Association for Information Systems

AIS Electronic Library (AISeL)

European Conference on Information Systems
ECIS 2011 Proceedings
(ECIS)

Summer 10-6-2011

CHALLENGES FOR ADOPTING CLOUD-

BASED SOFTWARE AS A SERVICE (SAAS) IN
THE PUBLIC SECTOR
Marijn Janssen

Anton Joha

Follow this and additional works at: http://aisel.aisnet.org/ecis2011

Recommended Citation
Janssen, Marijn and Joha, Anton, "CHALLENGES FOR ADOPTING CLOUD-BASED SOFTWARE AS A SERVICE (SAAS) IN
THE PUBLIC SECTOR" (2011). ECIS 2011 Proceedings. 80.
http://aisel.aisnet.org/ecis2011/80

This material is brought to you by the European Conference on Information Systems (ECIS) at AIS Electronic Library (AISeL). It has been accepted
for inclusion in ECIS 2011 Proceedings by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact
[email protected].
 CHALLENGES FOR ADOPTING CLOUD-BASED
SOFTWARE AS A SERVICE (SAAS) IN THE PUBLIC
SECTOR

Janssen, Marijn, Delft University of Technology, Jaffalaan 5, 2628 BX Delft, the Netherlands,
[email protected]
Joha, Anton, EquaTerra, 150 Minories, London, EC3N 1LS, United Kingdom,
[email protected]

Abstract
Technological advances such as the creation of bandwidth, modular applications and cloud
computing have enabled the creation of a distributed collaborative sourcing model named Software as
a Service (SaaS). SaaS presents the embodiment of a new service delivery model in which a service
provider is delivering its electronic services over the web to many users on a pay per use or period
basis. SaaS is still unexplored in the public sector context and its use has been limited. Based on
interviews and a group session the main challenges for adopting SaaS are explored from the
government perspective. It was found that SaaS could provide many benefits which are related to the
outsourcing of the local control, installation and development of software which could result in
potential cost-savings and better cost control. Disadvantages and risks are related to the more
difficult control of the IT function. Several items were mentioned as both a benefit and disadvantage,
as this will be dependent on the organizational arrangements. There are also many challenges that
need to be addressed including ensuring the quality, privacy, security and business continuity which
require the implementation of organizational changes and governance mechanisms for public sector
organizations that are considering SaaS.
Keywords: Software as a Service, Cloud, Sourcing, Adoption, Diffusion, Public sector, E-government.
1 Introduction
Government agencies are in various stages of development and are looking for ways to improve their
service provisioning, while at the same time looking for ways to reduce their costs due to severe
budget cuts. It is often argued that there is a need for restructuring structures and processes to improve
efficiency and effectiveness (Beynon-Davies, & Williams, 2003). One way of restructuring the IT
function is by embracing the software delivery model named Software as a Service (SaaS). This can
be viewed as a new type of sourcing model in which IT-based services are provided over
communication networks to users.
The Software as a Service concept has been heralded as a new way of software service provisioning,
as it enables for the faster implementation of software changes (Bennet, et al., 2001) and allows to get
rid of the own installation, control and maintenance of the IT function (Gonçalves & Ballon, 2011).
SaaS is based on the concept of delivering software in the future as a service rather than as a product
(Bennet, et al., 2001). The user pays a certain fee for the use of the software or for a certain period that
the software is used. SaaS providers host and provide access to a software application over a network.
This type of sourcing model enables the development of a service only once and provides it to many
users. Companies in the IT industry are already moving to a web service delivery model by exposing
network capabilities and combining these with online content and applications (Gonçalves & Ballon,
2011). Within e-government there is an opportunity for a similar shift. SaaS can be provided by
organizations within the public sector, but also by private companies residing outside the public sector,
thus providing at least two ways of sourcing. The use of SaaS might provide the opportunity to lower
cost, but also to deliver software applications to end-users over the web, providing a much more
flexible experience in terms of time and location of access (Gonçalves & Ballon, 2011). Although the
current literature focuses primarily on business-oriented SaaS services (Gonçalves & Ballon, 2011),
within the public sector there are some notable and visible examples of SaaS as well. This includes the
use of office applications provided by the SaaS model and the use of services to the citizens. In the
latter situation the services provided by a SaaS provider are integrated in the website of the agencies
responsible for providing the services and the data is communicated to the agency to enable the
processing. In both examples the governmental agencies do not have to develop or maintain the
services in-house and rely on the SaaS provider.
The business rationale for SaaS is driven by the movement of the software maintenance and control to
the SaaS providers. It is often argued that SaaS has implications for both businesses and management
(Olsen, 2006) and SaaS will change the relationship between buyer and seller (Sääksjärvi, Lassila, &
Nordström, 2005). Yet, the specific benefits, risks and adoption challenges for government are
unexplored. The goal of this paper is to understand the possible benefits, risks and challenges of the
SaaS model in the public sector. This paper is structured as follows. In the next section, the
background of SaaS and related developments such as cloud computing are discussed. Next, the
research approach is presented, followed by a discussion of the findings. Finally, conclusions are
drawn.

