SaaS, SOC and API: Three key considerations when purchasing new software SaaS, SOC and API: Three key considerations when purchasing new software

View

SaaS, SOC and API: Three Key Considerations when Purchasing New Software


There are lots of technology acronyms today. Terms like ‘The Cloud’ and “Everything-as-a-service” sound great, but what do they really mean? And more importantly how these trends impact how family offices and business management firms chose and manage technology. In this blog, I will try and shed some light on recent technology developments and what you should be considering when making your next technology decision.

SaaS

Software as a Service (SaaS) is one of the biggest changes in technology in the past decade. It fundamentally shifts what the vendor provides from a product to a service. With SaaS, the vendor is responsible for physically hosting the software, managing software updates, disaster recovery and in some cases data acquisition. The software resides in a data center and the client accesses the software via a web browser (via “The Cloud”). Most vendors offer multiple flavors of their product from vendor hosted to private cloud to client hosted. It’s important to understand the benefits and draw backs each hosting arrangement might offer your firm.

SaaS offers many benefits to family offices and business management firms.  You do not need to acquire expensive hardware, manage software updates and can have access to the product from anywhere. SaaS is an “on–demand” service versus a product and should be evaluated as such. This requires going deeper than a demo and understanding the details of Service Level Agreements (SLAs) in terms of system availability and disaster recovery (DR) as well as reviewing reporting the vendor can provide to prove they have the proper controls in place.

SOC

Service and Organizational Controls (SOC) is a report published by an independent CPA that certifies the organization meets certain best practices and prudent controls for building technology and handling data. A SOC I report states if an organization has meet these requirements as of a point in time. A SOC II report that states the organization has been tested and meets the requirements over a length of time.

It is expensive and time consuming for a vendor to go through a SOC audit. As such, not every software provider does it. If you are considering a SaaS solution that involves sensitive client data, it should be an important consideration when selecting a new vendor or evaluating an existing provider.  Ask for a copy of their SOC audit.

API

Application Program Interface (API) is a set of protocols and routines that allow different software systems to talk to each other - Machine to Machine. This is a more modern approach to exporting and importing data back and forth between applications. One of the early draw backs to SaaS solutions is that it was more difficult for a Family Office to create a best of breed technology environment.

Now many providers have APIs that allow for seamless data and workflow integrations. APIs require coordination between vendors to ensure the two products share data securely and with proper authentication. Most vendors will vet integration partners to ensure good business and product fit.

When selecting new technologies it is important to consider whether the vendor has an API and if they have or have plans to connect with other critical systems that are part of your ecosystem. It can be difficult to find a single solution that can handle all the requirements of a family office or business management firm and as such robust integration tools and a mature ecosystem can make one vendor a better fit over another.

These are just a few considerations in the buying process. Family offices and business management firms should look beyond the demo and price to consider other criteria in order to properly determine if their service is a good fit for your organization now and in the future.