The decision about whether to use an application service provider (ASP) is really just the old 'outsource or insource' question in a different guise. Using an ASP, rather than building your own capability, gives minimum risk through low capital investment and rapid speed to market. However, it can entail high rental or transaction costs and limited flexibility. ASPs also claim to offer higher levels of reliability and security than an in-house service, but this depends on your internal capabilities.
Personally, I favour a hybrid model. Use ASPs for commodity or ancillary services, especially where volumes are relatively low - almost everything for small businesses - but build your own capability for differentiating or core high-volume services.
Ask yourself: How much will this service improve my competitive advantage? Is there a reliable, responsive ASP in this space? How much margin am I willing to give away in return for reduced risk? Have we got the in-house skills to manage this sort of system development? Finally, of course, run the numbers - how does the cost of development compare against the rental or cost per transaction?
When it comes to choosing an ASP you should consider the set of applications it offers, the level of business expertise, the service level agreements provided, the systems on which it runs, geographic reach, plus what IDC calls RASA: reliability, availability, scalability and affordability. Be aware that ASPs are probably at the peak of the 'hype cycle', so may not have all the capabilities that they claim.
There is likely to be a market shake-out, so don't make a long-term commitment at this stage.
The pitfalls with ASPs are the same as with any outsourced service - loss of control and responsiveness. To overcome these you need to have active and continuous supplier management, and make sure that you retain the strategic decision making in-house.
At E-Centre, we are looking very seriously at the implications of ASPs and have set up an ASP Interest Group where vendors and users meet to discuss, develop and publicise best practice guidelines for ASPs.
Vendors believe it is very important to work with users, in our case mostly SMEs, to understand just how and when they can gain advantage from using ASPs.
As an aside, we were very pleased to see that the Application Service Providers Industry Consortium (ASPIC) has also formed an 'end-user council'. I think this all represents a growing maturity in the ASP arena and I am glad to see that the discussion is moving on from hype to a consideration of users' needs.
The following concerns have been voice by our ASP Group members:
Bear in mind that the market is still young and likely to go through development and consolidation in the next few years. In general, ASPs tend to focus on their niche specialisation. You may need to engage an ASP for each function/business objective you want to tackle. You are very unlikely to find one ASP that meets all your needs.
Application service provision raises a number of management issues, particularly security, privacy and availability of service offerings. I would start with the service level agreement aspect of the provision, and ask questions about up-time and penalties accepted by the service providers.
Second, I would consider the issue of security guarantees provided and responsibility accepted by the provider. For example, if the service is hacked, what measures does the provider agree to work towards? Third, I would ask about the responsibility and location of any data that is covered within the Data Protection Act, so as to ensure that it is stored in an appropriate regime.