2 Background
2.1 Shift in thinking about software
Whereas in the past software was bought and locally installed and maintained, the SaaS models
resemble a fundamental new way of thinking in which software is rented and remotely provided. SaaS
has existed almost for a decade and has been advocated for a faster implementation of software
changes and focus on the demand-side (Bennet, et al., 2001). SaaS can be viewed as a logical success
of the Application Service Provider (ASP) model. ASP use can be considered as a type of IS
outsourcing of telecommunication-based application services (Smith & Kumar, 2004), using networks
to provide online application services on a rental basis (Tao, 2001). Recently several technological
advances have made it feasible to sell computing as a service rather than a product:
1. Cloud computing. Cloud computing enables the scalability of software at low cost, making it
feasible to provide software services to a large user base at low costs.
2. Bandwidth. Availability of bandwidth enabling connecting almost anywhere at any time.
3. Modular software. Modular design of service enabling the decoupling of functionality and
configuration and composition of services as preferred by users.
SaaS is a software delivery model in which services are installed, assembled and maintained on the
systems of the SaaS provider and used by others over the Internet. The user pays a certain fee for the
use of the software or for a certain period that the software is used. The latter case is like a
subscription that can easily be terminated as no large investments need to be made. The software
ownership often remains at the SaaS provider of the software, although this is not necessary. In
traditional models, licence buying or software development costs are high, but the variable cost of sale
is substantially lower than for hardware. In the SaaS model, no large upfront investments are needed,
but the variable costs can be substantially higher. Payment might be dependent on elements such as
the number of users and the expected lifetime of users. The basic long-term vision of SaaS is centred
around separating software possession, maintenance and ownership from its actual use. SaaS providers
will often not only provide one service of a certain software suite, but might typically provide a bundle
of software services, although models are possible in which SaaS services are provided by the
company who has developed the software. By delivering a set of software as services, the idea is that
many of the present limitations constraining its use, deployment and evolution can be overcome. The
shift in offering services also has implications for the SaaS providers’ revenue models. Traditionally,
the customer buys a license to use an application and installs it on their owned or controlled hardware.
Over time new updates can be installed, including security patches and other control and update
activities. By buying a license, the customer gets unlimited usage of the software. Per user or per
installed system additional licenses might be necessary. In contrast, in the SaaS models the user does
not buy a lifetime license. The user pays a certain amount for the software running on a third-party
server and loses access when he ceases payment. This can be done on a pay per use or pay per period
basis. The payment can either be charged as a pre-paid subscription or on a pay-as-you-go basis. Table
1 summarizes the main shift from traditional software to the SaaS delivery model.

Characteristics Traditional software SaaS

Ownership Buying of software Renting of software without taking ownership
Pricing model Upfront investments and costs for local Pay-per-use or pay-per-period
installation/maintenance incl. licenses
IT function Buys, installs, develops, implements and Subscribe, plug in and use: no need for an IT
maintains their own software function and no concern of updates
Expertise needed In-house software expertise needed for Usage expertise required
control and maintenance
Table 1. Shift in emphasis of the main characteristics

2.2 SaaS and its relationship to SOA and cloud computing

SaaS is often running on top of a virtualization layer, which can be considered as part of the cloud.
The software is often constructed based on Service-oriented architecture (SOA), but SaaS is a type of
business model which originates from a fundamental change in thinking and should not be confused
with SOA. The SOA paradigm focuses on building information systems by discovering, matching and
integrating pre-developed services (Linthicum, 2004) and should be viewed as an architectural model
for developing software. In contrast SaaS should be viewed as a new business model for the delivery
of services. Nevertheless we view modular architecture and SOA as one of the enablers of SaaS. The
basic idea of SOAs is to decompose a system into parts that are made accessible by services, to design
these services individually and to construct new systems using these single services.
SaaS and clouds are interrelated as clouds are often viewed as the technical platforms to install the
software for the SaaS services and ensure aspects like scalability, reliability, speed of response and so
on. There is no consensus about a definition of clouds. Generally, clouds offer resources on demand
(Rosenthal, et al., 2010) from which application services can be accessed over a network (Buyya, Yeo,
Venugopal, Broberg, & Brandi, 2009). In essence it concerns the pay and use of distributed, low-cost
hardware. Rosenthal et al. (2010) provide a set of features of cloud computing. Janssen and Joha
(2010) add a seventh and eighth essential characteristics based on the idea that a cloud is a distributed
system that is presented as one infrastructure that provides services based on service level agreements.
These characteristics are resource outsourcing, utility computing, large number of (inexpensive)
machines, automated resource management, virtualization, parallel computing, data access control and
service level agreements. Like in SaaS, in most clouds charges are paid per use or period. A cloud
consists of large farms of inexpensive servers which are distributed over several locations. The basic
idea of the use of clouds is to shift the responsibility to install and maintain hardware and basic
computational services away from the user to the cloud vendor (Rosenthal, et al., 2010). The cloud
vendor should ensure security and data access control mechanisms. In a cloud there is a dedicated pool
of hardware and virtualization software that can be used to support a variety of tasks and provide
services to the cloud participants.

