The Internet was blossoming and everything seemed possible. Up sprang companies that offered every service imaginable via the Internet -- everything from groceries to pet supplies and e-mail applications to shipment tracking. Best of all, one could use many software services without actually buying them -- instead they could be rented and accessed over the Web.

In this utopian world of hosted software available on-demand, the term application service provider (ASP) was coined -- one of the technology industry's many not-so-catchy acronyms. ASPs were at the threshold of opening countless doors behind which lay a world most in the industry couldn't even begin to imagine. But like most things that seem too good to be true, ASPs had a catch: It was too good an idea, one that was ahead of its time.

The short-lived dreams of ASPs were dashed when the existing IT infrastructure proved it was neither secure nor fast enough, and not nearly as reliable as was required. And so, around the turn of the century, ASPs limped off into a corner waiting for another moment to shine.

Resurrection

In less than a decade, the next generation of ASP has arrived. This time, though, it's called Software-as-a-Service (SaaS), and government has started noticing. Economic development agencies in Ohio and Virginia, the Texas Department of Criminal Justice, the Social Security Administration (SSA), and the National Geospatial-Intelligence Agency (NGA) are some of the early SaaS adopters. But what exactly is Software-as-a-Service?

"SaaS is, very simply, delivering application functionality over the Internet through a Web browser," said Leo Jolicoeur, executive vice president and chief marketing officer of @Road, an SaaS provider. "When we first put a label on ASP, it was originally the concept of taking existing licensed applications and delivering them in a sort of hosted form for customers who didn't want to buy that application. So it was all about applications that currently exist in licensed form delivered to customers without all that investment."

SaaS, according to Jolicoeur, is more than a rebranded ASP -- it's ASP grown up.

"As it's evolved from the original ASP offerings to Software-as-a-Service, we're seeing a much deeper, richer, robust set of applications and services that didn't necessarily exist in license form before," he said. "I think, in the future, we're going to see most applications delivered in Software-as-a-Service form."

There are tremendous possibilities built into SaaS for government, the most obvious of which is running an enterprise without buying any software -- meaning untold millions could be saved in licensing costs. Additionally SaaS means an agency need not dedicate IT staff to maintain and troubleshoot the application. That is all handled by the provider.

Other benefits include easy integration, collaboration, and free and automatic software updates. In most cases, only a Web browser and an Internet connection are necessary to access the software. Furthermore, the existing IT infrastructure enables both highly reliable and secure connections. However, this same infrastructure nearly killed ASP in the 1990s because it was not developed well enough to render ASP sustainable.

"The old ASPs were just sending things over the Internet that weren't necessarily secure, the servers weren't reliable and they didn't have appropriate backup systems; they didn't have fail over systems. These are the kinds of things we have that the old ASPs did not have," said Steve Nesenblatt, public sector vice president of RightNow Technologies. "[ASP] has evolved into a more reliable delivery mechanism. I don't think there's a core fundamental difference other than it's matured as a system to where larger organizations can rely on it."

Of course, Nesenblatt is aware that ASP critics are still around and will be quick to attack SaaS.

"We've seen some headlines -- The ASP Returns in Disguise," he said. "There's some cynicism because that part of that movement didn't work so well -- and it was largely because it hadn't matured as a market."

Scant Adoption

For government, SaaS presents an extraordinary opportunity. Currently the most common SaaS applications are customer relationship management (CRM) and enterprise resource planning (ERP) solutions, human resources software, performance management and e-mail systems. However, the potential exists to deliver hosted software environments where virtually any sort of software is available. Something as complex as an enterprisewide financial accounting system can be accessed just as easily as could a word processing program.

From the public-sector perspective, this represents the ability to dramatically reduce costs by eliminating licensing fees, maintenance costs and troubleshooting expenses while reducing the amount of labor needed to install, update and repair software housed on agency computers.

The question then is why is adoption in government so scant?

According to Phil Wainewright, CEO and chief analyst of UK-based consulting firm Procullux Ventures and a leading authority on Software-as-a-Service, SaaS is wellsuited to public-sector needs despite the slow adoption.

