Most agencies still wary of SaaS

But DOD and GSA see software as a service as a way to reduce development costs.

Some federal agencies want to learn whether buying software as a service is appropriate for them. SaaS is a trend that industry experts say could eventually replace costly software purchases and risky implementations. The General Services Administration decided to use the SaaS model for USA.gov, and the Defense Department chose SaaS to acquire collaboration tools through its Net- Centric Enterprise Services contract. Experts say the momentum behind SaaS comes from a growing recognition that software development and maintenance are too costly and time-consuming for many government agencies and businesses. With the SaaS model, an agency pays a subscription fee or transaction fee in exchange for access to a shared resource, such as collaboration software tools. The SaaS model allows software providers to spread the costs and risks of software development and maintenance among many customers. SaaS is not a silver bullet, but it has certain advantages, said Dave Mihelcic, the Defense Information Systems Agency’s chief technology officer. “It has to be used when the opportunity makes sense. We can more quickly provide capabilities, and that is important to us.” DISA has awarded two contracts since July 2006 for a variety of SaaS services that include instant messaging, low-bandwidth text chat, Web conferencing and shared whiteboard services. GSA has issued two request for proposals for online collaboration tools and Web analytics, which the agency plans to use on its USA.gov Web site. “With SaaS, you have someone who is an expert in that service and offers it to a wide variety of users,” said John Murphy, director of USA.gov technologies. “It shortens the development cycle and gives you high functionality and more time to focus on what you really want to do.” GSA decided to forgo the systems integration work that would have been required to achieve what it wanted. “We looked at what internal tools we have available, and we would have to cobble them together,” Murphy said. “Based on what we are seeing, the price for SaaS is pretty reasonable, too.” A few other agencies have joined GSA and DOD in using the SaaS model. A spokeswoman for RightNow Technologies said the company uses the SaaS model to provide its customer relationship management software to the Environmental Protection Agency, the Social Security Administration and the Census Bureau. However, other agencies say they are not ready to jump on the SaaS bandwagon. According to an Input survey of 66 federal executives, many officials are hesitant to move to SaaS immediately, but they expect to do so sometime in the future. “The consensus is that this is something agencies are moving toward, but there is a huge educational challenge because many people don’t understand the fine print,” said Richard Colven, Input’s vice president, at a recent event in Washington sponsored by the Software and Information Industry Association, Input and the Information Technology Association of America. Kevin Carroll, former program executive officer for the Army’s PEO Enterprise Information Systems office, said the Army remains skeptical of SaaS. “The Army and others want to know why industry is doing this,” he said. “When we have done lease/purchase cost analysis, it is always cheaper to buy, so we need to understand the return on investment to pay for the service.”

OMB addresses SaaS in guidance

The Office of Management and Budget recently offered agencies guidance on buying software as a service.

OMB instructed agencies to ensure that SaaS meets the security requirements of the Federal Information Security Management Act and other policies and laws. However, OMB also encouraged agencies to use market solutions that save money and improve performance.

OMB included those instructions in its FISMA guidance in 2007.

Dave Mihelcic, the Defense Information Systems Agency’s chief technology officer, said agencies should strike a balance between the need for security and the need to deploy capabilities more quickly.

"In some instances, the vendor has to build a piece of their infrastructure that is dedicated just” to the Defense Department, he said. “Security is a big concern, and DOD came up with a policy when buying managed services."

Karen Evans, OMB's administrator for e-government and information technology, said the National Institute of Standards and Technology has modified its security guidance to address SaaS requirements.

— Jason Miller