2.3 SaaS and its relationship to sourcing arrangements

Outsourcing is about the contracting out or selling of the organizations IT function to a third party
vendor who in return provides the service for a certain period of time and for a certain amount of
money (Willcocks & Kern, 1998). Outsourcing arrangements address the relationship between one
client having one or more external vendors, whereas shared service arrangements address the
relationship between many clients and one vendor, which belong both to one and the same
organizational entity (Janssen & Joha, 2006). Outsourcing has become one of the strategies adopted by
businesses to manage their IT function (Gonzalez, Gasco, & Llopis, 2006). Gurbaxani (1996)
concludes that the nature of outsourcing is changing in significant ways and that the strategies and
options managers can pursue are becoming more diverse and varied. He also concludes that
outsourcing solutions appropriate in one instance might be counterproductive in others.
SaaS can be viewed as a type of sourcing arrangement, in which the SaaS providers can be viewed as a
specific type of outsourcing provider. Whereas there is limited literature about SaaS, there is a wealth
of literature on outsourcing (Gonzalez, et al., 2006; Lee, Huynh, Kwok, & Pi, 2003). There are many
theories underpinning sourcing theory and its decision-making process. Lee et al. (2003) and
Jayatilaka, Schwarz, and Hirschheim (2003) provide an overview of sourcing theories including
transaction cost theory, core competency theory, resource-based, power-political and organizational
theories. In the domain of sourcing the relationship between service providers and service requesters
has been suggested as a critical role. Outsourcing research can be viewed from the strategic, economic
and social perspective (Lee, Huynh, Kwok, & Pi, 2000) and from strategic and organizational,
political, technical and economical dimensions (Baldwin, Irani, & Love, 2001). Lee et al. (2000)
provides five major research areas: organization, performance, decision, contract, and relationship. We
will use these research areas to explore SaaS in the public sector.

3 Research approach
SaaS has not been researched yet in the public sector and there is limited experience in this field. As
the goal of this paper is to understand the possible benefits, disadvantages and challenges of SaaS in
the public sector, we opted for conducting interviews. Interviews will allow us to explore and in-depth
discuss the concept of SaaS and in this way create a better understanding of the possible challenges for
adopting SaaS in the public sector. In addition, reports about SaaS in the Dutch public sector were
studied, although the number of reports was limited. All interviews were conducted using open-ended
questions, informed in many ways by our understanding of SaaS and outsourcing as presented in the
background of this paper. The interviews lasted between 1 and 2½ hours and covered the main
characteristics of SaaS, advantages, disadvantages and risks (strategic and organization, political and
legislative, technical and economical), suitability of the concept for the public sector (type of
organizations, services, arrangements), adoption challenges (organization, performance, decision,
contract, and relationship), practical challenges and research challenges.
The interviewees were selected to cover a wide range of aspects and to ensure that different views
were included. Thirteen interviews were held with IT-managers, outsourcing specialists, outsourcing
and SaaS decision-makers and IT-experts from a variety of public organizations, including the tax
authority, social security agency, Ministry of the Interior and Kingdom Relations, municipality
association and two municipalities. Interviewees covered persons that were already using SaaS as well
as those who are considering the use of SaaS or did not decide to use it. Questions with respect to the
benefits and risks, organization, performance, decision, contract, and relationship were asked. This
analysis should increase our knowledge of the potential use, benefits, risks and challenges of SaaS.