"There seems to be a fairly low rate of adoption in the public sector at the moment ... I think government has been concerned about the privacy and security worries," Wainewright said, noting the security risk card many play when balking at the idea of investigating SaaS. "The way the public sector buys software in terms of tendering for a specific project does match well to the way SaaS specialists tend to sell their wares."

On the surface, the security risks do seem apparent. Indeed, many of ASP's problems in the 1990s dealt with the lack of secure connections. However, that too is easily attributed to the immature nature of the technology architecture at the time. Modern IT infrastructure is light-years ahead in terms of security and -- at least as critical -- reliability.

Interestingly SaaS has found a rapidly growing home in the private sector. Companies of all varieties are adopting SaaS without the public sector's security concerns. And truth be told, in many cases, private-sector data is far more sensitive than that of low- to midlevel government agencies.

If the giant banking, lending and even medical industries handle extremely sensitive information comfortably in an SaaS environment, why can't government?

Like any technology adoption, government is more risk-averse and has to ask hard questions before taking the plunge. According to Curt Kolcun, Microsoft's federal government general manager, there are several issues government is considering -- or must consider -- when it comes to SaaS.

"Those [security and privacy issues] are elements that all have to go into that equation to determine, 'OK, is this an application or a capability that suits itself to move it off our plate? And do we have the ability to manage a service level agreement [SLA]? What happens if that service is not available? What's the mechanism of delivery relative to that application? And is it better for me to look to host it within my existing infrastructure or just pay for that capability to come in? What does that asset look like long-term and how does it fit into our overall architecture?'"

Microsoft's Michael Donlan, managing director of U.S. public sector technology and programs, added, "There are going to be some scenarios where they have privacy issues or sensitive data -- whether it's government- or health-care related because of HIPAA [Health Insurance Portability and Accountability Act]. So the degree that they have to keep this inside their own data centers versus outsourcing -- there's a lot of decisions that have to be made."

The Early Adopters

Despite the fact that SaaS is largely unknown in government, some scattered agencies and departments have taken the risk and given up at least part of their operations to an SaaS provider. Several factors motivate these early adopters. The first is that the security problems have largely been overcome. Second, the current push to apply performance metrics to government employees fits in well with the SaaS applications being developed. Third is the potential cost savings associated with an SaaS environment. Last, and perhaps most important, SaaS enables government to deliver the high levels of service that are increasingly in demand.

"Two years ago security was a big issue. It doesn't seem to be as big an issue anymore," said Jason Corsello, a program manager and SaaS expert at the Yankee Group. "I'm not saying it's not an issue, but the providers have done a tremendous job in ensuring a secure environment. And clients are smart ... they'll audit their providers, they'll audit the processes, and they'll ensure, outside of what the vendor basically tells them, that it's a secure environment."

With big-name corporations like Oracle, IBM, SAP and Microsoft getting into the game, there is mounting pressure for government to take a serious look at SaaS. Perhaps the last remaining obstacle is getting government to relinquish some of its control. Security issues and reliability can and have been addressed through technological advances. But a culture change takes more than fancy gizmos and guarantees.

But by giving up some of their control, government agencies can enhance the constituent experience. In some cases, it comes down to whether an agency's desire is to maintain control or improve service.

"Can you change the culture to accept this kind of model, essentially relinquishing control of your systems?" asked Carmen Krueger, industry principal for public services at SAP. "That requires a change and quite frankly I would say that is not unique to government. That is sort of a truism for any large organization. Agencies are going into this with eyes wide open. They're really analyzing the service levels the providers can give. The implications of not meeting those SLAs are clearly being discussed. The hope is that the service levels increase. You have a decreased cost basis and an increased level of service that assists the agencies in meeting their missions."

One of the most obvious places you'd expect to find SaaS in government is in those agencies that have the most in common with the private sector. Economic development agencies have many similarities to their profit-driven brethren. The goal of economic development agencies is to grow business -- and SaaS is taking root in helping this arm of government reach its goals.

In Fairfield County, Ohio, and Arlington County, Va., the respective economic development agencies have instituted their own SaaS experiments, each using the hosted software environment for similar purposes. In Fairfield County, SaaS CRM is being used to conduct online surveys of local businesses, while in Arlington County there is an SaaS CRM application and a just-launched ERP solution.

