risks of online applications

Online subscription software is easy to get going and it seems to cut out the upfront cost and opex's your costs - but what are we trading for this convenience? What risks are we adopting?
The olden days​
Back in the dark ages of computing (1990s to earlier 2000s), choosing what software to use was an even bigger decision than it can be these days.  Firstly, there was choosing the solution for your problem, a lot of reading and promises from vendors, reviews from users and the press were crucial.  Gartner’s quadrants helped.  Sometimes you would run a formal selection process with vendors.   Maybe there was a demo disc you could trial the software with.

Once you had selected the solution there was the upfront costs (often a hefty figure):

• Software licence
• One year subscription for updates and perhaps also software support
• Maybe a suitably power server to host the main system
• Making sure your PC’s were powerful enough to run the new software

Then there was the ongoing cost of the software subscription, regular upgrades and patches that need to be put on servers and PCs.  All with their own invoice cost, let alone the cost of having your IT teams or office staff stop work to do patching or learn new features.  Depending on the subscription model, you may end up paying again for the latest version of the software!

Nowadays 
These days getting started with a new piece of software is often as easy as entering an email address and sometimes a credit card number.  You’re away, no installation, it works on all your computers via the web browser, no one is installing server software, upgrading computers or having to manage the software versions.  All of it is taken care of!  

All costs with the software can be made opex so you don't need a business case and you only pay for what you use.  

Google and many other online providers pioneered this approach of subscription software delivery, Microsoft has done the same and continues to invest heavily in this direction, going as far as subscription for a gaming approach with Game Pass (essentially creating the Netflix of games).  

So, with all these advantages what on earth could the draw backs be? And why should I be worried?  Here are our top five risks when using online software (or software as a service):

Risk #1 - Data governance and privacy
The risk:
When you enter data into a website it is saved somewhere real, on a computer that is physically in a building/structure, in a country.  The laws of that country now govern that data, along with any rules and agreements in place with the organisation providing the computer that the data is being saved on.  It is pretty rare for a software provider to clearly outline where the data you enter is saved. 

In New Zealand we have privacy rules and codes of conduct about the data collected and where it can be stored, what's more consideration of Maori data governance interests might be relevant.  These rules have implications for collection, storage, use and access so you will need to consider both how the software treats the data collected but also how you use it.

What you can do about it?
Start with what data you are storing, there may not be any expectations for the product descriptions and costs information you store on your e-commerce solution, however there might be about customer information you do collect.

Check the website for any direction on where they are storing information, what security they put around it and the reliability of the security checks they have on their system.  If they do not publish information regarding this, try contacting them to find out.  If you don't get a timely response, or no response at all, think twice if your information is sensitive in nature.

Risk #2 - Confusion - too many applications for the one type of work
The risk:
There are usually many, many, many software solutions to solve the same problem.  Just looking at the project tracking space you have solutions like :

• Trello 
• Microsoft Project / Project Online 
• EasyRedmine
• Asana
• Zoho

To name a drop in the bucket! All of them are good in some way or another and offer advantages the other may not, such as feature, cost, etc

We met with a client recently who used three pieces of project/task tracking software across their clients and internally and were about to add another one.  None of the software talked to the other, one set of clients used one tool and another set of clients used another tool.  They know they need to consolidate but in order to do so they would have to retrain one set or all of their clients in the new solution. Furthermore, all the information stored in one application would have to be moved across (more on that below).

In larger organisations this can be a real problem where different groups or departments grab the software they like the best and get going.  They aren't constrained by the capital expense rules that meant the decision would require greater scrutiny before being signed off.  This has its pluses and minuses.

What you can do about it?
Keep a central software register and put someone in charge of overseeing such decisions.  Do your best to configure this so that they aren't holding up decision making but are creating awareness around solutions already in use.  Encourage requirements gathering and checking before signing up - perhaps there is already a solution being used that would suit their needs, perhaps the cost and benefits don't stack up.

Risk #3 - Integration 
The risk:
You've got your e-commerce solution to sell your wares and its slick and does a great job of helping customers to purchase your amazing products, however, the inventory solution isn't connected.  We met with one company where one of their staff had to spend the first part of every morning manually updating quantities in the e-commerce solution with stock levels to avoid customer disappointment when they ordered.

