Most enterprise CIOs are now managing both on premise and software as a service (SaaS) based applications within their corporate IT landscape and infrastructure. To date, enterprise adoption of SaaS accounts for the largest portion of global SaaS revenue and Gartner predicts public cloud services will hit $201B in 2016 with global spending on SaaS  projected to reach $32.8B in 2016.[1]  Companies like Salesforce, Workday, Intuit, Microsoft, SAP, and NetSuite have provided a compelling enough reason to convince enterprise customers to transition large portions of their application suites and infrastructure to them, as SaaS providers.

As the SaaS model has gained legitimacy with customers of all sizes, the amount of traditional SI integration and consulting services has increased significantly. Several breakouts at this year’s event [Demandforce] reviewed examples of the application integration, customization and business process consulting successes experienced by regional and national SI’s.[2]

However, it is a large software market that has not wholly embraced SaaS solutions.  With revenues close to $17B, SaaS accounts for only 6% of the overall software market.[3]  While some companies are solely cloud based and only provide a hosted SaaS solution, other SaaS providers are hybrids – heretofore enterprise on premise applications that have transitioned their solution to a SaaS or platform as a service (PaaS) offering. Some of these “hybrids” have not been able to differentiate their products and services (SaaS v. on premise) enough to convince current and future customers of the benefit of a wholly managed SaaS solution.

Oftentimes the barrier to adoption can be an inaccurate analysis of costs.  However, we have found that a correct total cost of ownership (TCO)[4] analysis may still not be enough to compel enterprises to choose SaaS over the on premise implementation[5]. These SaaS providers need to not only create substantial benefits for the enterprise, but should also address key infrastructure, security and risk, and application integration and data conversion concerns.  In our discussions with our enterprise clients, we have found the following to be key areas of concern: product/service and business innovation, risk and security management, and application integration. We believe that SaaS providers attempting to capture a larger portion of the enterprise market should consider carefully and then solve for these areas – ultimately creating a clearer path for enterprise adoption.

pyramidFigure 1

Product/Service and Business innovation
Enterprise SaaS applications tend to possess a higher level of complexity and can be characterized by increased levels of customization. Previously, the level of customization required to meet enterprise customer requirements could only be found with on premise implementations but this is not the case anymore. SaaS providers must possess significant features and functionality to necessitate a migration from current systems to hosted services and applications.  In some cases, existing applications have been in place for many years – some of them developed specifically for that customer. To replace these, any future system must provide significant value to the enterprise customer.

Value is created through decreased product and service development cycles, increased flexibility and greater opportunities to innovate business processes throughout the enterprise. Salesforce has changed how sales teams manage lead generation, customer opportunities and new deals by building key features and functionality into its platform. For Workday customers, one of the greatest advantages of frequent updates (versus upgrades) is “the continuous innovation in features and functionality—approximately 100 significant new features with each update and hundreds of minor enhancements—that can be adopted (or not) based on their own timetables.” [6]

funnelFigure 2. Decreasing the Innovation cycle

SaaS platforms that partner to create user and partner based communities can bring experience, insight, and feedback to the platform’s product development group. Increased channels of product and services ideation increases the set of potential features introduced onto the application platform. Velocity is augmented by the SaaS vendor’s ability to quickly and regularly make updates to the system.

For hybrid SaaS providers, the challenge can be significant. “SaaS innovation must occur in its purest sense, without the baggage of on-premise complexity. While the hybrid model offers customers an option of either on-premise or SaaS delivery model, hybrid solutions still place the same harness on the respective vendor to support various customers with distinct infrastructure complexities, limiting the vendor’s ability to innovate across all customers.”[7] We believe innovation for both the customer and platform can still occur, but hybrid SaaS providers must be able to differentiate products and services offered via SaaS from those that are part of their traditional software-licensing model and implementations.

Additional opportunities to differentiate should be focused on clearly outlining hosting and service tiered models.[8]  Segmenting enterprise customers into tiered service levels benefits both the provider and the customer by delivering the right amount of products and services based on the customer’s value placement. Levels of products and services can be bundled into offerings that meet each segments need – bronze, silver, gold, platinum, and diamond for example – from low levels of customization, and support (multi tenant environment and almost self service) to high levels of customization, support and complexity.

Security and Risk Management
According to the Forrester study, “The State of Enterprise Software: 2009” [9] security concerns were the most commonly cited reason why enterprises did not opt for a SaaS solution. While security and risk management processes and practice have improved significantly since 2009, there still remains skepticism regarding SaaS providers’ ability to maintain, manage and secure sensitive corporate information. As more enterprises move to leverage SaaS vendors, the security and risk management standards for SaaS providers have needed to improve so that CIOs are comfortable with managing IT infrastructure and systems outside the corporate firewall – all of these practices must be open and available for review by customer corporate risk management teams.

“Companies are also using different providers for different services, such as Google Mail for e-mail, and Amazon Web Services S3 or Dropbox for file and folder storage. This can result in a cloud sprawl, which further complicates management of these different components…”[10] This subsequent “sprawl” can create security gaps as data is shared across the company’s network infrastructure. SaaS providers must be able to support the enterprise in meeting its requirements for security and risk management.  While the onus may be on the customer to implement multi-layered security controls and strong identity authentication within its IT infrastructure, SaaS vendors will need to support its application integration and as enterprise buyers have become more astute in evaluation of SaaS providers, these customers are assigning more risk to the vendors.

