We offer a free trial of our online accounting software and we tend to follow up those who don’t go ahead to become paying subscribers to find out why they chose not to go ahead.
Typically we’re told that they love the software, it’s by far the easiest to use and easiest to understand application they’ve ever tried for managing their accounts for their small company or sole-trader business. But they just don’t like the idea of their data being held on the web.
There’s a perception, especially amongst non-technical users, that data held on their PC or Mac is more secure that it would be on our servers.
So let’s look at this for a moment:
Home/Office PC: Free copy of Zonealarm (software firewall) – probably not updated very often.
SaaS solution: Incredibly expensive hardware firewall with sophisticated intrusion prevention. Most SaaS providers, ourselves included, have to be what is called PCI compliant and are scanned regularly by a third party to check for security weaknesses.
Home/Office PC: No monitoring. Sometimes there might be a software product to alert you to attempted attacks – but this is of no use if you leave the computer on and connected to the internet whilst no one is using it.
SaaS solution: Monitored 24/7 by security specialists at data center
Home/Office PC: High risk. The computer is often in use and is used to visit websites and has other software installed
SaaSsolution: Virtually non-existent. The computer is only used to serve the application
Home/Office PC: Backups may be taken once a month if at all. And that’s only if you remember to do them (honestly, when did you last backup your data?)
SaaS solution: We have real time live synchronisation to a remote location, so if London (where our main data center is) disappeared overnight, we’d be back up and running with zero data loss very quickly. We also take regular “snapshot” backups throughout the day.
Home/Office PC: Your computer is often located under the desk or in the spare-room at home. Physical security is usually limited to a burglar alarm (which keeps going off accidentally so now gets ignored by all)
SaaS solution: SaaS companies use secure data centers. Appointments are needed to visit hardware. Often biometric scans and photo identification are used to gain access
Home/Office PC: Smoke alarm under the stairs (no battery)
SaaS solution: Sophisticated ‘dry’ fire suppression system, ensuring no damage to hardware
So by far a SaaS solution is more secure than your home/office system. Logically it’s very easy to prove this. Often though, when faced with the above arguments people say it “just doesn’t feel right” and talk about “gut feelings”. As a programmer by trade I find it really hard to change someones mind when their opinion is based on emotions. So when someone says they’re just “not comfortable” with their data being online, we don’t try to change their minds (we don’t know how!)
Thankfully though, these objections are becoming less frequent. We hear it significantly less often than we did a couple of years back or even 6 months ago. But I think this is by far the biggest hurdle SaaS companies have to overcome when selling
![[Post to Twitter]](http://blog.kashflow.com/wp-content/plugins/tweet-this/icons/tt-twitter-micro3.png){kind=icon}
![[Post to Delicious]](http://blog.kashflow.com/wp-content/plugins/tweet-this/icons/tt-delicious-micro3.png){kind=icon}
![[Post to Digg]](http://blog.kashflow.com/wp-content/plugins/tweet-this/icons/tt-digg-micro3.png){kind=icon}
![[Post to StumbleUpon]](http://blog.kashflow.com/wp-content/plugins/tweet-this/icons/tt-su-micro3.png){kind=icon}
This entry was posted on Monday, June 8th, 2009 at 1:56 pm and is filed under Cloud Computing / SaaS, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
What I found interesting, reading through this, was that as a techie, I agree with your assertions about how a managed/hosted environment is better (we’ll assume its a reputable, properly run environment – or one entirely within your control – rather than be pedantic!).
I’ve seen this demonstrated in the past, as I used to work with some high grade co-lo hosting in the docklands.
However, I would still feel a bit uneasy putting accounting information online. I can’t describe why – this is one of the factors (the others are many and complex, and slowly being removed) which explains why I haven’t tried KF yet.
However. I use web-based email. There is a almost certainly at least some confidential information in my GMail archive. Are google more trustworthy than you? I don’t see any reason why this should feel different.
Therefore I think it’s simply psychological – it’s because it would be the data for “The Accounts” – some sort of odd mental block pops up and interferes.
