ASP Industry Drivers

What Services Does an ASP Provide?

Currie (2003) reported substantial evidence for the reality of the ASP industry in the recent past and the transitional phase that some organizations have moved through in progressing to the ASP technology. The use of the ASP business model is facilitating the emergence of an intelligent informatics application, which can channel the flood of business information reaching customers and partners in various types of businesses. An ASP offers access to various types of applications—and the infrastructure and hardware to support them—on a subscription basis. An example of an essential service is wherein the ASP pays for the customer’s application licenses for you. It then sets up the application at a remote site on its own hardware and offers access to the application via the Internet or through a Wide Area Network (WAN) attached to your company’s Local Area Network (LAN), on a pay-as-you-use basis.

Other services an ASP can provide include system integration that facilitates existing legacy systems or new applications to interface with new IOISs and internal networks. Maintenance and support, including disaster recovery, backup, batch routines, and update management are also popular services. These services are usually adjunctive to either Help-Desk and Telephonic-Support or User access and application training. All ASPs promise their customers database security, firewalls, and remote access management as part of standard services.

ASP contracts usually define the minimum standards for the hardware supporting the application, guaranteed service levels, and response time. Fees are typically based on an estimated monthly charge, negotiated at contract inception, and adjusted at preset intervals or at the end of the contract term. The fees are composed of several costs, such as usage (e.g., number of hours or requests for access), license fees (including user and site licenses), services provided, requests for help-desk assistance, database size, backup routines, upgrade frequency, batch processing requests, data conversion frequency, etc.

What follows are a number of categories through which they can be understood:

• Infrastructure ASP: Some ASPs provide only computing power to run applications. They see themselves as successors to ISPs (Internet Server Providers). Rather than simply provide a connection to the Internet, infrastructure ASPs also host application software and make it available through browsers to their subscribers. Infrastructure ASPs do not create the software they host.

• Software ASP: Some software publishers want to give their customers a choice. The customer can license the publisher’s software and install and run it on their own machines, or they can rent the software, accessing it through browsers and the Internet. Typically, software ASPs host only their own software, though sometimes they host and integrate third-party software.

• Remote-Windows: Thousands of Windows software applications exist today and are mature and reliable. A straightforward approach to offering software ASP services is to make these Windows programs accessible remotely. As far as the user is concerned, the software is running locally, but, in fact, it is running remotely, with information passing back and forth between local and remote computers via the Internet.

• Native-IP: The remote-Windows approach generally does not take full advantage of the Internet, browsers, and programming languages such as HTML and XML. Therefore, most ASPs want, at least eventually, to host software that is written specifically for the Internet. At present, there are relatively few native-IP applications, and those are sometimes unreliable.

• Single-purpose: Some ASPs offer narrowly focused single-purpose applications. Provided the application solves a real problem, it may not take much effort to research and then choose this type of ASP.

• Comprehensive: Other ASPs provide comprehensive solution sets appropriate for an entire enterprise or major sections of it. These comprehensive solutions can provide more value than single-purpose applications, but they also bring more dependency on the ASP and thus more risk. Today most of the comprehensive solutions come from veteran software publishers who are hosting their Windows applications.

• System-solution: Another type of ASP provides solutions not just to individual entities, like your business, but also to a set of businesses which are elements of a system and interact to complete some cross-entity process.

• Solipsistic: Many ASP offerings do not acknowledge the existence of other software. That means that any data shared between it and other applications must be manually reentered. Over time, one would expect solipsistic ASPs to recognize and interact with other software in the insurance industry using XML standard.

• Background-service: Some ASPs are beginning to realize that their role is as a support function to primary applications. Not all ASPs need to provide a user interface and functionality direct to the user. Some rating engines and report-writing ASPs operate out of sight, feeding policy systems users interact with.

• Integration-platform: Rather than providing much or any real application software, the integration-services ASP provides a platform to link secondary and perhaps primary application services into what appears to be a seamless, broad application.

What Applications Will ASPs Support?

ASPs will support whatever applications can run on a computer, be it mainframe or client server. Systems typically supported include Enterprise Resource Planning (ERP) systems (such as SAP or PeopleSoft), sales, production and distribution applications, human resource applications, HMO billing and utilization review software, college class registration and billing, etc. Essentially, ASPs offer companies the opportunity to stay current with technology and be agile in the marketplace—in whatever line of business they happen to be—without significant outlay for software user licenses, hardware, and infrastructure improvements (see Table 2).

