Wednesday, September 17, 2008

Software as a Service (SaaS): Applications to CSR

CSR, SaaS, GRC.....

(Note: nothing like starting a blog post with a whole bunch of acronyms...)

As CSR and GRC technologies are gaining traction in industrial markets, it is interesting to review how the technology (and solution) could be delivered:

  • Perpetual, on-site licensing model, or
  • Services based, on-demand model (i.e. software as a service, or Saas), or
  • Hybrid model (SaaS architecture, but licensed to sit behind the client's 'firewall')

With SaaS established in the enterprise software market, what are some of the key solution and strategy issues that a CSR or GRC service offering should consider?

1. Develop a partner ecosystem that is aligned with SaaS delivery (i.e. not a set of system integration firms that rely upon rampant customization & integration)


2. Understand complete pricing & value dynamics (cost for the entire SaaS solution; what functionality and tech partners might be needed to provide a complete business solution)


3. Review and modify organizational design (particularly for sales: telesales and partner sales supported by account managers)


4. Refine / amend market strategy (initial entry into SMB sector to gain awareness, proof points, referenceable clients)


5. Lower the risk of adoption, and allow customers to move back to perpetual licensing if desired

Perhaps the adoption of SaaS in the GRC and CSR markets will mirror that of the adoption of business intelligence (BI) solutions.

Most BI applications were originally sold in the traditional perpetual licensing arrangement. This was probably a function of risk management; keeping confidential information such as HR records and financial projections inside the firewall. Gradually, those concerns abated, as more established software firms provided and publicly supported their SaaS offerings.

Many CSR technology firms are not starting with perpetual license offerings, so they do not need to migrate customers to new solutions and work with them in business process alignment. But they do need to prove that they consider 'risk management' an important component of their value proposition: data and applications security; managed data center access; multiple levels of user permissions & security; and company committment (i.e. financial security, product roadmap visibility; partner acquisition & alignment).

No comments: