It’s 10:00 PM – Do You Know Where Your Data Is?
Application Service Providers, or ASPs, are attractive to many small firm attorneys for several reasons. They often appear to offer desired functionality at less cost than the desktop equivalent. Offsite access is another oft-cited benefit of ASPs. And finally, some (including my distinguished colleague Wm Paul Slough) suggest that data is more secure when hosted by an ASP at a high-end data storage center than it is on your local PC. But those perceived benefits fail to hold up under close scrutiny.
ASPs allegedly offer key functionality at less cost than a desktop solution. However, that cost savings may be illusory. First, most ASPs are subscription services. That means that, while the service may have a lower initial cost, it must be paid for again and again over time. For a direct comparison, the FreshBooks site referenced by Mr. Slough costs $14/month for up to 25 active clients. Should you land that 26th client before closing out a prior client, you almost double your fee to $27/month. Assuming one year at $14/month and one year at $27/month, two years of FreshBooks costs $492. By contrast, one license of PCLaw costs $400 – once. There is no requirement that you pay PCLaw again, and your cost doesn’t go up when you add more clients. And should the ASP decide to raise fees, users are left with the conundrum of paying the increase or going through the often-painful process of converting data to another software package – often on short notice.
Of course there are always free alternatives, like Toggl.com for timekeeping. But using a free ASP is an exercise in riverboat gambling. Users who revel for a while in the glory of free online solutions are likely to learn soon, with apologies to Robert Heinlein, TANSTAAFL. The data bandwidth, server computers, and data storage have to be paid for eventually somehow. The Internet graveyard is littered with failed ASPs.
Perhaps the most infamous is time and expense ASP Red Gorilla. Red Gorilla was founded in 1999 and grew rapidly as it signed up big-name customers like Adobe Systems, as well as a plethora of small businesses. A year later, Red Gorilla collapsed abruptly. Users found themselves unable to access their time and expense data, with no advanced warning. Emails to tech support bounced as undeliverable. Even after another ASP licensed Red Gorilla’s system, data remained unavailable for a full week. And it’s not just small startups that have washed out of the ASP market. Even Pandesic, one of the granddaddies of the ASP market – a joint E-commerce project of industry giants Intel and SAP – failed.
Users of a failed ASP have few fast remedies available to them. If a user is fastidious about keeping a local copy of data, the data might be able to be transitioned to another software package. That transition is fraught with potential problems generated by differences in database structures, field formats, and the inherent learning curve involved in trying to quickly adapt to a new software package. And the whole matter of choosing a new software package must be made in a shortened time frame, potential leading to a less-than-fully considered, emergency choice that hasn’t been fully vetted.
The second benefit often touted for ASPs – offsite access – may be their most attractive feature. Especially with timekeeping software, the ability to capture time when working outside the office has a direct impact on an attorney’s bottom line. However, even this benefit is overstated. The same offsite access to software can be achieved through the use of remote access products that an attorney who regularly works outside of his or her office is probably already using. If you’re already using LogMeIn.com, GoToMyPC.com, LapLink, PCAnywhere, Remote Desktop Protocol or VNC to access your office computer when you are out of the office, then you already have offsite access the desktop software that performs the same functions as the ASP software. And more importantly, you also have access to all of your other software.
So if you notice while adding time to your Time & Billing software that Client A has used up almost all of his retainer, and the “evergreen clause” of your fee agreement has been triggered, you can go ahead and write the letter asking him to replenish his retainer, print it, and have it waiting for you to mail when you return to your office. Another alternative to consider is that many software applications offer synchronization conduits for handheld devices for capturing data while out of the office.
Additionally, offsite access is a dual-edged sword. Having offsite access requires that both your connection to the Internet and the ASPs connection are working properly – and with an ASP that connection is always required, even when you are sitting at your desk in your office. While a good ASP will have multiple, redundant, connections to fast Internet backbones, even the best ISPs for small businesses suffer from downtimes. There’s not much your ISP can do about the construction crew on the street in front of your office that accidentally cuts through the connection line. Routers (both in your office and at the ISPs end), modem, cables and DNS servers all represent potential points of failure that could isolate you from your ASP. And until your Internet connection can be restored, you cannot enter data when you are in your office. Ironically, the very choice that provided you with offsite data access would now actually force you offsite.
Finally, the suggestion that data is more secure when stored with an ASP than in your own system is particularly problematic. It may very well be true that data is physically more secure in the hands of an ASP, due to security protocols for the servers themselves and various automated backup systems. However, that physical security may not translate into actual data security.
One of the critical problems with an ASP is that once the data is in the hands of a third-party, you are at the mercy of that third-party’s use of your data. Even if an ASP has an outstanding privacy policy, which ensures that all data on their servers belongs exclusively to the user, and will never be used or sold by the ASP, that assurance may be useless if the ASP enters bankruptcy. The privacy policy is nothing more than a contract for future performance between the ASP and its users. If an ASP goes bankrupt, it may have few assets of value other than the data it holds. Though there are, to my knowledge, no cases on point yet, I think it likely that creditors seeking to maximize their recovery may eventually prove successful in forcing an ASP to sell stored data to the highest bidder.