4 Findings
4.1 Benefits and disadvantages
The four categories classified as strategic and organizational, political, technical and economic were
taken as this categorization is commonly used in outsourcing (Baldwin, et al., 2001) and shared
services (Janssen & Joha, 2006).
SaaS benefits SaaS disadvantages and risks
Strategic and organizational
• No installation and maintenance of software • Need for contractual expertise
• No software expertise necessary • Reliability and long term sustainability of SaaS
• Focus on core business providers
• Sharing of software installation and enrolment • Lack of technical expertise and experience
risks with SaaS providers • Difficulty to switch from provider
• No need for human resource management of IT • Risk of lock-in
staff • Less customization opportunities
• Solving scarcity of IT staff • Integration of software from various SaaS
• Improved time-to-market providers.
• Opening up new software applications otherwise • Lack of innovation and no grip on further
out-of-reach and enabling innovation development and standardization
Political and legislative
• Eliminate the need for an ICT-department • Quality assurance
• Eliminate the need for the governance of IT • Ensuring accountability of service providers
• Increased accountability • Data ownership
• Increased control • Less influence on developments
• Higher service levels that are required • Privacy control
• Transparent payment (per use) • Ensuring that SaaS providers follow standards
and guidelines
• Jurisdiction and applicability of law
• Interruption or termination of services due to lack
of payment
Technical
• No complicated license management • Problem shift to composing and integration
• No complicated versioning control and update • Assurance that data is back-up and can be
concerns recovered
• No patching and other maintenance activities in • Access control and security
house • Loss of data in case of bankruptcy of provider
• Get rid of legacy systems • Identification and authentication
• Speed of installation always up-to-date • Information sharing among software from
• Reduction of overcapacity of hardware (memory different SaaS providers
and processes) • Performance management and scalability issues
• Back-up and recovery ensured by SaaS provider • Users utilizing applications running on the same
• No need for having in-house user support server
Economic
• Access to software without needing upfront • In the long term higher indirect costs by
investments additional management, control and security
• Economies of scale by spreading the costs of efforts
innovative solutions over many customers • Dependency on SaaS provider resulting in higher
• Less direct costs (transition) costs
• Control and predictability of IT costs
Table 2. Benefits, disadvantages and risks of SaaS
Table 22 shows the overview of the benefits, disadvantages and risks of SaaS that were identified. The
political aspects were extended with aspects related to legislation. The main benefits are attributed to
not having to install, control and maintain software. Instead software can be used immediately without
having to have a large server park and in-house ICT specialists. Other advantages are the potential
economies of scale in development, maintenance and distribution costs (including license
management, patching, up-to-date software, back-up and recovery and user support), more predictable
payment and no need to make large investments. This is related to having a less complicated IT
function. The possibility of spreading the costs over many customers was mentioned by many
interviewees, as this was viewed as a possible way to deal with the budget cuts. SaaS can significantly
alleviate software costs, as companies would be able to subscribe to services for short periods of time.
The one-time use of statistical and drawing software was given as an example. Sääksjärvi et al. (2005)
give an overview of 12 benefits and 4 risks as found in literature. The resulting list from the
interviewees is longer and shows more challenges and concerns than discussed in previous literature.
This can be attributed to the risk-averse attitude of many government employees and to the concern of
meeting public values like privacy and security. The SaaS concept was viewed as more appealing for
its low investment costs, no need for having expertise required for managing a complicated IT
function, the access to software that would otherwise be out-of-reach and enabling innovation as
depreciation of existing software hindered the buying of new software.
Some benefits were also mentioned as a disadvantage and the other way around. Innovation was given
as a benefit, but at the same time there were concerns about the possibility to steer development in the
right direction to ensure software innovation and customization. Also security was mentioned as both
a pro and a con. SaaS providers could be specialized in providing secure applications and access to
data and in this way ensuring higher levels of security. However, another possible scenario is that the
SaaS provider has limited expertise, data is shared with other users that might be fraudulent and no
insight is given about the number of attacks and security breaches.
When looking at the disadvantages, it can be concluded that they are often risks that might result into
some undesirable effects. They were especially related to exposing or losing critical data, violation of
privacy and potentially losing control of data exchanges. Another complication might be if the data is
stored outside the country and other legislation is applicable to the data. Transferring the control to a
third party creates often the feeling that control is given away. Many of the interviewees were asking
questions like how they could be sure that the data was not given away, that they could detect
intruders and ensure a high level of security. Additionally, failure to pay in time might result in the
termination or interruption of the service and data loss, which should be contractually ensured. Private
SaaS providers might get bankrupt and not cooperate when asking for a transfer of data to switch to
another provider. Not all interviewers were convinced of the benefits of SaaS. The use of the SaaS
model makes many issues easier like license management, ensuring security patches and software
updates, upgrading to new versions, back-up and recovery mechanisms and user support. As such, the
control and execution of the IT function becomes simpler and easier. The IT manager can concentrate
on acquiring the desired functionality at the right quality and the sourcing of this functionality. This is
a shift towards functions that are more strategic in nature. One interviewee formulated that “SaaS
provided us the opportunity to get rid of those cumbersome control and maintenance functions, which
caused me a headache several time (...) now the management of the SaaS provider and ensuring that
they are up-to-date causes me headaches. I’m not sure if this has solved any of our problems”. Several
persons had the same vision as this interviewee and they viewed the SaaS model as a shift in the type
of problems that need to be managed. On the other hand one interviewee indicated: “I really prefer to
handle these types of problems instead of having to ask my staff to code a way around”. Similar
findings are found in outsourcing literature, as Lacity and Willcocks (2002) argue that there is unlikely
an agreement of cost-savings among stakeholders, due to differences in opinion about what should be
measured and how it should be measured, and to which situation it should be compared with.
The question about the suitability of the SaaS model for public sector organizations revealed that
many of the interviewees viewed the SaaS model as especially suitable for small public agencies, that
have limited resources for operating their own IT function. In this way they can escape from having an
expensive IT function. In light of the risks, shared service centres were often mentioned as the
organizational concept and preferred type of service providers for providing and hosting the SaaS.
Such a center could ensure the reliability, high levels of security, accountability and privacy. For
larger agencies, advantages were especially viewed for the provisioning of standardized software that
needed to be accessed anywhere at any time. More specific software was considered as less
appropriate. Yet some remarked that this might be a matter of time. The interviews show that the SaaS
model can provide many advantages, but that these might be seriously hampered by many risks that
need to be dealt with. The choice for SaaS is not only a trade-off between the benefits and risks, but
also the management ability to deal with the challenges that will be discussed in the next section.