Perhaps it is more my attitude and feelings towards “The Accounts” themselves, rather than anything to do with the environment in which the software is hosted, or the manner in which it is delivered? :)
I agree that it’s “The Accounts” that pulls at the emotional strings. The thing is your accounting information, assuming you’re a limited company, goes into the public domain anyway (as The Apprentice winner now knows).
I suspect when you look at it a bit closer you realise it’s possibly your customer list you’re more concerned about.
Possibly. I think it’s partially an ‘out of sight, out of mind’ issue – filed accounts are very much out of sight (although they should not be out of mind), plus there is implicit trust that Companies House will store them appropriately.
Mind you, I don’t know why that exists, given the amount of balls ups made in the area of data security by the government and related bodies..!
Customer list is an interesting point.. I suspect for me its a continuance issue – e.g. the ‘what ifs’ of losing data. But that shouldn’t impact on the suitability of Saas – so we’re back to the emotive points. I’m sure I’ll get over it at some point, though.. :)
But once they’re at Companies House, they’re accessible to anyone that is willing to stump up a couple of quid to have a look.
Well companies are using hosted e-mail services, and are being pushed into using hosted microsoft office solutions, As spreadsheets are one of the main tools for looking at forecasts and performing business modelling, it is quite likely that much much more sensitive and potentially damaging information will be found in these applications than in accounting data.
I must admit though that the question of data encryption is a pertinent one.
As to the thought of the software supplier having access to the data, this happens all the time when Sage et al are asked for support on corrupt data. It has to be realised that there is so much data for them to look at so they really don’t have the time or inclination to sift through it all to see ‘what might be useful’
Matt & Duane, that argument could go round and round. Do you trust your IT guy or the repair guy down in PC world any more than the other?
If you want some financial reasons or disaster recovery reasons. Then a decent office server will cost you over £2000, then you need a backup plan and a maintenance plan (And someone that knows how to work it).
In contrast, so far we have spend our £15/mo with Duane (for about 18months now) and £60 for an annual subscription to Dropbox (https://www.getdropbox.com/referrals/NTMwNTEzOQ). About £330 quid so far, we have much less IT overheads than the traditional server setup (Not bad for an IT related company!).
Our dropbox is sync’d between 4 machines and our KashFlow backup is emailed to a Google Mail account. Our data is on that many hard drives that the company should be able to continue to operate even if you throw the worst disaster you can think of at us!
For me, this by far out-weighs the extremely slim chance of someone else finding out who are clients are and what we charge them! TBH, I would probably tell anyone that asked anyway!
I use KF for my Janik IT business (it runs OneOutdoors, buyXsocks, The Bionic Shop, and other bits n bobs) and I have no concerns about security of data in transit. I expect my customers to trust my site whether they use SagePay or Paypal, the RBS expect me to trust them with my internet banking and I trust the encryption used for data in transit with KF. I trust the physical security of the servers and the integrity of the companies involved with my accounts and KF. I guess as some point there is has to be an element of trust.
Back on the physical security. My old man has a successful building contractors business (main contractors for Esso, BP and Shell (I know I know, but we all use fuel and someone has to build the stations)) and they ‘had’ a laptop with all the Sage accounts on. You might guess what I am going to say…
…the laptop was stolen sometime over a weekend in November 2007(!). Yup, someone smashed a window risked the alarm noise and pulled the laptop from the desk and were away. The most recent accessible backup was 6 months previous. 3 temps where employed and trained to re-enter the 6 months of data as best they could to meet a VAT return deadline. A new accountant was employed to make sense of the garbage that was churned out and the inevitable missed transactions and typos made by the temps. New laptop and new backup system of course. Costs involved spiraled to the tens of thousands. OK, if they’d have taken a backup on the Friday night and stored that on a memory stick then they’d have been ok but it’s just that – you have to remember to do that. At least with an online system if your laptop is stolen you just plug in a new one and crack on, minus £500 for a new machine. It’s June 2009 and the company is still experience small repercussions of the loss of data.
I sleep at night knowing my data is safe and if my own hardware is damaged or stolen all I have lost is a computer and I just have to login to KF from a spare one or just get new one and be glad that my business can carry on without problems.
James Davis
http://www.buyXsocks.com