If you did an inventory of your organization’s IT applications, chances are you would find a hosted software or storage solution in place. This might be your desktop office applications, sales, IT security, or even enterprise platform add-ons.

The principal drivers of SaaS applications for business also apply to security applications like hosted access control and video. These drivers can be tested and exposed through a ESRM methodology deployed by a Security Risk Management Services (SRMS) provider. Here are a few of the drivers we have found:

1. Time-to-Value (T2V). If you are interested in cutting the time and cost it takes to deploy a solution, consider that you would be avoiding purchasing, installing and setting up your own server as well as configuring your purchased on-premise application.

2. Reduced Total Cost of Ownership (TCO). The cost of purchasing materials as well as the labor in installing, maintaining and updating applications, stretches any budget. The labor can be redeployed to more strategic areas of your IT infrastructure.

3. The ‘Ilities’. We define security as a “mission critical” department and the IT software and hardware as mission critical tools. Most IT departments are chartered with provisioning mission critical systems. The ‘ilities’: high availability (99.999 uptime), reliability, maintainability, defensibility and finally, scalability are key elements of their scorecard. Much of this should be covered under the Service Level Agreement (SLA) between you and your SaaS vendor and the inherent functionality of a SaaS application.

4. Benchmarking. How often do you buy before you test and use? SaaS applications are designed to test your use cases and the usability of the application.

5. Budget Planning. Define your technology roadmap. This will help you plan and budget for the tools that will deliver on the key performance measures uncovered during the risk and technology assessments. SaaS applications are often classified as operational expenses versus a capital expenditure. This is an important consideration if you realize that most IT purchases must be upgraded persistently in this climate of cyber risks and performance constraints.

Is Physical Security ready for SaaS applications? Here are some suggestions that will help you regardless of your decision. They follow an ESRM approach.

1. Risk Assessment. Ensure you have brought in fresh eyes to evaluate your organization’s risk, resilience and security. Include a technology risk assessment as well. Find an organization that has the pedigree in risk and in technology.

2. Strategy and Planning. This is not a plan for just closing the gaps. It is also a plan for measuring your value. This will require you to define your measures of performance that is well understood by your line of business owners and the C-Suite.

3. The Data Model. How will the data flow between people in a process? This helps guide the technology architecture and the interoperability standards between applications. After all, you are trying to optimize on one hand and on the other hand, create an aggregated data picture that will give you a 360-degree view of your program.

4. The Security Solutions. Now it is time to begin evaluating solutions. You will invariably be thinking in terms of bundling devices, applications and services. Given the fact you have done your homework, you have the value argument for a proposed budget. As well, you have developed use cases that will guide your evaluation criteria. We call this a technology scorecard.

Are you ready to take these four steps? That is, are you ready to optimize your strategy and budget as well as consider a hosted and managed service?