4.2 Adoption challenges

The study of outsourcing has progressively increased ever since its start in the 1960s (Gonzalez, et al.,
2006). Gonzalez found that the articles were mainly empirical, in which field studies were the
preferred method and were aimed at trying to explain outsourcing. Over the years new topics have
appeared like the impact on staff and offshoring. The adoption challenges that were found, show the
clear need for addressing a broad range of issues. Furthermore, many of the interviewees were
interested in prescriptive models of SaaS and to understand which arrangement is preferred in which
situation. This should support them in making their decisions and implementing the right SaaS model.
We will discuss SaaS adoption challenges following Lee et al.’s (2000) classification of five major
research areas: organization, performance, decision, contract and relationship.

4.2.1 Organization: Creating and managing SaaS services

The choice for SaaS is an important decision having a long-term and strategic impact as it requires a
lot of organizational changes in order to adopt and manage this new service delivery model. This will
have consequences for the way SaaS needs to be budgeted, planned and staffed. Changes at the
strategic level involve ceding control over how certain processes and IT systems are designed, run and
managed, while changes at the operational levels involve dealing with more frequent software
upgrades, the requirement to provide more and different end-user support and removing control over
certain components of the enterprise operating environment from the IT group. In literature it was
already acknowledge that software providers need a complete shift in paradigm (e.g. Olsen, 2006).
The interviewers revealed that there is also a large change in the governance, structure of IT and
capabilities necessary from governments.
Most of the interviewees indicated the need for developing new types of capabilities to deal with SaaS.
One interviewee formulated this as “there is a shift from technical issues to expertise and knowledge
in sourcing and developing management capabilities to control the relationships”. This types of shift
when moving to outsourcing can also found in literature, as for example Feeny and Willcocks (1998)
discuss the need for certain core capabilities for exploiting information technology and outsourcing.
Several of the interviewees indicated that developing the capabilities from organizational experiences,
thus by accumulation from the past, was not a good option and this might result in a failure. They
indicated the need to find out which capabilities are required and ensuring that investments can be
made and organizational structures and routines are in place before the SaaS model can be used on a
large scale. By developing them first and experiment on a small scale the intricacies and required
expertise can be identified. Furthermore, it was argued that capabilities are needed covering the whole
life-cycle of SaaS. Among the interviewers there was no consensus if there would be a best model for
organizing SaaS. It might be that there is a need for trade-offs to accomplish certain advantages and
motives. This idea is also found in outsourcing literature as Hirschheim and Lacity (2000) found that a
best practice associated with one motive is by definition in conflict with the best practices prescribed
for the other motive.
The interviewees were very reluctant to move to SaaS on a large scale without any assurances. The
primarily reason for this is that SaaS customers do not own the system, but instead have access to a
unique working copy of the data sitting on the host company’s servers. The customer can access the
system to manipulate and change data, but only within tightly constrained operating parameters of the
SaaS provider. The interviewees suggested a careful migration and back-up strategy. The interviewees
argued that applications and information that are of particular importance must initially be retained in
house and run on the own IT system, but can be maintained by the SaaS providers. So if a client is
using core applications and is not satisfied with what comes as part of the package with the SaaS
provider, those applications can immediately be taken over by the own staff. This could imply that
there are higher retained software costs for the client than may have been initially assumed, and those
costs should be understood and be part of the initial business case justifying the purchase of the SaaS
system. Furthermore, they were suggesting the making of clear agreements about the data ownership
and what will happen in case a SaaS provider goes bankrupt, is taken over by another company,
changes it terms or is changing its orientation and vision. Suggestions include having copies and
storing them in the own organizations and the use of a third party enabling business continuity.