Stitching together different software products to create a coordinated solution for your business has always been a problem.  This is where ERP products generally came from (like NetSuite, Microsoft Dynamics), a single integrated solution to run the whole business, however as smaller niche solutions have exploded onto the scene that solve one part of a business problem the problem of integration has gotten bigger again.

There are tools that can help with integration but you are looking at configuration, running costs and making sure something doesn't change between the two integrated systems that breaks it all.

What you can do about it?
Choose wisely. Ask yourself some questions when making your decisions:

• Do I (or will I) want the information I put in this solution to be available elsewhere?
• Does this solution connect to other systems I use? If so, does this cost extra? How reliable is the connection?
• Can I use something I already have in my existing solutions to do the same thing?

Risk #4 - Lock-in 
The risk:
You've picked a solution, it becomes crucial to your businesses operation.  Everything is running fine, then something changes; the prices go up, the system starts misbehaving, there aren't new features being added to help you keep up with your competition,  so you are now looking at other options to move to.  But wait…all your historical and current information is kept in this system and there isn't a way to get it out or transfer it over.  Or worse you look closer and the contractual agreement to use the system was that they own all data you entered into it or they expressly exclude any support for taking data out.  

Your stuck, it’s going to hurt to move to the new solution, not just getting the new solution to work right for your business, training your staff in the new solution but all that lost information and history, or labour time and cost to manually add this history into the new solution.

A software solution limiting you like this seems unlikely?  Unfortunately, this is the business model for many, big and small companies.  We see it across all sorts of offerings.  Creating software using the Microsoft toolset for example, means you have to stay on that or recreate everything on a competitor’s toolset.  

What you can do about it?

• Choose carefully up-front
• Understand this is a risk you might be taking
• Be sure that the company you are getting the software services from has a good track record of investing in its products
• Check your contracts / user agreements when signing up
• Look to see if the software has a suitable export function

Risk #5 - Data access
The risk:
You have invested time and effort in curating quality data in your online system, now you want to leverage it, but how do you get suitable access to it with your cool reporting tool?  Or worse, what if your data is being used by the vendor for their own data analysis!

All too often the data you put in can be hard to extract.  A few years ago, a health organisation invested in a shiny new software solution to be then provided as a software as service solution.   Lots of great data being captured, cleaned and ready to us.  However, limitations in the interface made it difficult to ask certain questions of the data.  Luckily (or so we thought) the solution came with an export function.  Problem solved! Not quite, the export only allowed 8000 records to be exported at a time, if you tried more it failed and produced nothing.  In the end they needed to work with the vendor to create a new extract that would send each night, but they then needed to collate and prepare the data further - all adding cost and extra expertise they didn't have.  

In another situation we worked with a client that was looking to use an online solution to run their business, it functionally matched their needs, however tucked away in the contact was a clause that boiled down to "the vendor can use the data put into the system to create meta-analysis reports on the population entered and sell that report if they wish".  

What you can do about it?

• Check your contract/licence agreements first
• Check the exit clauses for the solution - how is that provided to you should you choose to stop using the software
• Check the functionality of the solution - does it have a suitable means for extracting the data both in a one-off way but perhaps also ongoing
• When reviewing the contract look closely for ownership of the data
• Look at integration connectivity options, tools like PowerBI and Tableau often have connectors for various software solution.  There are other ways
• You will have obligations around sharing and reflecting the agreements you have set with people whose data you are entering into your systems; be sure those are being upheld by the new solution.  If not, consider how you are going to change your policy, notify people and give them the option to opt out.

​
Conclusion
Online software is a fantastic evolution of computing and enables businesses to reduce overhead, costs and to pivot to meet or beat market expectations. However, whilst they often present as an operational cost the decision needs to be treated as an investment decision and everything that goes with that sort of decision:

• Understand what you and your staff need - making sure it aligns with your strategic goals
• Careful review of contracts/user agreements - does it align with your customers data collection agreements
• Consideration of the lifetime cost - moving existing information into the new solution, retraining, migration off

 
Treat the decision that way, consider the risks we've outlined and you'll have the best chance of getting the value and benefit from your software selections.