With respect to access controls, if the data is to be shared among users, then it will be important to have levels of access control beyond just "administrator" and "user". Granularity of access control is one of the areas where online services differ from each other so up front investigation is important.
As for security, its generally not an issue but always a question to ask. The data, at a minimum, needs to be encrypted both in transit and at the service provider site. There also has to be security so that other organizations do not have any way of accessing your data. Again, this is generally taken care of, but it is always important to ask and be comfortable with the answer.
Finally, a discussion on SaaS would not be complete without mentioning Web 2.0. Most Web 2.0 sites are a form of SaaS. The key here is collaboration. A great example of this is a Wiki, a website that can be quickly edited by its visitors with simple formatting rules. Someone can create a Wiki for a purpose (such as writing this article) and others can comment, make changes or provide background information. Everyone has access to this information anytime and from any location.
The beauty of using a Wiki from a service provider is that it can be up and running for a new project in minutes and no special access or VPNs (virtual private network) need to be created. SaaS will move from being a more efficient way for SMBs to run complex software to being a more efficient way to collaborate as Web 2.0 solutions take shape.
So does SaaS make sense for SMBs? The answer is yesat least for certain types of applications. Applications that are expensive to configure, manage and keep up to date are ideal candidates for SaaS offerings. However, for applications that have high data transfer requirements, such as backup where you may need to get a large amount of data back quickly, SaaS solutions are not always a good fit, unless you have local and guaranteed access to the data. SaaS will continue to grow and should be evaluated carefully for each application.
George Symons currently serves as CEO of Yosemite Technologies. Mr. Symons joined Yosemite from EMC, where he served as chief technology officer for Information Management, responsible for defining EMC's product and technical strategy. He also played key roles in the integration of Legato enterprise backup and recovery products and Documentum content management software into EMC.