“If you can’t convince them, confuse them.” Garfield’s No1 strategy is increasingly being relied on in efforts to market system solutions in the area of treasury whenever this relates to attributes such as ‘The Cloud’ or ‘SaaS’. I recently read a statement made by one provider claiming that an application is only SaaS if it can be opened on a mobile device, which of course is total nonsense. The use of, at best, misleading and often also completely implausible arguments and assertions obviously also erode the interest of the majority of financial officers in addressing the issue. This is a shame given that the right technologies, used in the right way, can deliver major benefits. But what is ‘right’ in this context?
An attempt at clarification
A server which is connected to the Internet is not automatically a cloud. Even two such servers don’t make up a cloud. It is possible however to ‘host’ a solution on such servers, and it is exactly this that some providers are referring to when they talk about a ‘cloud-based solution’. Admittedly, ‘cloud’ sounds far sexier. There are even so-called private clouds which, by definition, are nothing other than a company-internal intranet, which is definitely not where you want to be storing your own data.
This is what is meant by a cloud. The use of the Cloud is closely associated with the use of software and data available in the Cloud. Most people communicate many times a day via a Cloud, they just don’t know about or notice this. When you initiate a payment via a bank, the data are just as often in contact with a cloud without you necessarily knowing about it. Despite this, people have many reservations about cloud-based solutions irrespective of the many major advantages that cloud-based solutions can offer vis-a-vis ‘classic’ client/server applications.
If you work together with a professional cloud provider, then this partner is also responsible for the entire maintenance of the infrastructure (servers, operating systems, databases, backups, etc.). In times like these in which so-called patches are published on a weekly basis (usually for good reasons), then even this alone is a valuable service which takes the pressure of your internal IT department.
The level of availability guaranteed usually lies close to 99.99%; a level which the market leaders in the cloud segment also actually achieve.
In contrast to claims to the contrary recently made by representatives of TMS providers, a cloud-based infrastructure is particularly ideal for purchasing necessary computing power exactly in line with your requirements. I only mention this because it is totally false, as recently claimed by one provider, that this is not possible in a cloud. Quite the opposite is true. For treasurers, however, this factor tends to be negligible anyway if you ignore the fact that performance per se is a very important basis. There are also only very few computing operations for which you need more performance than usual, such as at-risk calculations in connection with Monte Carlo simulations, for instance. And for these purposes you can buy additional performance in the cloud at short notice and tailored to your needs for a defined period of time. I would love to know how issues such as this can be resolved by a hosted or on-premise solution such as those offered by TMS providers.
Maintenance and updates
From the perspective of a solution provider and to the advantage of the user, the maintenance of a cloud-based application is much simpler than that of an on-premise solution – no access is needed to the fire-walled infrastructure of the customer, possible 24/7, without tokens, and no maintenance windows. Moreover, the same rules of course also apply as those applicable to maintenance and updates in your own system landscape, particularly with regard to the issue of testing.
Multi-tenancy is key, and your own database too!
A key factor from the perspective of the user is whether the service of the provider is compatible with multi-tenancy. This has nothing to do with being able to set up several clients within a corporate group. It is about whether the application has been developed in such a way that it can be used by any number of customers using the same version. If this is the case, this radically simplifies the maintenance of the application, which is an advantage for the customer. But beware: In order for an application to be compatible with multi-tenancy use, this may involve extremely major interventions in the architecture of the software solution. An on-premise solution certainly can’t be made compatible with the Cloud overnight. Anyone who wants to convince you that a product from the 1980s immediately runs ‘in the Cloud’ might have a great sense of humor but certainly no idea about service.
The rise of Cloud-based solutions has been accompanied by the sharing of databases. This might still be acceptable in the case of non-critical applications, but you would be well advised to avoid this in the case of a treasury system. If you consider that an SQL database with one gigabyte of storage space in the Cloud costs no more than a double-digit amount in dollars per month, then the savings potential of a shared database are negligible.
Costs and cost transparency
Non-IT experts often ask whether a Cloud/SaaS solution should be cheaper than, for example, an on-premise solution. The answer to this question is not so easy. Firstly, you need to identify really all of the costs that are incurred in connection with running an on-premise solution, particularly those which are not easily identifiable and which are associated with the maintenance of your own infrastructure. This is a cost factor which you certainly shouldn’t underestimate. Overall, there are usually significant economies of scale which argue in favor of a Cloud-based solution in as far as the provider passes these on to customers.
If you make a fair comparison on the assumption of a five-year period of use, for example, then you will see that a Cloud/SaaS-based solution can generally be a little more cost efficient, although the purely cost-based difference will tend to be comparatively small. An important factor when making these comparisons however should also be the fact that, if you are relying on one of the large and well-known providers of Cloud infrastructure, you can assume that your system will always be state-of-the-art. This is why one of the most important questions to ask a provider of a Cloud/SaaS-based solution is which infrastructure provider the application runs on and where the data are stored. Encryption can be taken for granted and is only mentioned here in passing.
At the end of the day, a comparison such as this is also not only about easily quantifiable factors such as direct costs, but also about security, reliability and stability, not to mention trust in the provider. This last point in particular can be decisive – the best infrastructure in the world is worth nothing if you don’t have an overall package that you have complete trust in. The abbreviation SaaS is not only about ‘software’ but also about ‘service’, and this has to be right.
Security and the Patriot Act
One of the most common questions asked, also of us, is the following: “How secure are our data from unauthorised access?” This question is entirely understandable. The only place you’ll find an answer is in the contracts and agreements between the provider of the software solution and that of the infrastructure provider. Renowned providers let themselves be regularly certified and audited. Certificates such as these are not marketing stunts. They are only awarded to companies which actually meet the relevant requirements.
European companies are right to be concerned on the grounds of the US Patriot Act and the extensive rights associated with this allowing US authorities to access the data of US providers. It goes without saying that this is an issue and that you want to protect yourself against data landing in the wrong hands. But worrying about it doesn’t help. Every European company which has business relations with the USA is affected by the US Patriot Act in any case. We are therefore always a little surprised that this issue gets so much attention given that the US subsidiaries of European companies logically route all of their email traffic via providers in the USA. The data and information sent via email are often more critical than the prolongation of an FX trade by a month. Under normal circumstances, however, you can assume that data in the Cloud are safe and, in some cases, are even safer than those stored on your own infrastructure, particularly from a group perspective.
Martin Sadleder is managing director of Treamo Business Consulting, a globally active consultancy firm specializing in treasury management and the development of corresponding Cloud-based- / SaaS-software tools.