With SaaS, enterprise data is stored at the provider’s data center and with the data of other customers – while the data is restricted for specific customer’s use only, this data may be stored anywhere, with Amazon for instance and replication of the data can happen across multiple locations and in potentially multiple countries. To this end, enterprise SaaS providers should be able to document and allow for review the following key security elements Data security, Network security, Regulatory compliance, Data segregation, Availability, Backup, and Identity management and sign-on process. [11]  To establish security baselines, enterprise customers are requiring from SaaS providers auditing standards such as the Statement on Standards for Attestation Engagements No. 16 (SSAE 16)[12] and security frameworks such as ISO 27001. Moreover, if you are a SaaS provider working with the US government, you are now required to follow standards established by the Federal Risk and Authorization Management Program (FedRAMP).

scaleFigure 3. Security Concerns Still Exist for the Enterprise

Ultimately, enterprises are primarily concerned with the lack of control and visibility into how their data is stored and secured. SaaS vendors will create a greater value proposition if they adopt the latest security and risk measures, and provide this information to current and potential customers.

SaaS Application Integration and Data Conversion
In 2013 a KPMG survey found that 33% of IT executives are seeing higher than expected SaaS or cloud implementation costs.[13] The challenges were associated with integrating these applications into an existing enterprise IT infrastructure. Leading SaaS providers like Salesforce have well defined APIs and associated documentation – which makes integration exponentially easier.

Sabharinath Bala, research manager of enterprise applications at IDC Asia-Pacific, said companies increasingly prefer a hybrid IT environment which combines existing on-premise software with SaaS applications. To facilitate integration, these SaaS vendors would offer a number of connectors or adaptors in their software to traditional applications…[14]

It will be critical for any SaaS provider to accommodate and support an enterprise customer’s application integration strategy and technology – whether it is service-oriented architecture (SOA) or the use of a third party integration vendor.  In order to realize the revenue associated with hosting and servicing customers, SaaS providers are now required to consider the following key aspects of integration and data conversion: data transformation, data security, data flow (among on premise and oftentimes SaaS applications) and data volumes.  While it will be incumbent upon the enterprise to redefine the common data model and the logical mapping, SaaS providers will need to ensure data is available and unencumbered: “Data access is a critical factor in adopting SaaS solutions for organizations, and the Salesforce developer evangelists that sponsored my Dreamforce session last year shared that data connectivity is the most popular topic on the developer track.”[15]

Again, Salesforce leads the way in this regard. Its platform offers prepackaged products for integration between Salesforce and enterprise systems like Oracle and SAP. While third party vendors or cloud brokers have provided these integration services as well, we believe a compelling future differentiator will be a SaaS provider’s ability to provide these services to its enterprise customers – out of box so to speak. Data integration for reporting business analytics and intelligence requires a comprehensive view of all of the enterprise’s data. SaaS applications create silos of these information stores unless enterprises are able to organize, model and implement how data will flow among systems.

We do not believe that hybrid SaaS providers need to choose between on premise or a cloud service offering.  Admittedly, enterprise adoption of their products and services will increase at a slower rate than a pure SaaS provider. However, these hybrids typically offer a greater amount of experience and knowledge, having been in the particular market longer. Leading practices are already baked into the application.  Instead, hybrid providers need to continue to offer their current and future customers a highly valued product and service – which could range from self service to on premise – ultimately the customer will define its value placement and choose the one best suited to meet its requirements.

[5]From a 2014 Gartner survey, “Forty-four percent of survey respondents said that overall cost reduction continues to dominate as the main reason for investment. ” ( )

[7] The Continuous Innovation Advantage of Software- As-A-Service, Jason Corsello, October 2009

[8] See BVP’s, “Software as a Service Pricing Strategies By Byron Deeter and Ryan Jung July 2013

[12] The US Sarbanes-Oxley Act is required for publicly traded companies operating in the US. Sarbanes-Oxley requires management to provide assertions on the organization’s internal controls over financial reporting. This was not accounted for in SAS 70. Controls of SAS70 were in line with the auditing standards of the AICPA, a US-based organization, but there was a need to scale SAS 70 up as an international standard for global adoption and thus SSAE 16, which is closely linked to ISAE 3402, the international standard on reporting for service organizations. (

About the Author
Will Yen is a Partner and the Chief Marketing Officer at Kenny & Company. He has over 15 years of experience delivering business solutions for Fortune 1000 companies. His range of experience includes supply chain strategy, marketing strategy and planning, product management and development, IT strategy and planning, mobile computing, and financial services software development. Will has been published in Baseline Magazine, Computer Technology Review, and PS Village, and is the author of several research whitepapers and blogs. He holds a Bachelor of Science in Managerial Economics from the University of California, Davis, a Master of Science in Applied Economics from University of Georgia, Athens and a Master of Business Administration from Duke’s Fuqua School of Business.

About Kenny & Company
Kenny & Company is an independent management consulting firm providing Strategy, Operations and Technology consulting services to our clients. Our management consulting practice, experience and insight also enable us to provide early stage venture capital investments and management consulting guidance to select startup companies, and through our philanthropic endeavors to give back to our communities.

This article was first published on on December 18, 2014.

The views and opinions expressed in this article are provided by Kenny & Company to provide general business information on a particular topic and do not constitute professional advice with respect to your business.

Increasing Enterprise Adoption for Hybrid SaaS Providers by Will Yen, Kenny & Company is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License . Kenny & Company has licensed this work under a Creative Commons Attribution-NoDerivs 3.0 United States License.