By Clayton Browne
Software as a Service (SaaS), a relationship that provides on-demand access to a cloud based network with shared configurable computing resources, has enjoyed phenomenal growth over the last few years. But how successful have IT organizations been with structuring SaaS contracts to address SLAs and the variety of things that can go wrong? According to Gartner, global SaaS spending is anticipated to grow by 17.9 percent in 2012, totaling over $14.5 billion and SaaS is projected to grow into a $22 billion market by 2015.
SaaS providers generally price their services on the “utility” model where they charge clients a set fee based on volume of services used while the customer is responsible for security, data protection, compliance with laws, and contractually limited liability. SaaS contracts are very different from traditional outsourcing contracts where the provider typically offers service availability and quality guarantees, and both parties typically share significant liability.
SaaS providers today offer a broad spectrum of cloud-based services ranging from providing access to apps from remote networks to PaaS (Platform-as-a-Service) and IaaS (Infrastructure-as-a-Service).
Major players in the SaaS industry like EC2, Amazon, IBM, and Microsoft offer IaaS for customers that don’t want to manage proprietary IT infrastructure, but want to maintain control of their software environment. IaaS essentially provides a virtual machine network where businesses can run whatever software they want, with the provider simply maintaining the virtual network.
PaaS is an IT outsourcing service somewhere between SaaS and IaaS, where providers offer businesses a set of tools to develop apps, those business-specific proprietary apps are then run in the PaaS environment (ex. Windows Azure).
The one-size-fits-all utility pricing model of public cloud SaaS providers fits the needs of many small and medium-sized businesses with pay as you go pricing. However, the inflexibility and the lack of service availability guarantees make utility pricing models difficult for larger businesses to accept, especially when dealing with mission-critical functions. Sharing risk has practically become a mantra in big business today, and SaaS providers are discovering that they must share risk to convince larger businesses to outsource their mission-critical functions.
Key Issues in Negotiating SaaS Contracts
Attorneys at law firms such as Mayer Brown LLP and other professionals in the industry report that SaaS companies today are willing to negotiate contract terms with clients, especially larger clients looking for long-term contracts; key areas of negotiation are:
1. Negotiating Service Commitments
Service commitments can be divided into three basic areas – commitment to contract terms, commitment to provide specific services, and length of commitment.
Utility-style “public cloud” contracts typically give the provider the right to change the contract terms at its discretion – take it or leave it for the user. Traditional outsourcing contracts generally provide that contract terms can only be changed by mutual agreement, most SaaS providers are willing to compromise.
Utility-style contracts also only typically provide services “as is” with minimal if any customization, unlike outsourcing contracts which usually offer detailed descriptions of specific customized services for the client. Businesses and SaaS providers are finding a middle ground here, with providers agreeing to offer more detailed, but not highly customized descriptions of services in the contracts.
Length of commitment is often different in that outsourcing contracts are generally long-term and cloud service contracts commonly have little to no time commitment. Clients and providers are compromising on the issue with short-to-medium-length contracts or long notice periods for contract termination.
2. Guarantees of Service Quality
Utility-style cloud provider contracts rarely involve commitment to service levels or if they do the threshold for credit to the client is very high. Service levels are being designed around provider technology rather than client preferences, but with significant credits to the client if service levels are not met.
3. Client Control Rights
The provider’s right to change network architecture or services without consent or significant notice to the client is standard in boilerplate SaaS contracts. In most cases, SaaS providers are willing to contractually commit to significant advance notice of any substantive process changes and a customer opt out clause. However, very few SaaS providers are willing to give clients any say over their network architecture.
4. Security and Data Protection
Network security is a huge issue for large businesses; typical SaaS contracts make few guarantees regarding data security and typically shift most if not all liability to the client. Taking on that kind of one-sided risk is unacceptable for most companies, so SaaS providers have made major concessions in this area, including allowing clients to mandate where data is stored, input on contractors used, and guarantees that all data will be returned or destroyed upon termination of the contract. Many SaaS contracts today also include Security-as-a-Service provisions as additional risk mitigation for the client and a revenue stream for the provider.
5. Protection of Service Continuity
Service continuity is another area where standard SaaS contracts and most outsourcing contracts differ in that outsourcing contracts generally guarantee continuity of service (with significant consequences for failure) while SaaS contracts do not. Providers have once again had to offer significant compromises on this point in order to convince businesses to contract out mission-critical functions. Outsourcing contracts often give clients guarantees for the continuity of key personnel and or a maximum turnover rate on the team while SaaS contracts typically offer no such guarantees. This tends to be worked out whereby the provider commits to the continuity of a few key personnel for the term of the contract.