In Shakespeares "Antony and Cleopatra," Cleopatra commits suicide by holding a poisonous asp to her breast. After the recent collapse of many service providers, companies that decided to embrace an ASP know exactly how she felt.
The bite of many fallen application service providers caused, if not death, at least a lot of pain, especially for companies that relied on ASPs to provide core services such as ERP (enterprise resource planning) or human resources. Some ASPs proved to be deadly to themselves, choosing to offer applications such as office apps or data management that businesses werent interested in outsourcing. On the other hand, service models that provide management and diagnostics while supplementing other systems may have what it takes to stand the test of time.
So how does an e-business gain ASP advantage without getting bitten? In eWeek Labs experience, several factors need to be considered when looking at a service provider. These include the viability of the provider, the importance of the task being outsourced, whether vital data needs to be transmitted outside a company network, and the actual cost of keeping the task in-house. (For more on what to do when your ASP goes sour, go to www.eweek.com/links.)
What has and hasnt worked using the ASP model? Well, one of the first and most successful examples is Web hosting. Hosting a Web site at a provider saves a business from worrying about maintaining and securing a site while sacrificing very little of the manageability of the site.
More recently, the MSP (management service provider) model has proved itself to e-businesses. MSPs often supplement internal IT systems, such as security and network management, by fulfilling functions including remote vulnerability assessment and performance monitoring.
Some of the biggest ASP failures were the providers that took the "application" in ASP too seriously. Just because it was possible to outsource traditional office and productivity applications didnt mean anyone wanted to. Its easier to provide these applications in-house.
So how should a business evaluate the viability of a service provider? This can be tough. If the provider isnt IBM or one of the handful of providers that look like theyll be around for some time, companies should probably avoid outsourcing core business apps such as ERP or human resources. Figure out how much it will hurt if the ASP fails. While losing security scanning or performance monitoring can be inconvenient, for example, its not a life-or-death situation for your business.
Its also important to ensure service agreements will protect your investments. Is there protection for your company if the ASP goes under? Also, if the service must be available 24-by-7, can the provider include technology assurances such as redundancy, as well as contractual protection if the service becomes unavailable due to server crashes or other problems?
In addition, some of the best services mainly supplement internal systems. A company may have firewalls and intrusion detection running internally but will outsource vulnerability scanning. Internal network management systems control and monitor servers and other hardware, while an external service adds real-world Internet data to the equation.
Some of the oldest ASP advice still stands true. Security has always been a concern when outsourcing (even when the outsourcing of security has proved successful). Anything providing core business functionality should be tied to the outside world only via secure connections, such as a virtual private network.
In addition, many companies have no problem outsourcing the intensive work of analyzing the huge log files that e-business sites generate. But if this data can be of use to competitors, outsourcing it should be considered only if the provider can provide guarantees that data will stay secure throughout the process.