Does this ASP have bite?
An application service provider (ASP) is in the business of offering your
organization access, for a fee, to a remotely hosted computer application.
Your users most likely would access the application using Internet protocols
and a standard Web browser. The ASP takes care of all the details — arranging
for computers to run the application, software and hardware maintenance,
and their side of the telecommunications connection.
Sounds a lot like time sharing to a guy who grew up with Control Data's
Cybernet and its competitors such as Service Bureau Co. and Infonet.
The benefits of application outsourcing are pretty clear. Agencies are
not, in general, chartered to do software development and computer center
operations. If those activities could be handled by a specialist, it's logical
that the overall cost associated with those systems could be lowered and
But agencies will soon find that the quality of an ASP arrangement largely
depends on the fine print in the contract.
Cost is a central issue. If you don't currently measure how much it
costs to operate and maintain a computer system, you can't tell what's a
fair price to pay an ASP to run it for you.
On the business side, the ASP contract must define ownership of data
and software modifications, along with the protocol for requesting data
and the format and timeliness of delivery. Otherwise, you can wind up being
held hostage (intentionally or otherwise) in the event of a dispute or a
decision by the agency to take the systems work back in-house.
You also need technical controls, including a service level agreement
that specifies reliability and availability. For example, an uptime of 99.9
percent with a response time of two seconds or less sounds good, but those
terms need to be thoroughly defined, along with who is responsible for what.
For example, the application could be running just fine, but it doesn't
do you any good if the network is down. And it may not be immediately clear
whose network, gateway or router is down. For those kinds of situations,
it's good to designate the ASP as the prime contractor and hold them responsible
for the Internet service provider performance. The last thing you want to
do is try to negotiate multiple contracts simultaneously.
Another issue involves soft-ware maintenance. Frequently, software licenses
are written to allow access to an application for the authors and the end
user, and nobody else. Since the ASP's staff is supposed to be taking care
of the application for you, you must ensure that it has the tools to do
its job, including access to source code for modifications, if necessary.
You also need to specify some reasonable security measures, including
protections against denial-of-service attacks like those recently in the
Like seat management, ASP relationships can be a step toward turning
information processing into a utility, paid for as it's used. Done right,
taxpayers and agencies can share the rewards.
— Bragg is an independent consultant and systems architect with extensive
experience in the federal market. He welcomes your questions and topic suggestions
at [email protected]