Is NetSuite monitoring your ERP activities?
SaaS has gained significant traction in the area of CRM, but customers have been hesitant to deploy ERP applications on the cloud. ERP Cloud News has discussed several possibilities for this including lack of customization capabilities and fear of exposing financial data.
Recently, we spotted a discussion on Dennis Howlett’s blog where he reports a discussion with Vinnie Mirchandani:
“In a back channel discussion with Vinnie Mirchandani, he said that NetSuite’s Zach Nelson saw the recession coming way before the headlines started to dominate the general news. How? Because NetSuite manages the data for more than 6,000 companies and he could tell by observing activity levels how customers’ business was trending.”
Mr. Mirchandani gathered this information in an interview for his upcoming book “The New Polymath” which will be available in June.
According to some, using this information in aggregate is completely acceptable. In other words, if your ordering and sales activities drop, you and your SaaS provider will be the first to know.
Hopefully your SaaS provider isn’t tempted to dig further into your activities as they search for ancillary sources of revenue. Wall Street firms, analyst firms, and others are willing to pay big money for these leading indicators.
Should you worry?
No, but you should be diligent. Presumably NetSuite and other SaaS providers have procedures in place to guarantee that your data is not available to them in any shape or form. If “activities levels” are required for billing, then obviously this data will be available, but it’s up to your SaaS provider to control how that information can be used.
Forrester Research cautions companies considering using cloud-based services to gain a clear understanding of the security privacy and legal consequences before contracting with any service provider. Read More.
You should make sure that you have full audit rights to all activities that are performed with your individual data records as well as your aggregate data. You need to make sure that you do not run afoul of something like Sarbanes-Oxley because your SaaS provider is monitoring your inbound and outbound communications. Compare your organization’s risk management and compliance priorities those of your SaaS provider.
Can SaaS providers be hacked?
Odds are that your SaaS provider will have better procedures in place and more security expertise than you can provide internally. But, your SaaS provider will also provide a bigger target as witnessed by some of the recent mishaps with security at Google.
As proponents of “ERP cloud” we defend the notion of using SaaS and cloud computing, but caution that proper management and perhaps an internal cloud option is required. With an “internal cloud” you are in control of your own datacenter and processes, however, this can be more expensive than outsourcing to a provider with hardware, management personnel, and processes already in place.