Friday, June 11, 2010

Why ALM softwares with SaaS model are good for Startups ?

Many software developers express doubts when I tell them that hosted ALM softwares with SaaS model are good for startups.  Typically the arguments are two.

  1. I am software developer, I can setup my own Trac, Subversion (or some other version control), bugzilla (or some other bugbase). Why should I pay for something I can do on my own ?

  2. I don't want to put my code on some other companies server.  What if it gets stolen ?

Lets examine these arguments in more detail starting with first argument, 'I can do it on my own'.

Why should I pay for something I can do on my own ?

If you are experienced software developer, you can definitely 'do it on your own'. However, if you are startup founder where will you like to spend your time ?  Do you want to spend time working on your own idea or you want to spend time on setting up version control, bugbase, taking backup etc.  You can spend some initial time in deploying the basic infrastructure, what about maintaining it?  Someone has to regularly spend time in keeping these infrastructure running.  Someone has to spend time on taking regular backup, applying security patches to servers, upgrade to newer versions of software, etc etc. The time spent on all such 'non-value added but necessary'' activities is significant.

When you go to a hosted ALM provider like 'BootstrapToday',  activities like taking regular backups, server maintainance, upgrade to newer versions, any data migration are handled by ALM service provider. Hence startup developers are free to spend more time on developing their own ideas.  Usually these are 'integrated' ALM applications which provide at-least version control, issue trackers in one package. BootstrapToday also provides Wiki and some very basic project management and time tracking capabilities.

I don't want to put my code on some other companies server.  What if it gets stolen ?

This is a very legitimate and sincere concern.  However, many time its seriousness is exaggerated.  What are the 'threats or risk'' to your IPR if you host your IPR on ALM providers server.

  1. Someone may hack your ALM providers servers and steal the source code.
    This risk exists even if you are hosting source on your server especially if server is accessible from outside the company network. If source code hosted on a server accessible only inside the company network, then this risk is less. However, it also means that your developers have to work from company premises. In case of startups, sometimes the founders are in two different cities and still want to access the source, then you want to spend time/resources to create a VPN, make sure the server is up 24/7, etc.

  2. An employee may steal the source.
    Again this risk exists even if source code is hosted on your own server. Still you may want to make sure that employees cannot access source code from their homes to minimize this risk. Typically ALM providers have additional security features like IP address based access restrictions.

  3. ALM provider may look at the source and sell it to the competitor.
    ALM providers like us (BootstrapToday) are not stupid. We know that if we do this even by mistake, we are finished. No one will trust us after that. Hence we have contracts that specifically ensure that we cannot do this. We have additional restrictions on which employees can directly access the data on our servers.

As ALM service provider , we have to to be extremely serious about the security of data of our customers. We have to take special care in design, deployment of our software, security of our servers, backups.

So if you are hosting the code on ALM providers server, the risk to your IPR does not really increase in any significant way.  Still sometimes startups have their own (many times imaginary) fears about their protection and security of IPR.  Unfortunately rational arguments do not work on such 'fears'.

Are there any situations where SaaS model is not appropriate for a startup ?

Yes there are situations where SaaS model is not appropriate.  For example, lets assume that you are working on project for US government (or Indian government).  In such cases, your contract may not allow hosting the source on servers outside your company.

(NOTE : This article is imported from BootStrapToday blog)