Four questions to ask before switching to SaaS HR
by : Alan Joch
in : techtarget.com
There’s little question that HR organizations are rethinking how they operate. A recent report by the consulting firm Deloitte says 84% of the companies surveyed are either transforming or planning to transform how they handle human resource functions. Driving this change, not surprisingly, is the desire to save costs, followed closely by attempts to achieve greater effectiveness.
How are organizations planning to achieve these ambitious goals? The same report, Human Capital Trends 2011: Evolution/Revolution, says Software as a Service (SaaS) HR applications can directly address these areas.
But Deloitte also points out that SaaS HR has the potential to do even more. “While SaaS technology is evolutionary, its business implications are more likely considered revolutionary,” the report concludes. “SaaS solutions … can also enable organizations to do entirely new things, like helping HR organizations of any size compete and operate on a global scale.”
That’s all encouraging news, but it’s not the whole story. Although there may be many incentives for moving HR data and applications to the cloud, analysts concede that success isn’t guaranteed. A prudent approach, they say, requires answers to a host of important questions. Here’s what to ask potential service providers before signing a contract for SaaS HR.
#1: How much — or how little — customization will be possible with the SaaS HR service?
By maintaining standardized, back-end business processes, SaaS service providers keep costs lower and margins higher than if they tailored the software to each customer’s needs. But that can leave HR organizations with the responsibility for revising their long-established business processes to accommodate the cloud services, according to John Hoebler, managing director of MorganFranklin, a McLean, Va.-based consulting firm that specializes in financial management and performance improvement.
What to Expect
SaaS HR may offer some customization opportunities, but they may be limited to high-level changes, such as tweaking field records or reorganizing certain elements on the screens that users see. “A lot of end users are used to saying to IT, ‘This is what I want. Go make it work.’ But they will have to approach SaaS from a different angle,” Hoebler said. The bottom line is that SaaS HR requires a different mindset — and perhaps more flexibility on the part of customers — than when organizations run on-premises applications.
Question #2: What measures do you take to assure sensitive HR data is secure from access by unauthorized parties or hackers?
As Deloitte reiterates in its trend report, security remains one of the main factors holding organizations back from adopting SaaS HR. For good reason. The SaaS model relies on multi-tenancy, which means multiple customers share pieces of the same application, databases and storage systems. Cloud providers must erect technology barriers to wall off these resources. In addition, security measures must deter hackers from intercepting employee data as it traverses the networks that connect HR organizations with the cloud.
What to Expect
HR organizations will need to perform their own security assessments of service providers, Hoebler said. “You want to make sure that risk management is in place and that the service provider has a strong security policy in place, including physical security.”
One key consideration is whether the cloud is certified to be in compliance with Statement on Standards for Attestation Engagements (SSAE) No. 16, which formalizes industry-accepted controls for service organizations. HR organizations must also understand which access controls and password policies protect data when it’s in the cloud environment. Analysts also say data encryption should be used to protect information as it flows across networks.
But choosing a cloud provider with full-time security experts may provide an advantage. “I tell my clients to compare a vendor’s answers to how their own organization stacks up when it comes to security,” Hoebler said. Except for companies in highly regulated industries, such as healthcare or banking, “security will probably be a step up in cloud organization,” he added.
Question #3: How do you assure business continuity to keep data and applications always available?
Because bad things can happen to good data centers, SaaS HR providers should have redundant systems to keep the service running even if components fail or a major disaster strikes the physical location.
What to Expect
A business continuity and disaster recovery plan should be in place; get the potential service provider to outline the details of these strategies, analysts say. Industry criteria to consider include recovery time objectives (RTOs) and recovery point objectives (RPOs). The RTO gauges how quickly normal operations will resume after an outage, while the RPO determines the point at which the recovery will take place. For example, ask whether data will be available up to the moment the failure happened or as of the last system backup, which in some cases may have been the previous night.
Question #4: What options do I have to easily remove my data if I decide to switch to another service provider?
Committing to a SaaS HR provider requires a greater degree of vendor lock-in than with on-premises software. After all, the service provider not only controls the application but also your data. Cloud customers may switch solution providers, but significant investments in time and resources make changeovers difficult.
What to Expect
Before you lock in with a particular vendor examine the company’s financial viability by analyzing its own statements and any third-party sources, consultants say. Next, get the candidate to discuss its resources for scaling the solution if, over time, it signs up significantly more customers. Since everyone is sharing the same data-center resources, a spike in traffic volumes could undermine performance levels. “Cloud solutions are really, really hot right now,” Hoebler said. “Even if the technology can scale fine, are [the cloud providers] going to increase their internal teams to meet the demand and keep the product up to date?”
A final vendor lock-in consideration: Understand what process will be in place if the provider happens to go out of business. “Ask how you will get your data and application back,” he said.