Convince me

Computer Weekly asked application service providers to address some common concerns about adopting an ASP model. Their responses...

Computer Weekly asked application service providers to address some common concerns about adopting an ASP model. Their responses clarify the responsibilities that users and suppliers bear in an ASP agreement

Are there IT processes that are best suited to the ASP model?

Steve Keohane, managing director, Aspace Solutions
"There are a number of crucial areas and processes that are ideally suited to the ASP model where it can provide a more cost-effective and efficient approach.

  • Hardware provision and support - where managing server and network capacity often leads to excess capacity to cope with peak demands; delivering software applications through an ASP uses a pay-per-usage approach.

  • Software procurement - use of an ASP vendor's multi-client bulk purchasing capability will ensure that software is procured more cost effectively.

  • Provision of data centre/hosting services - ASPs will already use a data centre infrastructure, necessary for housing complex network and server infrastructures, and the large facilities involved will usually present a more attractive alternative to building from scratch.

n Software version management - necessary upgrades and patch installations will usually involve access to specialist supplier resources. ASPs will tend to partner with such suppliers to ensure that enhancements are undertaken in a timely and efficient way that minimises risk to the running of an application."

2. How secure will my data be?

David Carmichael, product marketing manager, Webgenerics
"The right ASP will set up stringent security measures that should exceed most business' needs.

The basics that need to be in place include firewalls, secure buildings and static-free and uniform environments.

"However, it is the additional measures offered by the leading ASPs that ensure complete security of all data.

The data centre needs to be tightly monitored, even to the point where only trained engineers can get access to the data centre, while being monitored by 24x7 security cameras.

"Different levels of security are needed, depending on the business, and it is important not only that an effective firewall is in place, with total virus defence software, but that dedicated firewall solutions are available for those clients requiring it.

All this should form part of a single service level agreement set to meet the clients' needs.

3. How can you guarantee the service will never fail and how do you back this up - both in terms of service agreements and hardware reliability?

Jeff Maynard, co-founder, deputy chairman and chief technologist, Netstore
"Meeting service level agreements and delivering a robust, secure, reliable and fully available ASP service is underpinned by a best practice infrastructure.
Servers must be in active/active clusters and mirrored between geographically separate data centres, each supported by world class infrastructure and security.

The data centres must be certified to BS (ISO) 7799 and application delivery must be certified by the ISV (Microsoft Gold Certification, for example).

"However, even the most robust infrastructure will not deliver the levels of service that leading ASPs demand. Service level agreements are delivered by process and procedure, supported by a senior management culture of customer satisfaction. Unless the organisation is committed to delivering the best possible service, no amount of investment in technology will suffice."

4. Are there minimum requirements for hardware and software to fully take advantage of the ASP model?

Gary Pugh, 9i marketing manager, Oracle
"While there are no strict software or hardware requirements, in order to successfully adopt the ASP model, it's essential for any company thinking about hosted services to ensure that its IT backbone has high performance, high availability and scalability.

"You can not be prescriptive in terms of exactly what requirements software and hardware need to meet, but there are certain pre-requisites:

  • An ASP's technology platform must support multiple users and give each client the performance, availability and data protection that would be possible in a dedicated environment.

  • Systems must scale to support extremely large numbers of users, while not scaling the cost of basic administration.

"It is essential for any company implementing an ASP solution that its IT department can support management tools that provide systems administrators with an end-to-end view of the performance and status of the entire environment."

5. How can I be reassured of your trustworthiness? What happens if you go out of business? Do you supply reference sites?

Mark Powell, general manager, marketing and campaigns, BT Ignite
"There are two key barriers that deter companies from using ASPs - security and reliability.

About 50% of businesses cited security as their major concern about using ASPs, according to a recent survey by NOP commissioned by BT Ignite.

"Information is a business' most valuable asset so companies should look to use companies that have extremely robust security in place, both in terms of how and where data is stored, and in the way information is transferred between organisations electronically.

"ASPs must have a comprehensive set of measures in place, including encryption, digital certification and PKI, as well as its own secure data centres, to ensure that there is no possible security breach at any point in the chain.

