This is part two of our deep dive into the questions every organization should be asking with regards to protecting and retaining access to their data before moving to the cloud. You can read part one of this blog post here.

API or bust

If you’re going to wed your business to a SaaS app, you should be able to access and input data into that app programmatically, either with off-the-shelf or homegrown software.

It’s not enough that an app have an API, but that API must be robust and have available documentation that ensures you can leverage the technology. Oh, and if all that is available, is there an extra charge for using the API?

Key API questions you will need answers to:

  • Does the app offer an API?
  • Is there an additional charge, or limitation of access, for the API?
  • Is there healthy documentation of the API, so your own developers can use it?

Third-party apps, quantity and quality

Following up to the existence of an API, it’s preferable that there already be an ecosystem of third-party apps that extend the functionality of your SaaS application. While you can use the API to custom design extensions to the SaaS application, a mature app will likely already have available solutions you can purchase and integrate with the core app.

Third-party backup, too…right?

No, your cloud app isn’t “already” backed up

Nearly two thirds of all SaaS data loss is user error. Cloud apps can’t protect you from yourself.

Software can’t distinguish between intentional commands and “oops, I didn’t mean to do that” so no amount of hardware redundancy—protection from server crashes or hard drive failures—can save you from yourself. Likewise, if a hacker steals your password and tells Google to delete data, Google will do as its told. This is why having a Google Apps backup in place is so critical.

What’s scarier is that the second biggest cause of data loss is unknown, which is to say cases of user error, hackers or third-party app bugs that erase data so completely you can never figure exactly what went wrong. All you know is that hardware failure wasn’t the cause; something told the SaaS app to delete your data, and it did.

The most important third-party app you can connect to your SaaS application is independent backup and recovery. It’s the only way to protect your users from themselves.

Support: Who you gonna call?

Even the best SaaS app occasionally suffer errors. What separates good SaaS providers from bad is how they respond to those errors.

First, check out their support documentation—a knowledge base or user wiki—to ensure it covers the most common error states with clear, useful recovery instructions.

Second, during what hours and days of the week is live technical support available, and how do you contact them? A phone number should always be an option, because email is too easy to ignore. Phone response is timely response.

Key support questions you will want answers to from your SaaS provider:

  • Is there support documentation available to users and administrators?
  • During what hours and days is live technical support available?
  • Are there multiple tiers of application support, and what do they cost?

Security procedures, for you and them

Every account type should support multifactor authentication, but this doubly so for administrator accounts. It should take more than just a username and password to get high-level control of your SaaS app and its data.

Many SaaS providers—Google in particular—have terms of service and security stipulations that allow them to preemptively lock out accounts that display suspicious activity. Too many failed login attempts, uncharacteristic transfers of data or currency, or other unusual behavior can prompt the provider to lockout an account and alert you that access has been suspended due to suspected wrongdoing.

Key questions for your SaaS provider to answer:

  • Does the app support multifactor authentication?
  • Under what circumstances can the provider lock you out of the app?
  • What is the access recovery procedure?

You should know up front if your SaaS provider reserves the right to suspend access, under what circumstances access can suspended, and what established procedures are in place to regain access to a SaaS account. If your administrator is unexpectedly locked out, that’s not the time to spend three hours reading support documents on how to file a petition to get a new password.

We hope this two-part blog series helped educate you on the questions your organization should be asking every SaaS provider. What did we miss? Is there a key questions that you have asked or wish you had asked? Leave a comment and let us know.