An observation that has arisen several times in conversations about SaaS and Exostructure-based operations in general is the following: "What happens to my data if my SaaS service provider/remote hosting service/other outsourced service (i.e. exostructure) fails as a business and is forced to close?"

The only sensible answer I have heard so far essentially equals ducking the meat of the issue - namely, make sure you do not put any business critical applications, services or processes on an outsourced service. That is certainly a valid argument while evaluating the efficacy or otherwise of Exostructure services to any individual business. But if users end up feeling they can never risk loading critical data and processes on to an Exostructure service it will fade away.

Given the fundamental importance of this issue, I asked some leading service providers for their thoughts. The responses provide some answers, but also indicate that there are issues that the industry needs to address and solve - ideally collectively. Otherwise, users may be obliged to let their fear get the better of their information management strategies for the future.

I have written before about the growing number of psychological issues that are growing for users - and in particular potential users - around SaaS and the Exostructure. Some of them, such as operational reliability and data security, have there source in users' fears that, if there is no system to see or touch then they are somehow out of control of their data. Most service providers can ease such fears, but this particular question is not like that. It does represent a real problem and so far there is no clear cut solution.

There are, for example, several grey areas around company and business law where it has not yet caught up with changes in the way important data can now be handled - i.e. that my data' is still mine even if they' appear to own it. For example, one suggestion is writing a contract that ensures the customer's continued ownership of their data if the service provider fails. But there are suggestions that in the UK the failing company would probably go in administration and that all existing contracts would consequently be considered null and void. The big fear then becomes that one company's data could become an asset that the administrator could sell to the highest bidder (quite possibly a competitor).

In addition it has to be noted that, even if the data was made available to the customer following a service provider's failure as a business, that data may be valueless unless the customer also has rights of access and use of the associated business logic.

Roy Maxwell, Managing Director of Scolocate, suggested that providers will need to offer some kind of support around customers' data to ensure access should the business fail. "But clearly, if you are using tape/disk to achieve this then there might be significant downtime if something unforeseen were to happen, which leads to the comment about business criticality."

"My advice would be to back up data to another provider, and have a contingency plan for accessing it," said Kelly Smith, Managing Director of Centrinet. "This is much easier said than done though - I'm sure that customers of some SaaS service providers would not find this easy."

According to Tim Knight, Senior Director of Force.com at Salesforce.com, any customer can get their data from the service at any time. They are able to replicate their data set on their premises in a number of ways - either directly through the API (and the company has put specific functionality into the API that enables users to request changed/updated data only so they can create a trickle feed of data into their company) or through a weekly backup service which exports all of their data and sends it to them directly. "If they decide to leave the service at any time they are also able to request their data which we will package up and send to them," he said.

"I do believe it's a psychology issue," said Treb Ryan, CEO of Opsource, "as in reality, no one is going to destroy data as long as their are people willing to pay to get to it. This works even better in a SaaS model as most people are willing to pay their monthly fee if they can still have access to the application at least long enough to move to something else."

Zach Nelson, CEO of NetSuite, came up with some useful, practical advice for users. "If in doubt before buying, a customer should ask for/demand to see the financials of the company - or at least enough data to understand how much cash they have on hand and how much cash they are burning to understand when they run out of money."

This last suggestion does go to the heart of one of the primary pro-exostructure arguments - the firmer financial foundation of service providers, certainly once established. The annuity business model of service provision means that, so long as the fixed costs of the business are being exceeded by the revenue stream, there is little obvious danger of the business going under - where fixed' costs of course include a continual contribution to the upgrading and expansion of resources that allow service growth to continue. Even with this proviso it should be a more predictable business model with fewer opportunities for sudden surprises'.

Given that the exostructure represents a new approach for utilising IT, there is an argument that new customer support schemes should also be created, and there was general consensus that something should be done.

One possible something' was the idea of adopting the Bond Scheme used by the Association of British Travel Agents (ABTA) where all members contribute to a fund that is intended for use when a travel company fails. The fund is then used to repatriate all customers of that failed member and, if possible, reimburse pre-payments to those about to take their vacation. I posed the question whether such a model might work. In the end, the consensus was in the negative, but some form of insurance for customers is accepted as necessary in the event of a failed service provider.

"I think that the ABTA analogy doesn't stack up," said Kelly Smith, "because if you were running it along the same lines the insurance would have to pay the administrators of the failed airline to fly the holidaymakers home. That would be a non-starter, and in reality they are booked onto another airline."

As he pointed out, having another service provider doesn't necessarily help the SaaS customer as it is the combination of data and system that is important. In most cases, one or the other in isolation doesn't really work.

"The other issue is a psychological one. Holiday companies are happy to tell you they're ABTA registered, as it gives you peace of mind. We accept that there is a risk that an airline or tour operator could go bust, but it's ‘only' a holiday so that's OK," he continued. "On the other hand, if there were such a scheme for managed hosters, the very fact that the hoster was a member would introduce an element of doubt in the customers' mind. It would be a hard selling message - ‘we're rock solid to our foundation and you can trust us with your critical data. However, if we, go bust you will be OK'."

Scolocate's Roy Maxwell shared much the same view, if from a slightly different perspective. "As for the Bond Scheme I think this is a nice idea but in reality I don't see this happening," he said. "Datacentre operators will use financial stability as just another selling tool and would be reluctant to dilute this by a bond scheme, I could well be wrong in this but given my knowledge of the local players here I suspect that would be the case."

Opsource's Treb Ryan observed that trying to solve this problem has some history, as a company called SaaS capital was doing something of this nature a couple of years ago. "But the money wasn't there at the time." He does see the possibility of a bond-like association working, though suggests that an even more simple insurance set-up could be an answer - something like the USA's Federal Deposit Insurance Corporation, which protects the first $100,000 of any deposit payable in the USA.) "But with everything else going on, it's hard to see anyone from the insurance industry spending time on this right now," he mused.

Ryan's colleague, Opsource's Head of Products, Don Green, is already facing up to the issue of helping end users insure they have time to find an alternative service provider to which they migrate. As a base service provider to a growing range of specialist SaaS providers, Opsource not only needs to provide an answer for its end users but also an answer its Service provision customers can use with their end users. "This has become a hot topic of late," he observed. "We've had two basic types of requests which we've addressed differently. The easier one has been the case where one of our customers needs some sort guarantee of continued operation in order to get a deal with one large end user. In that case we have basically written a contract with the end user that they have the option of executing on if our customer goes out of business.

"The more difficult situation is customers who want this sort of guarantee from us for all of their customers. This is particularly challenging in that if we charge them upfront for the guarantee based on their existing environment and they grow significantly, we are under compensated if we have to run it down the line. On the other hand if we charge a premium by month to cover growth of the environment, we are at a much higher risk at the front end. We have basically split the risk by having an up front fee plus an uptick for this service, and limit the length of time we will run it."

NetSuite's Zach Nelson did come up with one other alternative which is simple and should be effective. It also does have a proven, workable history. "Write into the contract that you have the right, should the company become insolvent, to be able to get a copy of their application with the customers data. This is effectively a form of the source escrow' so popular with stone-age software."