"The second key barrier is reliability. Companies looking for an ASP, should be looking for an organisation that has an established brand and track record in supplying data and voice applications, as well as a good list of blue chip companies using its services over a period of time.

6. How customisable are your applications?

Martin Dipper, vice-president, Infonet Services Corporation
"ASPs must meet the growing requirement of corporations for real-time 'universal access' to applications for all members of the business community. Few organisations want to administer such applications themselves because of the heavy investment required in human, technological and financial resources.

"Security and access issues, which multiply as more applications are considered, mean that corporate applications cannot be customised sufficiently for distribution and use outside the corporation.

"It is possible to Web-enable applications, build portals and replicate hosts in a 'demilitarised zone', but commitment to development and ongoing management is considerable.

"The real value an ASP can offer is in allowing the secure distribution of non-customised applications for use any time, any place.

"This is achieved through the provision of an extranet infrastructure with security, encryption, authentication and easily configurable policy management.

An effective ASP must provide secure distribution of non-customised applications to any location in the world, making access any where, any time, a reality.

7. Will scalability be a problem?

Javaid Aziz, chief executive and founder, Aspective
"One of the cornerstones of the ASP proposition is the ability to enable organisations to scale operations in line with the dynamics of their business, with minimal effort. To achieve this, the ASP needs to understand that scalability isn't just about network bandwidth.

"Companies need to be able to add to an application's user base as the business demands. As the volume of business increases additional storage is required. An increase in the transaction levels of the application requires bandwidth to cope with the peaks of application usage.

"Always-on monitoring provides information for the capacity planning process to ensure that any scalable elements of the infrastructure are increased before the need becomes critical. ASPs that provide companies with 'burstable' bandwidth, storage 'on demand', the flexibility to change the user base and formal capacity planning processes are also providing the critical elements to support scalability.

8. Will I have to upgrade my network infrastructure if applications are provided by an ASP?

Sam Curry, senior executive,
"As more business applications are delivered via the ASP model, issues of infrastructure, scalability and reliability become crucial. IT managers concerned that using ASPs will require changes to their network infrastructure should make sure ASPs meet the following criteria:

  • Built for the Net. Is the software tailored for delivery across the Internet to networks and computers? The software must be redesigned to have a smaller "footprint" than typical software installations.

  • Built for growth. Is the ASP's infrastructure scalable and reliable enough to ensure quality of service during increased usage? Your ASP must be able to provide an infrastructure that includes bandwidth, storage and computing redundancies. Service level agreements should spell out exactly what you can expect.

  • Built for business. Has the ASP considered how to minimize local bandwidth and infrastructure demands on your network? Make sure the ASP has created a way to localize network traffic and minimize Internet access, such as using peer technology to avoid duplicate client requests."

9. Can I access applications remotely? How secure would this be?

Jeremy Thompson, president, Cable & Wireless a-Services
"The Internet has served to enhance the ASP model. No longer will organisations with little or no in-house IT expertise just access their applications through a PC on a desk via a leased line connection. We know users want access anywhere, any time and via whatever device they are using.

"While offering great opportunities to edge ahead of the competition, the Internet does pose certain security risks. ASPs cannot merely offer network security, they must show how they will protect data and keep applications in a usable condition, providing contractual guarantees of the level and quality of service.

"Service level agreements specify exactly what a customer will get and at what price. In this instance, security really is synonymous with service."

10. How do you ensure that your staff are trustworthy and how difficult is it for them to observe what happens when my company is connected?

Mark Armstrong, strategic development director, Virtual Supplychain
"The security issues regarding application support staff in an ASP context are no different from the situation where an application, such as an enterprise resource planning package, hosted by the customer is supported externally. The support people inevitably have visibility into the company's operations.

"In selecting an ASP, just as in selecting a traditional software supplier, customers have to be confident that the prospective company has taken reasonable measures to ensure that its staff have been suitably vetted.

"The nub of the ASP problem for most sceptical IT directors is data hosted off site. Virtual Supplychain's view is that this facility is best provided by a specialist hosting service provider.

"This will ensure not only that the data centre is physically and technically secure, but that there are security clearance procedures for staff. These include full employment lifetime reference checks for people with access to data areas."

Read more on Business applications