SaaS adoption creates downtime risk, says NCC Group

Growing adoption of Software as a Service (SaaS) to perform mission-critical finance functions is creating risk of costly downtime, says the NCC Group.

Growing adoption of Software as a Service (SaaS) to perform mission-critical finance functions is creating risk of costly downtime, says the NCC Group.

According to the information assurance firm, adoption of SaaS is outpacing companies' ability to install effective risk-management strategies to address the availability of software.

By the end of 2010, SaaS adoption for key financial functions and processes - such as electronic billing, core financial accounting, tax management and business intelligence - will experience worldwide growth of more than 100%, up from an estimated 40%, according to research by SaaS consultancy, Saugatuck Technology.

The shift towards using SaaS for core financial functions, as well as non-mission critical operations, is a result of the model's increasingly attractive cost and time-saving benefits in comparison to on-site software, the research found.

But when software is delivered over the internet and not physically held on-site, the negative implications of the business losing access to it are magnified, said Mark Ormerod, group managing director, Escrow at NCC Group.

"We're seeing a move towards SaaS to deliver core-financial functions, which is excellent in terms of businesses driving efficiencies, but only if they have robust risk-management policies to protect availability. Many companies are overlooking this, putting key day-to-day functions at risk," he said.

A recent survey from NCC Group found 46% of FTSE350 companies have no software validation or Escrow protection in place to ensure the long-term availability of either SaaS or in-house applications, putting them at risk of losing mission-critical functions, should their suppliers undergo an acquisition or face legal disputes.

Software validation and Escrow for SaaS are used by organisations to ensure they can continue to maintain and support essential software applications in the long term. The software application source code is stored with an independent third party, with the agreement of the software supplier. This form of protection allows the end user to legally redeploy the SaaS application in the event that the original supplier is no longer able to provide it.

"It is essential that businesses consider a risk-management strategy when they begin using SaaS for core financial functions," said Ormerod.

Escrow is one way to do this, he said, but businesses should ask questions of their supplier's own risk profile, including issues relating to software development, data protection and their own third party suppliers, as even they could affect the service the end user company receives.

Read more on IT risk management