4.2.2 Performance: Monitoring execution

There are different characteristics underlying performance, not only the speed and quality of the
service, but also the security and meeting the regulatory requirements. The performance will to a large
extent be dependent on the quality of the used technology and architecture, the organizational
governance and the predefined requirements. The interviewees indicated that it is necessary to involve
the IT group in selecting and implementing SaaS solutions, as they have knowledge about issues like
choosing architectural options such as single or multi-tenancy design, security and detection of
intruders. Nevertheless, it is also a risk as part of the IT function might be outsourced. Therefore it is
important to ensure that business unit personnel involved in the SaaS solution efforts possess adequate
IT knowledge. Business unit buyers must clearly understand and account for the implications the IT
architecture and functionality of a SaaS solution will have on the business processes it will support.
The selection of a SaaS provider is critical for continuity. The SaaS user might need some mechanism
to monitor the performance and security, and have expertise to talk to the SaaS provider about
performance needs for security and scalability. Furthermore, there must be contingency plans in place
to address and account for change in control and potential provider failure. The market will endure
inevitable consolidation, and do so to its benefit, but buyers must ensure they are prepared to tolerate
the consolidation process.

4.2.3 Decision: Public or private SaaS?

SaaS can be conceptualized as an outsourcing decision to a party that can either be public or private. If
operated by a public party, the SaaS arrangement can be viewed as a particular type of sourcing
arrangement, where resources and services are retained in-house, or at least within the government,
and is comparable to a shared service centre (Janssen & Joha, 2006). The major difference is that SaaS
concerns software services, without any persons executing processes, whereas in SSC persons are
often involved in executing processes. In other words, SaaS concerns the sourcing of IT-services and
SSC can provide not only IT-services, but also execute complete business processes. Another aspect of
public and private distinction is whether the SaaS services are accessible to a public audience (for
example drivers license renewal service) or whether user access is limited to government employees
(for example for human resource management services). Also hybrid models are possible, where
organizations may choose to outsource non-critical and low-sensitive information, while keeping
business-critical services and data in their control. The latter was often preferred by the interviewees.
Most interviewed governmental representatives favored the option of sourcing SaaS to an entity within
the government. This enables governments to keep close control of their privacy sensitive data, avoid
potential security problems, ensure authorization, identification and encryption, and avoid legislation
and regulation risks by outsourcing this to a third party and nevertheless gain advantages of this
development. They were suggesting that the client organizations should be involved in the governance
of the SaaS provider and have direct influence on the strategy development and priority and resource
allocation. This idea is confirmed by literature as the costs and productivity increase using outsourcing
brings also considerable management costs and risks which might even outweigh the benefits of
outsourcing (Fowler & Jeffs, 1998).

4.2.4 Contract: Short or long term?

Good contracts were considered as essential by the interviewees, as this is an instrument to accomplish
the benefits and avoid the risks. Contracts are more complicated as on the one hand it should be
flexible and demands instant scaling up based on pay per use, whereas on the other hand long-term
sustainability, secure software access and information storage need to be met. These short term and
long term interests might be conflicting, as the SaaS provider might require that some kind of payment
or longer term commitments are part of the contract.
There were huge discussions about the privacy of data during the group session. SaaS providers will
often store the data in the cloud and data might be stored on systems that are shared with other public
and private parties. Furthermore, the location of storage is an issue, as Dutch governments often
require that data will be stored within the Netherlands to ensure that the Dutch law will be in effect. It
is likely that new agencies or authorities are required to verify and control that data does not cross
national boundaries and that licenses are legal. In general the contract needs to take into account on
data protection and regulatory compliance issues, intellectual property concerns and contingency in
the event of business discontinuity caused by the service provider. Also the risks of non-performance,
and potential exit scenarios need to be contractually defined.
The use of SaaS might be related with the other of other applications and sourcing providers. The data
stored by SaaS providers need often be exchanged with other data, as such the interviewees indicated
that contractual agreements enabling the information exchange with others are necessary.
Organizations that have already undertaken outsourcing efforts must account for those efforts when
making additional investments into SaaS solutions. This is the case with any multi-sourcing effort, but
while SaaS and traditional outsourcing are not mutually exclusive, the viability of their effectively co-
existing in common process areas is in part dependent on the willingness and ability of the outsourcing
and SaaS provider(s) to cooperate. Hence, often a multitude of relationships need to be governed.

