Avoid ASP imprisonment
WITH THE continuous stream of must-have software entering today's market, many corporations are straining to dig up the proper resources to support all of their new business and Web applications. If your company is similar to many others, you may soon exhaust every inch of available space in your server room or spread your IT staff so thin that it can't spare even one minute more to manage another enterprise application. But don't panic: When facilities and qualified warm bodies become scarce, ASPs (application service providers) can come to the rescue.
There are several varieties of ASPs, offering everything from application rentals in which customers pay by the hour to use business software to complete remote data centers with front-end and back-end facilities specified for your industry. With the latter option in mind, you might want to give up searching for additional office space or driving yourself crazy looking for experienced IT staffers in today's tight labor market. Outsourcing a few (or more) of your applications could save you these hassles, as well as lots of time and a score of sleepless nights.
Outsourcing business applications may seem like a new idea, but it is actually very similar in practice to contracting out other crucial tasks, such as telemarketing, call-center management, or network monitoring. But because an ASP hosts your critical data as well as your application, it's important to choose a provider carefully. Of course, each industry and company has its own unique requirements and demands, but there are several key steps that should be part of every ASP selection process.
Decide what you want
Choosing and managing an ASP Step-By-Step
1. Are your IS resources insufficient for your new app(s)? Are the costly telecommunications circuits and support staff for apps accessed via the Internet too much for your budget? Would you rather pay the recurring costs of an ASP than the large up-front expenses of an internal app? If so, an ASP is probably for you.
2. Consider your alternatives. If you have some cash on hand, purchase servers and co-locate them at a hosting facility. Think about contracting IS help or outsourcing a portion of your network management. Get a second opinion (from a consultant) about the costs required to host an in-house app.
3. Size up the prospective provider and get references. Does the ASP have redundant, high-bandwidth circuits to at least two Tier 1 backbone carriers? Does it meet exacting standards for power, cooling, and fire prevention? Does it have a reliable, trustworthy, and accessible staff?
4. Check (and have your lawyers double-check) the paperwork, including SLAs and confidentiality agreements. If you plan to host third-party apps off-site, purchase the appropriate license from the software vendor. Make sure you can walk away unscathed from your contract if the ASP doesn't deliver on its promises.
5. Indulge your paranoia. Has the ASP done criminal background checks on its data center staff? Are there sufficient intrusion-detection and prevention systems in place? Are complete access logs and/or audit trails sent to your staff for analysis?
6. Be ready to change providers at a moment's notice. Get complete dumps of your app's data as often as possible. Choose an alternate ASP in case of emergency and periodically check in with them.
First and foremost, you need to decide whether or not you really need an ASP. This may seem too obvious a point to mention, but you shouldn't hand over the reins of your applications to an external party unless it is necessary. ASPs are generally safe and reliable, but there is nothing quite as comfortable as controlling your information internally.
That said, sometimes outsourcing is your savviest option. Some work can't be, or at least shouldn't be, handled in-house. For instance, when you bring a substantial new application online, the strain to your company's technical resources might be too much. You may lack the additional space, power, or cooling capacity to handle any new or larger servers associated with the project.
In addition, as we all know, hiring additional IS workers is often not an option in this insane market. It might not be wise to burden your current staff, already stretched paper-thin, with yet another big internal project. If your staff becomes too harried, a certain amount of work will inevitably be left incomplete, or complete only by the very lowest standards. As the performance of your applications -- and therefore your business -- is at stake here, burning out your employees is not an acceptable approach, no matter how desperate you are. You should look instead to an ASP for help.
Another situation that may call for outsourcing is when a proposed application is going to use the Internet to communicate with remote users or systems. TThese telecommunications may overwhelm circuits that are already operating at capacity, and boosting your infrastructure to support such a system might be too Herculean and expensive a task for your company to handle.
As always, money plays a big role in the outsourcing question. The frighteningly large up-front expenses of adding new applications to your enterprise may deter you from ever adopting certain business-critical software. This could be very bad for business in the long run, as your company loses crucial opportunities to implement money-making and customer-drawing applications.
Although outsourcing might cost more in a strict dollar-by-dollar analysis, at least an ASP can save you the big, one-time kick in the wallet of implementing an in-house solution. Sometimes paying a bigger sum of money for an extended period of time is better for your company's bottom line than shelling out a smaller, single chunk of cash. This approach also gives you the chance to implement dynamite software that would otherwise be too immediately expensive for your company.
There are plenty of transitional steps between managing an in-house application and hosting a fully outsourced one. To save money while in the building process, you should buy refurbished equipment and upgrade your existing servers with more memory and larger, faster disks. If you need more space, create a cooperative data center and split the cost with another business.
