Fast, easy, consistent - today we expect services to be delivered rapidly, with ease, and the utmost precision. We expect instant access and on-demand service from our cable providers and online retailers so why don't the same principles apply to areas of real business needs such as compliance software? Now they do. The Software-as-a-Service (SaaS) model has begun to take an aggressive hold, offering a wide range of applications to a variety of industries. In many instances, SaaS has become the de facto choice for businesses looking to upgrade their key business solutions. Nowhere is this shift towards SaaS more evident than in the government risk and compliance (GRC) industry.

GRC applications impact all organizations, with prominent mandates ranging from enterprise risk management, Sarbanes-Oxley, and HIPAA to corporate codes of conduct, anti-money laundering statutes, operational risk, and COBIT. As regulations and mandates continue to grow, organizations must be able to document their compliance, whether for auditors or simply to demonstrate best practices to partners, vendors, and prospective clients.

Until recently, on-premise software, or traditional software, was the compliance model of choice, as it gave companies the ability to automate the compliance process. Once in place, these solutions alleviated much of the stress associated with the repetitious and detail-oriented tasks and subsequently allowed mandates to be addressed more easily than at any time previous.

However, in recent times, with the compliance landscape intensifying, the limitations of this approach began to show. Specifically, on-site solutions require manual installations of software directly to individual computers, making the rollout process inefficient and unable to address immediate areas of concern. In the case of product upgrades, the limitations grew even more evident, with the process requiring significant on-site man-hours that translated into an exorbitant expenditure of time and money.

Though on-premise software applications can be used in conjunction with the Internet, it was not until recently that programmers developed a new approach to software implementation, one harnessing the delivery capabilities of the World Wide Web. This new approach to software delivery is known as "Software -as -a Service' and though SaaS has been around in principle for several years, it wasn't until recently that it began to gain momentum. In fact, a 2005 IDC Research study forecaste that worldwide spending on SaaS will reach $10.7 billion by 2009.

The benefits of SaaS solutions are far-reaching and include:

• Security - SaaS applications have the advantage of being deployed on an external server. Unlike traditional software installs that rely on internal security to protect sensitive materials, SaaS applications are securely based in server farms where they are monitored and protected 24 hours a day. These servers automatically back up materials and applications, ensuring that even in the worst situation, information won't be compromised. Best of all, this entire process is blind to the customer, who no longer needs to assign an internal person to ensure operational security.
• Ease and Speed of Installation - One of the major roadblocks in a traditional software model is the time required to install and customize the solution. Depending on the size of the company, the installation process can take weeks and turn into months. Conversely, SaaS applications offer the shortest deployment time, since there's a minimal installation process. Though the program is installed on an offsite server, SaaS solutions still offer the customization capabilities that companies look for when adding a new product to their current solution set.
• Timeliness and Versatility - In many industries, frequent and ongoing product upgrades are essential for companies looking to keep pace and ensure that they have the "latest" tools in place. Under the SaaS model, all updates are installed on the main server and users simply access the software through an Internet portal. A typical upgrade can be done in just minutes, a significant improvement over an on-premise software solution, which can take anywhere from 18 months to two years for a total Global 2000 company-wide upgrade to be completed.
• Bottom-Line Impact - SaaS applications are strong performers, financially speaking. In general, the automatic upgrades delivered by SaaS programs result in a lower total cost of ownership (TCO) due to the fact that SaaS eliminates much of the internal IT effort dedicated to solution upgrades that can cost upwards of $200,000 a year. In fact, compared to traditional on-premise installations, SaaS applications have an overall 20%-40% lower TCO, allowing companies to reallocate resources to other areas. Rapid installs also translate into a quicker return on investment, something all companies are interested in achieving.
• Subscription Benefit - Since SaaS is subscription-based, vendors have a greater focus on quality of service (QoS) and support, rather than the single software upload. This approach forces them to stay on top of quality, maintenance, and service. The format also opens the door for customers to deliver direct feedback to the vendor, which results in continual improvement in the system that directly benefit the end user. (Table 1)
  

So now that you see the many of the benefits of SaaS, you must be asking, "Why are SaaS and GRC such a good fit?":

• Evolving best practices - With the ever-changing particulars surrounding regulations, compliance software must evolve in-step and in real-time to meet new government-mandated changes and keep companies one step ahead. With the SaaS model, GRC practitioners aren't concerned with whether or not their current software includes the most recent updates, since these updates are continually and automatically installed as needed.
• Reliability - Having an outsourced program increases security and reliability because the solution is supported by a full-time staff devoted to monitoring and repairing an application. SaaS applications ensure that no matter what happens to a home server, the application itself will won'tsuffer, since it's housed in locations constantly monitored and backed up. When working with sensitive information associated with compliance mandates, a reliable, secure system is vital to ensure data is cared for appropriately. Additionally, in a world filled with last-minute deadlines, a reliable system ensures the ability to complete GRC tasks in a timely fashion.
• Dramatic Scalability - While some compliance programs may only touch 50 or 200 users to start, ultimately GRC touches everyone in a company. Using SaaS, it's easy to increase the access and usage across all company offices in a matter of minutes.
• Cost - SaaS applications are designed to facilitate multiple users working simultaneously on the same application, regardless of the user's location - a critical capability for a growing Global 2000 organization. This feature eliminates the duplication of efforts and downtime, increasing overall productivity.

Conclusion
The capabilities of the Software-as-a-Service model are just being realized and the GRC industry is leading the charge. According to AMR research, nearly 40% of companies using software for the management of a GRC application prefer some form of the SaaS model. The fact is that the SaaS model fills the holes left by traditional software installations that, simply put, aren't capable of managing these timely requirements. Conversely, SaaS delivers a faster ROI and lower TCO with less risk, making it the ideal partner for today's GRC program.

References

• Erin Traudt and Amy Konary. "2005 Software as a Service Taxonomy and Research Guide." IDC Research Report. June 2005.
• John Haggerty and Fenella Sirkisoon. "Spending in the Age of Compliance, 2006." AMR Research report. Spring 2006.