Do you know where your data is?

On August 4, a Businessweek article described "how cloud computing is changing the world."  The piece confirms that the use of cloud computing, including SaaS applications, is quickly rolling through organizations of all shapes and sizes.  It also warns of some of the most obvious issues and risks.  However, the article could have gone further.

In order for SaaS applications to become mainstream, several additional things have to happen, for example:

- Applications must have more appropriate functionality.  Many SaaS software companies operate on a "simple is better" philosophy.  Unfortunately, business needs are often more complex than these "too simple" tools can handle.  This can lead to frustration before the inevitable (and expensive) replacement process. 

- Applications need better "look and feel" for customers to use them to their potential.  Computer users are accustomed to the instant performance and finely-honed niceties of desktop applications.  They can quickly become frustrated and stop using a slow, clumsy SaaS application.  SaaS software companies are still working through these issues - even Google, with massive R&D budgets, doesn't have perfectly smooth applications yet.

- SaaS vendors need to improve their customer service.  There are a lot of SaaS providers out there that don't have the headcount or infrastructure to scale up customer service along with the adoption of their service.  Many rely on user forums and email support to help customers resolve issues.  More can and should be done with things like granular and searchable tutorial and troubleshooting videos.  Phone support is expensive but should be provided for high value enterprise customers that are paying handsomely for the service.

- SaaS applications must be more customizable.  One of the tremendous benefits of traditional enterprise software is the ability for users to customize it for their specific industry and company needs.  With today's SaaS apps you get what you get and that's it.  Some providers are beginning to do interesting things with configurability but this needs to be taken to the next level for SaaS applications to be of maximum value to businesses.   

- We need more transparency about SaaS vendors and their applications, especially with respect to security.  Thousands of software development companies are pouring into the SaaS application space with their new offerings.  Customers need to know more about these applications than they did when they purchased desktop software. 

For example, where is the application and data hosted?  A single server in an office somewhere can reasonably run several hundred or even several thousand customers - but it's also remarkably easy to pick up and carry off.  So, is the server safe?  Is the data safe?  Is the power supply reliable?  Can their employees get access to your data?  Is your data being backed up?  Where to?  How often?  What's their disaster recovery plan?  What happens to the application and your data if the worst happens and they go out of business?  What happens if the best happens and they become phenomenally successful - can they scale their application appropriately?

These are important questions but unfortunately they're difficult to get answers to.  Perhaps we need a rating system that assesses SaaS applications and their vendors. There are SAS 70 audits that verify a service organization has been through an in-depth audit of their controls and safeguards with respect to hosting or processing data belonging to their customers.  But this is a long and expensive process and is an unrealistic standard to hold smaller providers to.  What the SaaS industry really needs is a "TrustE for SaaS" -- some kind of independent third party that evaluates a SaaS provider's systems and procedures and provides a seal or certificate verifying they meet certain standards.

Is there an independent standards organization out there that will step up to the plate?