• Database, application, middleware, and interfaced applications site and user license fees

• Some implementation fees

• Hardware, network, and infrastructure improvement costs (such as telephony and environment)

• Some training costs

  The payment arrangement with the ASP would spread these costs over the term of the agreement. This approach reduces initial funding requirements and potentially offers monthly charges equal to or only somewhat higher than currently experienced monthly costs with an existing IS (for custom report programming, yearly license fees, monthly data conversions, etc.).

  Several research works established that management often need to fund an initial capital outlay of $250,000 to $1 million or more (Lauchlan, 2000; Linthicum, 2000; Subramani & Walden, 1999). With the ASP business model, the new IS becomes nothing more than a monthly cash expense, similar to one that is already incurred. Dependability should be improved, considering ASPs provide 24/7 support with service level agreements guaranteeing “uptime” in excess of 99 percent. Most companies cannot guarantee that level of service from internal technology departments. The real value proposition is that IT managers and their departments are left to tend to their own business (business opportunities identification, mitigation, and financing), rather than focusing on technology issues (McGinity, 2003).

Legacy Systems Support

In an ASP-hosted environment, your legacy systems and the database would be resident on the ASP’s hardware at their location. Depending on the access approach selected, the IT manager and all remote users would access the application at the ASP’s location via the Internet or the WAN. Data would be viewed, analyses conducted, and reports run in the same manner as if the application was resident within your company’s technology department. Remote users would have the same type of access as the risk management department, subject to those types of authority restrictions typically in place within your organization.

Monthly data conversions from the ASP site by IT manager/administrators would be set up by the ASP, as would security and firewall protection. Batch files are created, and the reports selected for delayed printing would be run during the night, along with data backup, disaster recovery routines, and other system maintenance. A primary function of the IT manager would be to ensure that these reports are provided and filed at your company location. The ASP also handles updates. The system vendor supplies the update to the ASP. The ASP pays for the license fees, updates the application, and bills you monthly on the same basis as payment is being made for use of the existing application the ASP is maintaining.

What Makes the ASP Business Model Attractive?

Different kinds of ASPs have somewhat different value propositions, but most would claim many of the following potential advantages over local software you manage:

• No need to install software or software upgrades

• No need to do daily backups and store them off site

• A built-in disaster recovery plan (at least in part)

• No need to frequently upgrade hardware to run software upgrades—relief for your capital budget

• Predictable IT expenses based on subscription and fee-for-use arrangements

• Access to applications and solutions not available in a local version, for instance, with cross-entity business system solutions

• Easy provision of Web-based applications to your customers

• Greater flexibility and scalability—expand or contract usage without impacting your technical infrastructure

• Faster time to market with lower capital investment

• Remote work force and telecommuter support

On the other hand, using an ASP poses some potentially new demands and expectations as well. Among them are:

• Need for universal high-speed connection to the Internet

• Access to software and data only when online, which potentially creates problems for travelers on airplanes or employees otherwise disconnected from the Internet

• Potential difficulties with local operations like printing

• Slow Internet response times with sub-ten-second rather than subsecond response times being the norm

ASP Concerns and Risks

The Internet Age is one of highly sophisticated and information-intensive activity involving many interlinked and interdependent business services related transactions. With a move to the ASP model, such transactions are set to grow exponentially, leading to fundamental changes in product and service delivery processes. Changes in technology act as a driving force for subsequent business process change (Davenport, 1993; Davenport & Short, 1990; Orlikowski, & Tyre, 1994; Porter & Millar, 1985; Porter, 1998; Scott, 1991). Considering ASP is a new industry, some providers are old established companies; others are not. The stability of these companies is reflected in the performance of the relevant technology stocks on NASDAQ. However, there are many well-known companies providing ASP services as well, such as IBM and Citrix.

When a company uses one ASP for all applications, integration between mission- critical applications (such as posting payments to accounts payable or to the general ledger) is normally simple. However, if a company has multiple ASPs or only some applications in a hosted environment, the back-end integration of these applications, which allows them to communicate, becomes complicated.

