SLAs have to be clear and concise."
For example, there is an inevitable trade off to be made with IT applications. "You can have the vanilla version which won't quite fit what you want, or you can make it fit with extra cost, time and risk," says Peter Slavid, an ASP consultant at ICL.
The point about working with an ASP is who makes these choices. "You need to decide on this. Do not let the ASP decide for you," says Slavid.
Having worked out what, perhaps the next question to ask is how - how will the ASP provide its services. The network infrastructure is key here. Performance and who has responsibility for it is the issue that must be clearly defined.
Grant McClymont, director of Advanced Datacom Systems, puts the matter is put succinctly. "The additional bandwidth required to serve applications in the ASP model means that infrastructures must operate at 100% performance levels otherwise users will be impeded in their work. SLAs must reflect this primary requirement."
Having said that, bandwidth is still a limited commodity and prioritising traffic is a feature of any managed network. "This policy-based networking is likely to become an important aspect of ASP management and SLAs will need to include provision for the performance of the overall service as well as individual components," McClymont adds.
Security is clearly a central issue too. On the one hand, the actual buildings in which servers are housed needs to be considered. And the infrastructure matters too. Are shared services secure? Can user profiles be efficiently managed, especially when adding new users, changing user profiles, deleting users and suspending users while away? Another element that covers both the physical and virtual threats to security is back-up: what kind of disaster recovery measures does the ASP have?
Security can prove a problem in other ways too. "Many ASP's require the download of a plug-in or Java applet in order to deliver a rich, secure environment," says Marc Bodega a senior consultant at CWB. "A bank's security firewall often makes such downloads impossible, and Java incompatibility across browsers could be a problem."
ASPs are by nature built from a network of partners working together. This is how economies of scale and "best of breed" expertise can be brought together. The downside, however, comes to the fore when SLAs and contracts are considered. Here, a tangle of clauses can easily confuse clear lines of responsibility for support or recovery when things go wrong. So, the ASP should be able to provide transparent answers to questions like "who provides application support, the ASP, the software supplier, or is there a third party involved?" On this point, ASPs often talk about providing "full service" - a few enquiries into the exact meaning of this marketing phrase could serve the customer well.
Another perspective is provided by Nigel Pugh, UK country manager of Concord Communications, the performance management software supplier. He argues that an SLA ruled by meaningful information rather than punitive damages will work much more effectively for all concerned. "The aim should be to establish a constructive partnership with your ASP rather than kicking them when they're down, although some form of compensation may be appropriate in providing a reasonable incentive to deliver high reliability," he says.
For example, an important point to bear in mind when defining the SLA is that few network crashes are caused these days by absolute failures of hardware components such as power supplies affecting critical systems. Far more common are "brownouts" that do not, initially at least, cause the whole network to collapse. "The SLA should therefore be designed to minimise the chance of this happening by providing as much relevant information as possible about events in your network and the systems attached to it," Pugh explains.
Another good way of testing an ASP is to ask how they think their service might bring benefits to your business. If you are outsourcing certain aspects of the IT function because it frees you to focus on core business issues, it is reasonable to expect the ASP to demonstrate expertise by suggesting how improvements might be made. "Build a relationship with your ASP and let them find ways to add value to your business. In no time clever ASPs will be finding ways to extend the ASP model that you haven't even considered," says Patrick Coates, managing director at IT supplier SevenMountains.
The same goes for the SLA. "An SLA is going to have to grow with the ASP business. Many companies have been struggling for years to understand their own IT, their points of failure and their business direction. It will take moving your IT outside your business to finally gain a real perspective of what your IT needs are. Keep an SLA simple and obvious, and gain assurances that your ASP will negotiate an SLA to meet your needs as they change," Coates says.
What should you look for in an ASP
Users' perceptions of ASP
Do you know what an Application Service Provider is?
What issues are preventing you from considering an ASP?
|Happy with current arrangements||10.75%|
|Would not disclose||8.75%|
|No time at present||7.0%|
|Not on agenda||7.0%|
|Not relevant to needs||7.0%|
What would be the deciding factor when selecting an ASP?
|Reference site/track record||8.75%|
|Would not outsource||6.25%|
Source: HOSTeu survey
What pitfalls should you beware of in an SLA