And before you make the final leap toward outsourcing, remember that a less costly alternative to ASPs is co-location -- buying new servers but paying a hosting provider to house them and connect them to the Internet. This is a good solution for resource-challenged companies that are looking for a middle ground between internal application management and complete outsourcing.
Under the microscope
Once you've decided that outsourcing is the proper approach for your company, it's time to find the most appropriate and reliable provider. This step is key. Hiring the wrong company can spell death to your business. Make a checklist of your requirements and go over them in detail before signing a contract. Do a full background check on potential ASPs and take on-site tours to get a firsthand look at their security procedures.
And remember, you'll be sharing your provider's resources with several other businesses, so make sure the ASP can handle your needs in harmony with those of its existing subscribers.
If your application relies on an Internet connection, your ASP should have redundant, high-bandwidth circuits (preferably 45Mbps or better) to at least two Tier 1 backbone carriers. In addition, the provider's data center should meet exacting standards for power, cooling, and fire prevention.
If application availability is crucial to the success of your business, make sure your provider has sufficient battery power and a backup generator. You should also demand around-the-clock emergency assistance to ensure that your applications are operational at all times. Furthermore, look for an ASP that gives you a direct-dial number that rings the lead administrator on site. That way, you won't get passed between operators and voice mail boxes when your applications are in a crisis situation.
Of course, you should receive all your terms in writing and check out a couple of the ASP's long-term references. Ask the provider for the names and contact information of some clients with operational needs similar to yours and who have been with the provider for at least a year. Make sure to pick up the phone and actually check out these references. If the ASP is reluctant to help you with this step, politely move along to another company.
A matter of trust
The paperwork supplied by the ASP deserves as much scrutinyy as the ASP itself. Read your SLA (service-level agreement) carefully. Most standard SLAs only offer prorated refunds for downtime. If constant availability is critical for your business, insist on an SLA with stiffer penalties.
Have your lawyers approve the wording of the ASP's confidentiality agreement. Your company's sensitive data would probably fetch a pretty price from competitors or miscreants, so make sure the ASP is accountable for any theft or damage caused by its staff.
If you plan to host third-party applications off-site, make sure you purchase the appropriate license from the software vendor. Similarly, if the ASP is supplying the application, make sure you're not liable if the ASP fails to license its software properly.
A surprising number of companies get stuck buying their way out of long-term contracts when they switch providers. If the ASP requires a commitment term, make sure you can walk away free if the ASP doesn't deliver on its promises.
You can't keep constant watch over your ASP, so you must choose a provider that you can trust. The last thing you need is to constantly be worried about the intentions and competence of a third-party ASP that just so happens to have access to all of your business software and confidential information.
Agreeing to the confidentiality agreement mentioned earlier is one good way for your provider to prove its good will toward your company. In addition, if your ASP is going to handle your very sensitive corporate data, look for a provider that screens its workers via criminal background checks and drug tests.
It is also important that physical access to your ASP's systems are tightly controlled and logged. During your tour of the provider's facility, look around for symptoms of poor security practices. If you see the machine room door unlocked or propped open, choose another ASP site.
Because securing data is the shared responsibility of you and your provider, get details on the ASP's intrusion prevention, detection, and tracking systems. If you're not equipped to judge the effectiveness of these systems yourself, pay a security consultant to do it for you.
In addition, to shoulder your share of the security burden, you'll need the provider's access logs and audit trails. You shouldn't have to call your provider every time you need to activate or revoke a user's security credentials. The ASP should give you an easy, secure way to manage credentials remotely.
As with any relationship, your rapport with your ASP may sour over time and it is important to keep this in mind, even during the honeymoon phase. Arrange for regular deliveries of backup tapes, removable media, or network dumps of your application's data. This will ensure that your data is ready for immediate restoration should you decide to switch providers.
You should also have a competing ASP in mind and ready to hire in case some emergency should make an immediate change necessary. Contact your backup ASP periodically to make sure it's ready to step in.
Finally, make sure your contract clearly separates your property from the ASP's. Your domain names, licensed applications, and data must all come with you when you leave an ASP. Pay particular attention to the registration record for any domain hosted by the ASP, making sure that the billing and technical contacts are people at your company, not at the ASP or one of its agents.
True, signing with an ASP can help you free up capital and human resources for other projects, or at least keep you from being crushed by the burden of new applications. But don't forget that you're handing your most vital data to an outsider, so don't pass the buck too cavalierly. Establishing and managing a business-savvy relationship with your provider requires the same level of preparation as does any internal project.