Furthermore, if your office is a target for hackers, an ASP is the bullseye. An enterprising hacker who gets access to the data in your office might walk away with data related to your clients. But the hacker who gets access to the data on the ASP server walks away with many times the financial data that could be recovered from your system. Assuming you maintain reasonable and appropriate security of your own computer systems, the ASPs server is a much more attractive target than the computer in your office. No system is 100% safe – nearly every major financial network has suffered some data security breach. Why choose to put your critical data in a hacker’s crosshairs unnecessarily?
In any event, using an ASP is no substitute for a thorough data backup and security policy for your local computers. If your backup (and restore) plans aren’t sufficient for the data that you are hosting at an ASP, then they are not sufficient for the rest of your office data either. Software packages for backing up data offer ever-increasing power and flexibility. If you want to insure that critical data will survive hardware failures, I recommend backup software such as SecondCopy or CrashPlan, both of which can be configured to maintain continuous backups. CrashPlan is particularly powerful in this area, with the ability to maintain continuous, encrypted, offsite backups at any broadband connected destination (but that’s really another discussion for another time).
Ultimately, I believe that ASPs offer very little real benefit for critical business data use. ASPs may have their use as adjuncts to your core systems – in particular for projects that require significant collaboration by parties in far-flung locales. But for ongoing use, ASPs do not offer sufficient benefits over locally-installed software to recommend them.
Aaron Rittmaster is a Missouri attorney and avocational “computer geek” (self-described). He writes this as an inaugural member of the TIS Debate team.
It is absolutely the case that under certain situations you may pay more for software in a subscription environment, however, to say that this number is the “cost” is not accurate. Every minute you spend upgrading, installing, reinstalling, training, support or in any way maintaining the software is part of the cost. While I can’t give you numbers in the accounting software industry, in CRM the total cost of a SaaS is 25-30% lower than the onsite verity (that’s an AMR Research number). Specifically in the case of FreshBooks, one fairly large number to consider is the cost of support. While FreshBooks includes support as part of its monthly fee. PCLaw charges $250 per year for the first user (and $45 for each additional user).
Additionally, the suggestion that you could use any piece of software without upgrading it is a little optimistic. Software upgrades are purchased for many reasons, only one of which is features. Often times you have to purchase to stay compatible with your clients or suppliers. Sometimes because the old version is not compatible with a new operating system (or other software it may interact with). And finally sometimes the product reaches end-of-life. All version of any product will eventually become unsupported, and unfixed. While you may not need a new feature, you probably want that security bug squashed.
Even skipping versions and upgrading only every 5-10 years may not save you money. Both Adobe and AutoDesk have implemented sliding upgrade fees based on the version you are upgrading from. While this is far from a common practice, more companies will undoubtedly implement this model as they attempt to smooth their cash flow.
Finally, the suggestion that a ASP is any more likely to raise rates seems unfounded. While I’m fairly certain the price of Final Cut Pro isn’t going to change, I don’t have any guarantee, and I’m convinced the next version of creative suite will be more expensive.
Aaron does a fine job of identifying many of the factors that bear on choices between software you install on your PCs and Software as a Service (SaaS) purchased on a subscription basis from Application Service Providers (ASPs), but I believe he reaches an overly broad and unjustifiably negative conclusion.
While a number of Web-based software programs have no place in a solo law practice, the main reason is that they are aimed at larger offices. Their prices and features match the larger number of users they serve.
Do you want to reduce the number of hours you spend on computer hassles? Consider subscribing to software as a service. Let the software company take care of updates, enhancements, and compatibility problems without wasting your time. As a solo, you do not have the luxury of a dedicated IT staff and cannot spread the cost of your local IT specialist (assuming you have found a good one) across multiple fee earners. Consider also the frustration you avoid when your software just plain works, month-after-month. You are also have tech support at no additional cost in the unlikely event that you might need it. Excellent training materials and even live, convenient initial training may be included in your subscription. You don’t get that out of a box.
As for data security, some lawyers will never want to trust an outside company. Yet all of their credit card information and banking records, both business and personal, are accessible via the Internet. Every consultant like me who works with lawyers has real-life horror stories from new clients who experienced hard drive crashes and failed backups resulting in irretrievably lost documents and records. If you think your data is safer in your office than at the leading Software as a Service providers, think again.
I don’t think broad conclusions, either positive or negative, apply to SaaS generally. You need to consider the factors Aaron describes, but don’t be deterred by alarmism. Spend more time on evaluating how well the software choices fit your needs and seeking out others who have used the software to get their impressions. And don’t assume that the lowest annual cost wins. Your time is valuable and so is your peace of mind. Fewer computer problems and less time spent on installation and updating can make you a happier lawyer.