Thomas Trappler, director of software licensing at UCLA and SaaS contracting instructor at the school, has encountered a fair amount of reticence among individuals facing down a SaaS deal. A recent exchange between Trappler and a student in his Contracting for Cloud Computing Services class provides an illustration.
“One of the participants asked, ‘What should I not ask for when negotiating with a cloud computing vendor?'” Trappler recalls. “This presents a good example of a common misconception that there are things that a client organization can’t or shouldn’t ask a cloud vendor to provide.”
CIOs and IT administrators will increasingly find themselves sitting at the table with companies providing SaaS solutions, from enterprise software vendors to local value-added resellers and managed services providers. Gartner predicts worldwide SaaS revenue to hit $14.5 billion this year, a nearly 18 percent boost compared with 2011 sales. The market watcher forecasts “healthy growth” through 2015, with a $22.1 billion market that year.
The shift from traditional, on-premises software delivery presents a different twist on contracting. Moving software to the cloud raises performance and security concerns; organizations may need to articulate their specific needs to the SaaS provider. Another consideration is managing SaaS contracts once the ink dries. Large enterprises, in particular, may need to establish vendor management programs as the number of SaaS partners proliferates.
Before launching talks with a SaaS provider, an IT organization should ask itself a few questions. The idea here is to obtain a solid grip on needs and goals while identifying the most pressing items to nail down in a contract. As for the latter, Trappler, who created a 137-point checklist of cloud computing contract issues for his book Contracting for Cloud Services, points to two key questions cloud buyers should consider-How sensitive is the data that they will be moving to the cloud? How business critical will the cloud service be to their operations?
It’s time to talk when an organization finds a SaaS provider’s standard contract doesn’t align with its needs, he says. “Be prepared to explain your needs to them and ask them to make changes in order to align with your needs. You may not get everything you ask for, but you definitely won’t get it if you don’t ask.”
That’s easier said than done, notes Jeffrey Kaplan, managing director of THINKstrategies, a consulting firm that focuses on cloud computing. He says the level of contract negotiation and service-level agreement (SLA) options will vary depending on the nature of the SaaS application.
“There are a lot of apps out there that are relatively commodity oriented … where there is no negotiating at all,” Kaplan says, adding that some SaaS arrangements involve little more than signing up online and submitting a credit card.
Organizations may have more leeway to ask for special terms in the case of mission-critical SaaS applications, but even here vendors may prove reluctant to depart from the standard wordage. Kaplan says vendors of enterprise-class SaaS applications may not stray from their terms and conditions unless the customer wields a significant brand name or has considerable buying power.
Smaller companies may possess limited negotiating clout, but may still find room to bargain.
Oswald D’sa, recently appointed CIO at Xora, says the early-stage companies and mid-sized startups he has worked for in recent years generally haven’t sought to change a lot of contract terms. However, he said a company may seek to negotiate on price, particularly with commodity SaaS vendors whose services can be easily switched without serious impact to business process. These include monitoring and management services.
“Many of the SaaS services are becoming more like commodity services, so price becomes a big issue,” D’sa says.
Xora provides SaaS-based mobile workforce management products and, as a SaaS customer itself, uses such offerings as Salesforce.com and New Relic for monitoring and management.
D’sa says a smaller company working out an arrangement with a SaaS vendor may opt to give up a few nice-to-have features or functions to obtain a better price. The view from SaaS providers and hosting vendors is much the same. The basic contract will fly in most cases, but negotiations do occur in a fairly narrow range of circumstances.
Randy Fougere, senior vice president of sales and marketing at Tenzing Managed IT Services, which provides SaaS hosting services, says the company’s master services agreement “goes through as is” about 85 per cent of the time.
Those situations in which customers seek assurances beyond the standard contract tend to involve the addition of performance-related clauses, he notes. For example, a customer who experienced issues with a previous managed services provider may ask for the right to terminate the contact without penalty if the contractor breaches its SLA for three consecutive months.
Fougere says language specific to security is less frequently inserted. Tenzing complies with SAS 70 Type II and ISO 27001 standards, which provides customers with a level of comfort.
In a handful of cases, customers will ask Tenzing to include a clause stating that it will conduct annual SAS 70 and ISO 27001 audits for the duration of the contract. Fougere says the company conducts such audits as a matter of course.
Customers finding limited room to negotiate can take their deliberations upstream-that is, investigate SaaS contracts upfront and determine which one best fits the organization’s needs.
The whole premise of SaaS is to take advantage of a…standardized set of services and, as a result, [vendors] aren’t going to be that flexible to individual contract demands,” Kaplan says. As a consequence, Kaplan suggests that prospective SaaS buyers shop around, examining standard contract terms across multiple vendors within a given SaaS category.
Smaller SaaS providers require additional due diligence, since a large company could acquire such a vendor and change its product direction, D’sa says. “Unless they are a commodity service that can be replaced very easily, it becomes a warning flag to review in much more detail.” In addition, customers should also consider how tightly to link such providers with in-house systems. SaaS offerings that are not closely integrated with a customer’s code or business process may be more readily replaced if the service doesn’t work out or the customer finds another vendor with a more compelling feature set, D’sa explains. Tools for data export/import and migration become a key issue during vendor-switching decisions, he adds, and need to be taken into consideration upfront if there is a possibility of such events. Alex Bewley, CTO of uptime software, finds that most people tend to click right through the approval part of the company’s terms and conditions. Larger enterprises, on the other hand, may fire over their master agreements. The enterprise stipulations, however, may result in some odd scenarios, Bewley notes. To wit: the company’s uptimeCloud SaaS offering monitors a customer’s Amazon Web Service usage and costs. The terms of the customer’s master agreement may go well beyond the terms they accepted from Amazon. Pointing out that discrepancy causes customers to take pause, he says.
Once SaaS terms are accepted, the next chore becomes vendor and contract management.
“Once an organization has done all the hard work of negotiating suitable contract terms and conditions, it can be easy to sit back and think that their job is done,” Trappler says. “Unfortunately, that’s when the real work begins.”
Trappler says any organization or business unit that adopts a cloud computing solution needs to establish and/or identify the IT vendor management staff resources needed to ensure that the cloud vendor continues to fulfill the obligations stated in the contract.
Keep in mind that management may fall under a couple of business functions or formal programs dedicated to minding contracts.
D’sa says larger companies may need to establish contract management programs; for smaller firms, it is not a huge issue. For companies under 250 employees, he adds, SaaS contracts are generally overseen by the organization’s IT and finance groups, with speed of deployment without serious impact to business process being of primary importance.
Aruba Networks, a network access systems vendor, approaches SaaS contracting primarily through the business function that has driven the selection process and decision, says Chris Leach, director of technical training at Aruba.
“Our IT and purchasing departments assist in the selection and supplier vetting process, and our legal department helps to evaluate terms and broker negotiations if needed,” he says, adding that Aruba is in the process of developing a standardized vendor management program.