Thursday, July 26, 2007

SaaS Customer “Bill of Rights”

I know a lot of people are talking about SaaS (Software as a Service) offerings like and Google Apps. Have the hundreds of thousands (dare I say millions) of people jumping onto these platforms ever stop and think of the big picture? Have they forgotten of the data they are entrusting these service providers?

I noticed R "Ray" Wang did a paper at Forester research on LBoR (Licensee Bill of Rights) for people using SaaS at the enterprise level. I’ve been thinking about these issues for the last year or so and have finally had the time to document my top ten thoughts:

1. Open Data. The provider will guarantee access to the customer data. Customer owns the data and can extract the data in a standard format (XML, CSV, etc.) when necessary.

2. Controlled Upgrades. The provider will announce upgrades ahead of time and thought should be made to minimize the impact to various customizations that may have been implemented by the customer.

3. Guaranteed uptime. Customers should expect five nines (or better) reliability of any SaaS product.

4. 24/7 support staff. Phone / email available with 1 hour or less response time.

5. Import export Features. Ability to import and export specific data sets easily.

6. Guaranteed backup. Extra bonus for the additional ability to backup directly to the customer backup system.

7. Exit strategy? Guaranteed availability of product if the SaaS provider is bought or goes out of business. OK, if the provider is going out of business, at least offer a backup of data and some warning or offer one of the servers for a reasonable price. I’m not sure how to handle that part of the equation, any ideas?

8. Data rights. All data entered by the customer is exclusively owned by the customer and no third parties shall have access to ANY of this data.

9. Security. System should be secure.

10. Ads. Specify to the customer if there are ads. Also specify if these ads will be linked to the customer data. (Google Ad Sense?) Security Issues?

I geared this list to enterprise level customers who usually pay big monthly dues for software...some of them still apply to small companies and individuals. My thought, if there are no guarantees for even a few of these ten items then maybe the benefit of using SaaS is not a big as it seems. Remember that in most cases the data is worth more than the application!

Does anyone have other ideas?


Odin said...

I like the direction you are going with these. I've seen similar versions of BoRs for Web 2.0 and NG web services.

There is one additional "right" that one should expect:

11. Data Access after termination. Regardless of the reason for termination of the contract, the service provider must make the customer's data available for export in a secure manner for a reasonable period of time.

Kevin said...

Odin, I agree. Very important point!

Sam Johnston said...

Thanks for this work, I have incorporated a few of these points into the Cloud Computing: Bill of Rights document in the Cloud Computing Community Wiki.

Feel free to contribute,