Watching the Ball – IT Concerns for SaaS, Hosted and In-House

Like SaaS, hosting can provide benefits including: software updates are applied by the hosting vendor, hosting makes remote access easier, and infrastructure expenses such as servers, backups and other upgrades may not be required. Possible weaknesses include: poor performance, restrictions on integration, outages beyond your control, and restrictions placed on application use.

IT Concerns for you to discuss with your team include:

• Certifications – Is the hosting company certified? Has the hosting vendor met minimal standards such as the Service Organization Controls (SOC) in SSAE 16?
• Licensing – Do the applications we want hosted have any restrictions in their end user license agreement (EULA)? How is the software licensed? Does the hosting company provide the licensing? Do we?
• What protects our data? – Is the data backed up and copied off-site? Is the security set up to prevent other firms from seeing our data? Unfortunately, this problem has occurred more than once this year by well-known hosting companies.
• How do upgrades occur? – Does the hosting company install new applications or updates? What is the charge for this? How frequently are the updates made?
• End-user support – How do issues with applications get resolved? What happens for after-hours issues? What are the charges?

In-House Concerns

Using local area networks and personal computers for business has only been done for around 30 years. Although more time has allowed us to be more comfortable with in-house deployments, there are benefits and risks here, too. In-house implementations have benefits including: software updates can be applied on your schedule, remote access support for specific devices or needs can be implemented, costs are more likely to be lower, integration can be comprehensive and with today’s managed service options, experts can securely provide services on your system from afar. Possible weaknesses include: need to upgrade regularly, poor local support, lack of understanding of your applications, lack of expertise in a technology you need, security shortfalls, and catastrophic failures at your location.

IT Concerns for you to discuss with your team include:

• Technology Plan – What is our technology strategy and tactics? What is the budget for our activities?
• Business Continuity and Disaster Recovery – How have you covered the IT portion of our firm-wide BC/DR plan? Can you show me your IT documentation?
• Single Points of Failure – What technologies do we have where failure of a single item could disable us?
• Security – How can we be assured that we have adequate protection? What is your plan for firewall maintenance? How is data encrypted in motion and at rest?
• Backup – How is our in-house IT protected? What is the data backup strategy? How do you know it is working? Who is your backup in case something happens to you?

Most of the IT concerns for in-house have to be addressed whether you are only in-house, or use some hosting or SaaS applications. As you have probably perceived, the IT concerns listed in all three categories barely scratch the surface of what has to be considered. There are many sources for good IT checklists, but the key formula in each case is applying your knowledge and business needs to the list. If you’d like to discuss your needs directly, it would be a pleasure to do so. The most important thing to do is to act and make a plan that can guide you now and in the future.

Mr. Johnston is executive vice president and partner of K2 Enterprises and Network Management Group, Inc.

He is a nationally recognized educator, consultant and writer with over 30 years’ experience. He can be contacted at randy.johnston@cpapracticeadvisor.com.