For some time now, we have featured articles about the potential risks of hosting DAM solutions with a third party, such as the one by Dan Huby yesterday and our own DAM SaaS Survival Guide. Most of the recommendations are preventative in nature, such as data security and vetting prospective suppliers so your chances of getting into trouble to begin with are reduced. Yesterday, we had some representatives of NCC Group contact us about a ‘SaaS Assurance’ scheme they are providing which aims to provide more immediate assistance if a SaaS supplier fails.
NCC Group might already be known to a number of UK readers, especially those who either work for public sector organisations or have them as their clients. In the majority of public sector software tenders, vendors arerequired to deposit source code with an escrow provider such as NCC Group, so that if they cease trading (e.g. due to bankruptcy) then the client can obtain the code and continue to maintain the application without being forced to migrate away immediately.
As we pointed out in the DAM SaaS Survival Guide, with Cloud products, that still implies a lengthy period of time where the whole system is completely unavailable and skilled engineers are found to get it up and running again (in addition to possibly still not having access to your digital assets if a liquidator decides to hold on to them).
It doesn’t come as a total surprise that NCC Group have recognised the growth in SaaS or Cloud hosted software and sought to provide an answer for the type of problems described via their SaaS Assurance offer. The scheme is quite an interesting one. The basis seems to be that NCC Group will take on paying the hosting bills of a failed supplier for a number of months, to effectively ‘keep the lights on’ (as NCC Group describe it) while a client arranges a suitable alternative. There are multiple levels offered with varying degrees of support from just the financial element, right up to more advanced maintenance and migration services. There is some further detail on SaaS Assurance on the NCC Group website (including a video with technical details) :
“Through a straightforward contractual agreement SaaS Assured ensures that the end user will have continued access to the application for an agreed period of time. Optional testing services provide SaaS end users with the additional assurance that they can make a smooth transition either in-house or to a new SaaS provider.” [Read More]
Their blog also has a variety of articles: https://www.nccgroup.com/en/blog/?tag=SaaS+Assured
There is a webinar that they are running about SaaS Assurance on Monday (16th June) and I am told this will be recorded and made available afterwards.
I am not sure this scheme exclusively is the ‘silver bullet’ to solve any and all SaaS-related risks, you still need to carefully check suppliers and arrange for your own backups, plus plans for what you will do if the worst happens. Also, I do not know the fee for this service and it needs to be economic when stacked up against what it would cost either to lose the service for a period and/or to use some of the methods discussed in our feature articles. With all that said, this could be very interesting to a number of interest groups including both clients of SaaS vendors but also the providers themselves, since this helps to reduce the impact of SaaS vendor failure and might help persuade some that have hitherto been unwilling to switch to Cloud services to now re-consider their options.
Although there are some other escrow providers, in the UK market at least, NCC Group nearly always seem to get at least mentioned as one of the major options to choose from. They appear to have a presence in other regions like Europe and the USA now too. Since I don’t want this to be a complete advert for NCC Group, however, it must be stressed that there are other firms who may well provide similar services (or who soon will if not already) and you should survey the whole market before making any decisions about whether to proceed with any of them.
One final consideration, although the prospect is remote, if it is not the SaaS vendor, but an aggregate supplier like a data centre or Cloud hosting services provider (e.g. Amazon, RackSpace etc) who ceases to trade, this service might still not be fully effective since it will be unlikely that NCC Group’s contribution will only pay the costs of those clients who are protected with them, not everyone else who is not (and therefore a shortfall in funds to keep everything running would still exist). I would have to acknowledge, however, that this is currently a much lower level of risk than an individual provider, especially in regard to very large firms like Amazon and it might fall within your acceptable thresholds as a result.