Another issue is that internal technology departments may view surrendering control of the application to an ASP as a vote of no confidence. In addition, there is always some risk in losing control of the application and your data when a third party has sole access (Guah & Currie, 2002; Little, 1999). The relationship between your ASP and the system vendor can also be tenuous, resulting in finger pointing when problems occur.

ASPs also subject subscribers to risks, including:

• Financial failure: ASPs (of all kinds) are subject to financial failure, and many new and promising ASPs have disappeared overnight, sometimes leaving their subscribers in the lurch. One horror story recounts how a business suffered the loss of not one, but two ASPs in succession, an experience that nearly put them out of business. The ASP alternative is new, at least to many trying to be one. They seem to be having a difficult time figuring out how to price their services, so that revenue reasonably matches their capital and operating expenses. It is wise to go into an ASP arrangement assuming that it will not be permanent. That means having an extrication and substitution plan in place.

• Poor performance: Generally speaking, an ASP should be willing to attach a service-level agreement to your contract. The agreement will spell out mutual expectations as well as remedies should the ASP fail to perform. You need to be certain that the ASP is in a position to deliver. If the ASP uses a third party to host its services, you will need to be assured that your ASP takes full responsibility for delivering services to you no matter what the situation is with its infrastructure ASP.

• Software integration problems: If the hosted software lives on a remote server controlled by the ASP, and you retain software locally, and some form of integration is necessary, how will that happen? Sometime in the future, integration may be straightforward, but today the problem can be real and overwhelming. Consider having the ASP explain how the integration will be handled.

• Security breaches: If you use an ASP, you must depend on them. What external and internal security measures do they have in place? It is not a trivial issue, and a legitimate ASP will be able to document and demonstrate their security provisions in some detail. The continued growth in the use of highly distributed networks supporting both Internet and mobile users is creating a continuous problem of making sure that the right person gets the access that is needed to business information, without leaving the systems vulnerable to attack from unauthorized users.

• Doubtful savings: Because ASPs presumably bring economies of scale, at least to smaller businesses, one might expect the ASP alternative to cost less over time compared with locally installed and managed software. But it would be a mistake to expect much, if any, savings. Using an ASP may introduce some additional expenses, for instance, broadband connection to the Internet for all users of the ASP.

Though most ASPs seem to opt for a subscription model, for instance, by identified users, seats, or simultaneous users, that pricing model may not be appropriate for you in cases where your usage is sporadic and clearly transaction based. In that case, you will want some kind of “by-the-slice” pricing. If the ASP pricing algorithm is based strictly on seats, you should be able to predict with some certainty what your monthly charges will be. But if charges are based on storage used, pages printed, bytes transmitted, etc., you may find yourself paying exorbitant fees that you cannot control.

Security

Our research findings highlighted security as a major concern for most of the businesses that took part (Guah & Currie, 2003). What is more, the technology that we are using is becoming increasingly complex, leaving more potential for errors that might just leave our organizations vulnerable to malicious attacks of all kinds.

Security needs to be inherent in all that we do. The first step is usually based around user authentication and control. The major problems are how to make sure that the person at the remote end is who they say they are and how to make sure that they see only the information that they are authorized to see. This simple customization of services provides a positive message for the users—personalization is a good thing—while also ensuring that access to corporate data is available only on a need-to-know basis.

Beyond user authentication, there is a need to protect data as the data passes across networks, and even when it is just sitting on a storage device. Firewalls and antivirus controls should keep our corporate systems fenced off from the dangers of the outside world, but we also need to make sure that the information transmitted to remote users cannot be intercepted. For this, there is encryption and compression that should render the data unreadable if, somehow, it gets misdirected.

Security should not be difficult in theory, but in practice, that can be the most critical aspect of ASP business. This aspect of IT is often neglected, as evidenced by many breaches (Checkland, 1983). More academic research is needed to determine and suggest areas of investigations that will possibly answer the following questions: Where are the potential weak spots, how can we do our best to avoid getting caught out? Furthermore, how can we control all of the security tasks that we need to keep our IT systems secure without making them too difficult to use for those that need access? These are the challenges the ASP industry has to overcome in the years ahead.