Why You Must Own Your Data and Control Access to It

Software-as-a-Service (SaaS) has been positioned as a better, more affordable way to utilize technology for businesses. Proponents of SaaS claim it will eliminate costs associated with managing and maintaining the software – allowing businesses to use the technology rather than wasting resources managing the technology. Indeed, this is true! SaaS has been revolutionary for many businesses that want to get out of the computer-operations business altogether and just use the software they need to operate and run their company efficiently.

Walk, Don’t Run

It’s an exciting prospect, eliminating all the overhead and resources necessary with maintaining custom software and infrastructure costs such as servers and storage. What company wouldn’t want to reduce operating expenses like ongoing development costs, maintenance, and staff needed to manage the systems? Anyone responsible for a profit and loss statement will jump at the opportunity to eliminate so many costs. With a simple SaaS model, all this overhead is handled by the SaaS provider.

There are, however, a few very good reasons to take things more slowly. Invest ample time in considering long-term strategy and risks. Remember, your business may depend on this technology, and with SaaS, you don’t have complete ownership of it.

SaaS systems are built with some specific workflows in mind. This usually means the systems are fairly inflexible and internal business processes and workflows will have to adjust to the SaaS product. Most businesses have unique processes and workflows that have evolved over time and adjusting those processes to a ridge SaaS product often creates new inefficiencies for the business. We’ll be exploring this more deeply later in this series of posts.

Let’s begin with a simple, declarative, unambiguous, unconditional, and incontrovertible statement:

You want to own the data.

Who Owns What?

Who owns responsibility for the safety, security, and survivability of the data?

Many assume that the SaaS provider is responsible for keeping the data secure, uncorrupted, and inaccessible to unauthorized users. Your service agreement with that provider may indicate that this is not the case. In it, you may find clear declarations that the provider assumes no responsibility for the “merchantability” or “fitness for any particular use or purpose.” Elsewhere you may find language about holding the provider harmless from any liability regarding loss of data. This is all language you should review carefully before signing on with any SaaS provider.

Here’s the logical argument: Who has fiduciary responsibility for the data? That is, who stands to lose the most money if the data is damaged, lost, or stolen? This is a very important distinction because data has become among the most highly valued assets most companies own, so when you lose data it’s a major loss. Somebody’s career is usually on the line, and the company often suffers irreparable damage.

Isn’t Possession Nine-Tenths of the Law?

You may have signed an agreement that says the provider who delivers the SaaS and maintains the data on their servers has ownership of the data. That’s the worst of all possible situations. Get out of the agreement ASAP.

If they’re tracking your transactions and otherwise monitoring your traffic, they may very well own that information. This data becomes more and more valuable over time. In many cases, the company asks you to pay exorbitant fees for access to these metrics. The effectiveness of your marketing can significantly improve the more you leverage these metrics to learn more about your customers.

When you don’t own this information, the end of your contract with the provider may also mean the end to your access to it.

Taking Hostages

When your SaaS provider stores and manages your data for you, they have the opportunity to hold your data hostage should things go bad. Perhaps you have a service complaint that they won’t or can’t resolve. Simply withholding payment pending resolution stops being a viable alternative for you. You stand to lose your data, which is far more valuable than whatever you owe your provider.

And your SaaS provider isn’t the only potential hostage taker!

Another clause you may find when you carefully review your SaaS service agreement is that the provider will immediately obey any valid subpoena requiring the surrender of your data. Oh, and they don’t need to notify you that they’ve done so. Yes, your government may take your data hostage.

The easiest prevention for this is encryption. Always encrypt all data in transit or at rest in storage, and do not share the key. Your SaaS provider has no reason, nor right to view your data content. They can readily manage it as necessary without having the ability to look at it. Now, the government agency issuing the subpoena must also subpoena you for the key. This doesn’t necessarily stop them from gaining access as you must obey your subpoena. But now, at least, you’re aware that your data is being appropriated.

Making Better SaaS Choices

None of this says that going SaaS means losing control of your valuable data assets.

Your operations are better served when you have software applications developed to work the way you prefer to work. You have many options to have the software delivered as a service by a provider. So you can have the benefits of SaaS without having to adapt your operations.

You may decide to have your data stored by a cloud service other than your SaaS provider. This separates your data from them and removes any leverage they may otherwise enjoy.

You may also decide to have your data backed up by yet another cloud service to provide double assurance.

Or you may decide to have the data physically reside within your four walls on storage equipment you own. This, to some extent, defeats the purpose of going SaaS in the first place, but it does give you the power to “pull the plug” should it become necessary.

Build Your IT Team

All being said, you may decide the best route is to build your own custom software, as to avoid any potential data ownership issues. Hiring IT talent internally can be a huge challenge, especially if you don’t already have anyone technical on your team. But the good news is – you do not need to hire anyone fulltime. You can build and maintain highly effective and proprietary software designed specifically for your business processes and workflow without procuring the talent yourself.

Instead, you can hire a software development firm to build and maintain the platform for you (but make sure you own that code too, or you have the same problem as before)! We have an entire article on finding your software development match.

Selecting a software development firm that is the right fit for you can determine your best path to application delivery data sanctity and business success.