4.2.5 Relationship: Governance of the relationships

Relationships are evolving and dynamic, which is often viewed as a success factor for outsourcing
(Willcocks, Lacity, & Kern, 1999). Like in shared service arrangements (Janssen, Joha, &
Weerakkody, 2007), relationships are also considered as critical by the interviewees. There is a shift in
responsibilities and tasks moving from the user organization to the SaaS supplier, which also requires
new governance mechanisms which are focussed on the relation with the SaaS supplier. This
relationship was directly connected to the accomplishment of advantages by the interviewees and
determines whether SaaS will really result in lower costs. Uncoordinated adoption and not having the
appropriate organizational and governance mechanisms in place could undercut the benefits of SaaS.
The shift from on-site software from one-to-one to one-to-many service provision will impact the
relationships between the SaaS providers, its customers and developers. To use the model, a change in
culture and habit is necessary; instead of having the own department and direct control the emphasis
would be on the management and control of the SaaS software provider which is operating on a
distance. Managers cannot drop in and ask for improvements or actions like if they were having their
own department. This implies a change in the way services are delivered and whereas in an
outsourcing arrangement things can be decided once the services have become operational, in SaaS
arrangements it is important that already in advance future scenarios are defined and the way to
anticipate on such scenarios. SaaS software might not easily be changed and changes might be
difficult to realize. The interviewees indicated that it’s important to distinguish between the service
provider and developer role, as they might not be the same. A SaaS provider might typically provide
software from multiple software providers. Most interviewees indicated that there is a need for a
separate entity within the own organization that manages the SaaS provider.
Research typically distinguishes between outsourcing from the perspective of the client and from the
vendor (Gonzalez, et al., 2006). This is especially important for SaaS delivery given the compliance
with the Data Protection Act and potential future data regulations that will govern organizational
processes. Using SaaS implies creating a dependency on the provider and dismantle the own IT
function. Once the IT function is eliminated it will be hard to create a new one and insource the
services. This could create a potential lock-in situation that need to be anticipated for.
As SaaS is a hosted delivery model, users may find they do not have access to the same level of
service and support they get from their internal IT group or would get in an outsourcing arrangement.
Supporting and training users on new functionality delivered via the more frequent upgrades enabled
by the SaaS model requires skilled resources, but not all SaaS providers will offer the level of support
required to meet end-user needs, especially during initial deployment efforts. As a result, SaaS buyers
need to account, plan and budget for all required support requirements. In addition, the relationship at
a higher level to steer the direction of software development to ensure that the software is up-to-date
and matches the changing requirements in time was considered as important. The deployment of SaaS
solutions can prove liberating or threatening to an IT group. One of the core appeals of SaaS
applications to business units is the potential to implement them with little involvement with the IT
group. SaaS is potentially liberating to the IT group in that it can enable offloading of work to support
and manage business unit operations applications and systems, and free up the IT group’s time to
focus on other more critical issues and needs beyond deploying new software applications. The use of
SaaS is potentially threatening in that it pulls architectural and operational control over components of
the overall enterprise systems for which the IT group is still responsible out of the IT group’s control.
This can complicate operations, at least in the short run, by introducing new interfaces to implement
and support, new operating practices to define and learn, and new third-party providers to manage.
Table 3 provides a summary of the main adoption challenges of SaaS for each of the five areas.

SaaS adoption challenges

1. SaaS vendor 3. Accountability 5. Migration strategy
management structure 6. Service integration
Organization
2. Changed IT 4. New IT capabilities
governance
1. Speed and quality of 3. Business continuity 5. Regulatory
service 4. Access control & requirements
Performance
2. SaaS capacity security 6. Quality assurance
management
Decision 1. Public or private 3. Single or multi- 5. Data ownership
 vendor tenancy 6. Vendor
2. Public or private 4. Architectural responsibilities
SaaS options
1. Strict services 3. Cost & payment 5. Location of storage
description structure 6. Data exchange
Contract
2. Good contract 4. Data privacy & contracts
management protection
1. New governance 3. Potential lock-in 5. Strategic alignment
structures situation 6. Managing many
Relationship
2. Changed culture and 4. User training and vendors
habits helpdesk
Table 3. Summary of adoption challenges of SaaS

5 Conclusions and further research

SaaS is a type of business model to deliver software as a service instead of owning and maintaining
software locally. Whereas service-oriented architecture (SOA) can be viewed as an architectural model
for developing software, SaaS is focused on the delivery of services, without the ownership of
software being transferred to the users. In this research benefits, disadvantages, risks and adoption
challenges of SaaS from the government perspective are identified and a comprehensive list is created.
Advantages are related to easier IT control, no installation and development costs and access to
software otherwise out of reach. The number of risks and possible disadvantages given by the
interviewees is richer than can be found in literature. Disadvantages and risks are related to continuity,
performance, privacy, ensuring the control of the IT-function, and the influence on further innovation
and development directions. Some risks are caused because both software and information resides on
systems of the SaaS vendor, whereas the information ownership belongs to the user. The benefits and
risks are identified based on a limited number of interviews and should be extended in further
research. The list can be used to support decision-making about the use of the SaaS model.
The SaaS model of service provision has the potential to become an important sourcing strategy for
government organizations. SaaS requires, however, a fundamental overhaul in the organization of the
IT function, as there will be a shift from local installation and maintenance to managing a remote
provider who is operating on a distance. The interviewees viewed the SaaS model as especially
suitable for small public agencies, that have limited resources and for well-standardized software that
is provided to many users. For larger agencies advantages were especially viewed for the provisioning
of standardized software that needed to be accessed any time anywhere. Despite the many advantages
of using SaaS, there are still a number of challenges and risks that are not addressed yet.
Although it is acknowledged that software providers need a complete shift in paradigm, this research
revealed that there is also a large change in the organizational governance, structure of IT and
capabilities necessary from governments when using SaaS. There is a shift from capabilities for
managing IT in-house to capabilities required for the management and governance of the relationship
with the SaaS provider. Major challenges are related to performance monitoring and ensuring the
continuity, security and quality. Following outsourcing literature we recommend further research in
the research areas concerning the creation and management of SaaS services, performance monitoring,
public or private SaaS decision, trade-offs between long and short term contractual agreements, and
governance of the SaaS provider-user sourcing relationship.

