Cloud computing has reached critical mass, and the Software-as-a-Service (SaaS) segment is the largest market within cloud computing.[i] Today, 8 out of 10 new software applications being developed are for the cloud.[ii]

However, despite the popularity and widespread adoption of SaaS, 79% of SaaS providers do not guarantee application continuity to their subscribers.[iii] Cloud providers need to address the “elephant in the room” and put safeguards in place for their customers, just as cloud subscribers need to complete their due diligence when exploring SaaS solutions. In the end, both sides need to ensure their SaaS solution is reliable, credible, and will continue to work if something happens to the provider.

While software escrow is the “go to” solution for protecting traditional, on-premises software implementations, in most cases it is not enough in a SaaS environment. However, most small- to medium-sized SaaS providers are not putting comprehensive contingency plans in place to adequately address the unique aspects of the cloud even when they are there – let alone when they are not.

Why is basic source code escrow not a good solution for the cloud? The concept of storing the software source code in a secure location with a trusted, neutral, third party is still valid – but escrow by itself may not be enough.

Let’s face it, in the cloud, the software is there and so it the data. Therefore, with SaaS, additional safeguards need to be considered and then the appropriate measures put into place.

Do I have plenty of time and long Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)? Is my data the most critical piece, and do I have unfettered access to it? Or, do I need a gentle slope that I can wind down my use of the application by having access to it for a period of time? These are the questions to ask and then decide what level of protection is needed.  Each step below, address an increasing level of risk and desire for certainty in the cloud:

  1. Source Code Escrow – offers subscribers access to source code and maintenance material

  2. SaaS Application & Data Backup – delivers automated, continuous vaulting of applications and data, plus access to data backup

  3. Subscriber Recovery after a Provider Failure – in addition to the above, adds a standby recovery environment and failover capability

  4. Full Subscriber Recovery & Provider Disaster Recovery – in addition to the other services described above, provides real-time virtual replication, and one-to-one mirroring of the application environment for seamless failover/fallback for advanced cloud-based disaster recovery services.

Why aren’t most SaaS providers explaining this to their customers? Well, just as many of us put off setting up a life insurance policy; many SaaS providers are focused on the challenges of the here and now, rather than the future “what ifs.”

Cloud providers often sell their services with the implied message of “trust us – we’ve got everything under control.” However, subscribers need to think about contingency planning for SaaS applications and their data in the “after-life” of the SaaS provider.  The best position for SaaS providers is to think through the issues and make sure they can get ahead and answer the tough questions.

Here are some key questions that savvy SaaS subscribers will ask:

  • What if you go out of business or cease to support my application?
  • How quickly can I get back up and running if something happens to my provider?
  • Where is my data? How can I access it? (without a professional services engagement)
  • What are your/my Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?
  • What will unplanned downtime cost my company in terms of lost revenue and productivity?

In conclusion, SaaS has revolutionized the software industry. It is estimated to by a $53.6 billion business in 2015,[iv] and has become into a critical element supporting most businesses.

But, as with any mission-critical component of a company, SaaS subscribers are smart to ensure that their applications and data will be protected if something should happen to their SaaS provider.

As a SaaS provider, it’s best to acknowledge the elephant in the room, answer the tough questions, and be prepared with a SaaS protection solution that offers uninterrupted access to your customers’ applications and data.



[ii]Softletter Research, “2013 Softletter SaaS Report”

[iii]Softletter Research, “2013 Softletter SaaS Report”

[iv] IDC