When companies began offering application hosting in 1999 it seemed to be little more than a commercialisation of Microsoft's Terminal Server, the multi-user Windows NT Server operating system.
To many corporate users it seemed to offer a significant opportunity to rid themselves of many of the costs that high levels of computerisation had imposed on them whilst allowing them to retain control of their core corporate computing services and assets.
The idea that the application service provider (ASP) could take over the nightmare of general licensing has become a very attractive proposition for users. For years, organisations have objected to the way that software suppliers have imposed licensing terms. For instance, if a business had 500 users who required access to a word processing package at some point, then it needed to purchase 500 licences.
It didn't matter to the software company that the business could prove that only 300 users were concurrently using the package. The application was installed on every computer and the licensing terms were based on the number of computers that could run the software rather than the number running it concurrently. For those IT managers coming from the mainframe or mini-computer world this seemed ludicrous but that was how the licensing was rigged.
The ASP model changes this in that users only pay for the applications being concurrently accessed by the users giving a much lower cost structure.
Another benefit is that through application hosting, users can gain access to applications they can't normally afford to run. Staff can access specialised software as if they were renting a video.
With an ASP, users can choose which word processor or spreadsheet they prefer and providing they adhere to corporate file formats for interoperability, they will be able to use the software with which they feel most comfortable.
But the low entry cost for licensing has now changed. Software suppliers soon realised that the emerging ASP market could damage their licensing revenues. To compensate for this trend they introduced special rental terms for the ASPs that actually makes it very expensive to rent out applications.
For instance, to rent Microsoft Exchange and the Citrix Metaframe client costs an ASP about £20 per user. When the cost of Microsoft Office is added to allow users to open any attachment the cost increases substantially and none of this takes into account the hardware and staffing costs of the ASP.
Security and ownership of data is another significant issue for users. A number of ASPs are now teaming up with companies such as Storage Networks, which call themselves storage service providers. The idea is that the ASP takes control not only of supporting applications but also of all the related data, hardware and support issues.
In short this can become a complete outsourcing deal but only for the components that are part of the ASP agreement. For the finance department this could be a means of losing a huge amount of capital expenditure and physical assets off the books but would need to be looked at carefully.
There are some grey areas in terms of protection of data, encryption when the data is moved around and, more importantly, the cost of bandwidth to make this happen.
Storage Networks has a model that limits the number of cities in which it can operate to those where there is enough dark fibre for it to purchase. As a result, unless all the operations of a business are located in cities that it supports, users could find they only get a regional rather than a global solution.
Another issue is how users are validated and how the data is encrypted during transfer. There are several models for security in place but almost all of them now assume that the first line of security is the customer at a corporate level. Remote users need to be validated via the corporate servers before being redirected to the ASP.
As a result, any user away from the office needs to go through an extended number of machines and gateways before they are validated.
One big issue with the ASP market, especially if users choose to outsource data, is that of insurance. There is the question of insurance against data loss or hacking. But another aspect is what happens if the ASP goes bankrupt?
If users cannot access their data, then they cannot trade. There is a good case for ASP suppliers to prepare a bonded approach similar to that used by travel companies. This would ensure that if an ASP went bust, there would be funds available to ensure a transfer of data, applications and licences to other companies.
There is also a need for specific insurance policies to be developed as to whose responsibility and at whose expense will data be reconstructed after an attack from a Melissa or I Love You-type virus. For example, if the ASP is in control of both data and applications and a user opens and activates a virus, is the ASP liable for failing to virus check all attachments or is the user's company liable?
The efficiency of service level agreements (SLAs) also needs to be considered. Monitoring the response rate and general performance of an in-house helpdesk is straightforward. When problems of lack of response occur, you can take direct action.
But when the support team is in a separate building or even another city, enforcing a response rate is not that simple. You could threaten to not pay the next invoice but they have your data so you've limited your bargaining position.
Without a comprehensive SLA you could find you are worse off than before. The ASP suppliers body has a number of items linked to SLAs on its Web site.
Despite the hype over ASPs it's difficult to find anyone prepared to provide a list of customers which have moved out of the trial phase and into a full roll-out.
There are a number of reports putting a value of several billion dollars a year on the ASP market by the end of 2001 but without real customers and some attention to insurance and end-user protection this could crash faster than a bad dotcom.