References
Baldwin, L. P., Irani, Z., & Love, P. E. D. (2001). Outsourcing Information Systems: drawing lessons
from a banking case study. European Journal of Information Systems, 10(1), 15-24.
Bennet, K. H., Munro, M., Gold, N., Layzell, P. J., Budgen, D., & Brereton, O. P. (2001). An
Architectural Model for Service-Based Software with Ultra-Rapid Evolution. Paper presented
 at the Proceedings of the 17th IEEE International Conference on Software Maintenance
(ICSM'01) Florence.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandi, I. (2009). Cloud computing and emerging
IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future
Generation Computer Systems, 25(6), 599-616.
Feeny, D. F., & Willcocks, L. P. (1998). Core IS Capabilities for Exploiting Information Technology.
Sloan Management Review, 39(3), 9-21.
Fowler, A., & Jeffs, B. (1998). Examining Information Systems Outsourcing: A case study from the
United Kingdom. Journal of Information Technology, 13, 111-126.
Gonçalves, V., & Ballon, P. (2011). Adding value to the network: Mobile operators’ experiments with
Software-as-a-Service and Platform-as-a-Service models. Telematics and Informatics, 28(1),
12-21.
Gonzalez, R., Gasco, J., & Llopis, J. (2006). Information systems outsourcing: A literature analysis.
Information & Management, 43, 821-834.
Gurbaxani, V. (1996). The New World of Information Technology Outsourcing. Communications of
the ACM, 39(7), 45-46.
Hirschheim, R., & Lacity, M. (2000). The myths and realities of information technology insourcing.
Communications of the ACM, 43(2), 99-107.
Janssen, M., & Joha, A. (2006). Motives for Establishing Shared Service Centers in Public
Administrations. International Journal of Information Management, 26(2), 102-116.
Janssen, M., & Joha, A. (2010). Connecting cloud infrastructures with shared services. Paper
presented at the Proceedings of the 11th Annual International Digital Government Research
Conference on Public Administration Online: Challenges and Opportunities, Pueblo, Mexico.
Janssen, M., Joha, A., & Weerakkody, V. (2007). Exploring relationships of shared service
arrangements in local government. Transforming Government: People, Process & Policy,
1(3), 271-284.
Jayatilaka, B., Schwarz, A., & Hirschheim, R. (2003). Determinants of ASP choice: an Integrated
Perspective. European Journal of Information Systems, 12(3), 210-224.
Lacity, M. C., & Willcocks, L. P. (2002). Global IT Outsourcing: In search of business advantages.
Chichester, UK: Wiley.
Lee, J. N., Huynh, M. Q., Kwok, R. C., & Pi, S. M. (2000). The evolution of outsourcing research:
what is the next issue? . Paper presented at the Proceedings of the 33rd Annual Hawaii
International Conference on System Sciences.
Lee, J. N., Huynh, M. Q., Kwok, R. C. W., & Pi, S. M. (2003). IT Outsourcing Evolution. Past,
Present and Future. Communications of the ACM, 46(5), 84-89.
Linthicum, D. S. (2004). Next Generation Application Integration Addison Wesley.
Olsen, E. R. (2006). Transitioning to Software as a Service: Realigning Software Engineering
Practices with the New Business Model. Paper presented at the IEEE International Conference
onService Operations and Logistics, and Informatics, 2006 (SOLI '06).
Rosenthal, A., Mork, P., Li, M. H., Stanford, J., Koester, D., & Reynolds, P. (2010). Cloud computing:
A new business paradigm for biomedical information sharing. Journal of Biomedical
Informatics, 43(21), 342-353.
Sääksjärvi, M., Lassila, A., & Nordström, H. (2005). Evaluating the software as a service business
model: From CPU time-sharing to online innovation sharing. Paper presented at the IADIS
International Conference e-Society 2005.
Smith, M. A., & Kumar, R. L. (2004). A theory of application service provider (ASP) use from a client
perspective Information & Management, 41(8), 977-1002.
Tao, L. (2001). Shifting Paradigms with the Application Service Provider Model. Computer, 34(10),
32-39.
Willcocks, L. P., & Kern, T. (1998). IT Outsourcing as Strategic Partnering: The case of the UK
Inland Revenue. European Journal of Information Systems, 7(1), 29-45.
Willcocks, L. P., Lacity, M. C., & Kern, T. (1999). Risk mitigation in IT outsourcing strategy
revisited: longitudinal case research at LISA. Strategic Information Systems, 8, 285-314.