Every time I hear of a web services failure, like the Google Mail crash yesterday, I’m reminded of a vendor briefing that my colleague Jay Heiser and I received from a small enterprise GRC platform vendor, Xactium, a few weeks ago. Xactium has built a GRC cloud computing solution on salesforce’s force.com platform — a pretty cool strategy when you think about it. This way they don’t have to maintain the platform and hosting, and they can just focus on the application functionality. From a customer perspective, you know that at least there is a big vendor, salesforce.com, supporting the platform.
But my colleague Jay asked Xactium: “What happens if you fail? What recourse do your customers have?”
Xactium responded that the data would still be there on force.com, and there are many companies that would have the ability to help the customer get to that data.
Xactium’s answer made a good point — the use of a well-accepted web services platform like force.com in and of itself helps to mitigate the viability risks of working with a small vendor — and for a non-strategic application of Xactium, that should be okay.
But then Jay asked, “What if salesforce itself goes away? What then?”
Silence on the line — then Xactium said they’d think about that one.
Another vendor risk management option might be to mirror the data and back-up key reports on your own servers — neither of which incurs significant expense. Escrowing the application may be an option as well, but who’s escrowing the web services platform?
So — you’re probably thinking, salesforce.com going away is pretty unlikely, right? I agree, but …. The day after the vendor briefing, this was in the news: Three Executives Leave Salesforce.com
By the way, Xactium is too small to make the EGRC platform magic quadrant — but keep an eye on them — using force.com to deliver a GRC SaaS solution is still a pretty cool idea.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.