SaaS suppliers must educate fed buyers

Procurement practices shouldn’t impede the implementation of software as a service (SaaS) in government agencies as long as suppliers of such solutions educate federal buyers about the benefits of this software business model, said Dan Chenok, a vice president at SRA International.

SaaS, also known as on-demand software, is gaining momentum as a delivery model in which a company provides maintenance, technical operation and support of commercial or specially designed software for its client. The company typically hosts the software at its facilities and offers clients flexible subscription pricing. As a result, agencies can quickly implement business applications, saving organizations hefty infrastructure and ongoing administrative costs.

The key to selling this approach to the government is to “make sure agencies know what SaaS is and what the benefits are,” said Chenok, who was branch chief of information policy and technology at the Office of Management and Budget before joining SRA. Suppliers need to “present [SaaS] in a way government buyers can understand,” he said.

He spoke Jan. 18 at the SaaS/GOV ’07 conference in Washington, D.C., which was sponsored by Input and the Software and Information Industry Association.

The elements that make SaaS attractive to government are often already part of procurements -- for example, security of systems and data, Chenok said. SaaS providers have to correct any misimpression buyers might have about security and ownership of data in the SaaS model, he added.

Vendors should focus on data protection and systems security when describing SaaS to agencies, Chenok said. “Discuss how SaaS fits in with authentication, authorization and access” to data. Homeland Security Presidential Directive 12 is driving the government’s identity management initiatives now, so vendors should show how SaaS can integrate with smart cards for secure access to applications.

Bring testimonials from the early adopters of SaaS, such as the financial services industry, which has a high concern for security and privacy, Chenok said. Study all of the security compliance issues mandated by agencies such as the National Institute of Standards and Technology, the National Security Agency and OMB, he added. In addition, SaaS providers must offer protection for personal information consistent with the Privacy Act of 1974, he said.

Because SaaS has been successful with small to midsize companies, providers should also work closely with smaller federal agencies. With larger agencies, he advised flexibility. Rapid installation of applications might be a positive feature of SaaS for industry, but large agencies have to go through layers of management for procurement approvals. So SaaS providers might need to allow for a slower deployment time for their solutions.

Most importantly, it is not enough to say that SaaS is better and cheaper than traditional approaches to software delivery. Suppliers need to show examples of breakthrough performance from the private and state and local sectors, Chenok said.