"We needed [a CRM solution] that was competitively priced, that was going to be available as is, out of the box, ready to go, that was also going to be customizable to what Economic Development needed, and also that was secure and reliable. So we looked at Software-as-a-Service," said Arlington County's Chief Technology Officer Christopher David. "Software-as-a-Service has also come in through the Oracle side. The county just launched its Oracle ERP initiative. That entire solution is being hosted in an Oracle facility in Austin, Texas."

The fear factor associated with SaaS is not lost on Arlington County. As Mike Goodrich, the county's director of administration, explained, it too confronted the issues that make SaaS seem so risky.

"I think there's somewhat of a sense of loss of stability, maybe loss of control. Security is always a concern as well. We're certainly seeing that with Veterans Affairs in the loss of however many millions of Social Security numbers," he said, referring to the recent security breach. "We've always tried to maintain systems in the government behind firewalls figuring that is the most secure. We went through a security review with [SaaS provider] Salesforce.com and were comfortable with the security level it provided for our data, which is extremely confidential."

For smaller -- and thus less funded -- governmental entities, SaaS can be a blessing. According to David Zak, director of the Department of Economic Development in Fairfield County, the benefits were obvious.

"I needed a solution that allowed me to have Web-based collaboration so I have all these different organizations able to access the information and a way we could track it ... to measure results and something customizable and that I could implement," said Zak. "I knew I wanted kind of a CRM solution. We're a small department. I've got two part-time and two full-time [employees]. Software-as-a-Service allows us to really integrate everything we are doing and use a sophisticated piece of software. I don't ever have to worry about getting updates -- they don't cost anything, which is huge. The flexibility I have is tremendous, with any Software-as-a-Service in general. I don't see it being used a lot at all in my industry, in the public sector. But I think it's going to catch on ... it's going to become something essential."

And it is catching on. From local governments up to big federal agencies, SaaS is quietly making an impression. At the Texas Department of Criminal Justice, CIO Robert Bray just implemented an SaaS e-mail system.

"The e-mail and messaging, that makes all kinds of sense," he said. "We were understaffed [in the past] and we were offering Lotus Notes, which is a nice e-mail system. But we were offering a vanilla version of it because we just didn't have the money to support it at a higher level. The nice thing about this outsourced, on-demand stuff is that they have all the steps in there if you want to get more sophisticated. You know what it's going to cost you if you do it. I don't have to hire people to do it, I don't have to fight for machines. All I have to do is say, 'This is what it's going to cost and if you want to do it, do it.' Anything that smacks of a utility, like e-mail -- anything along those lines -- I think it's ideal."

At the federal level, the NGA uses SaaS to distribute geospatial-intelligence data via the Web. With modern infrastructure, as well as modern demands for geospatial data, the NGA found that SaaS offered a cost-effective way to deliver data to a broad user base.

The federal government's response to Hurricane Katrina was widely criticized. But without the NGA and SaaS, even an admittedly subpar performance might have been much worse. The poor response was blamed partially on the government's inability to communicate between agencies. The NGA's use of SaaS actually facilitated such communication and can serve as a model other departments might consider.

"In Katrina, for example, our analysts were able to collaborate with FEMA [Federal Emergency Management Agency] analysts and other first responders who were down in Louisiana because we set up the collaboration sites on our site that allowed them to do just that. Having that common access point made it much easier for them to do," said Bruce Harris, NGA's director of IT solutions. "I believe we've got to get to the Web services model across all of our domains because that's the way we're going to be able to share data and integrate it across the different stovepipes that exist now, and across the different data sets out there."

Also in the federal government, the SSA has found a very innovative way to use SaaS to cut down on costs and improve service. Using RightNow's SaaS offerings, the SSA has moved its online frequently asked questions off its servers and onto RightNow's.

"Right now we're doing about 6 million page turns a month," said Bruce Carter, SSA's webmaster. "So there would be a substantial overhead. We'd have to maintain a server to serve the software to the public. The back end is an Oracle database so we'd have to maintain a database. And of course accompanying a server and a database server is the staff who has to maintain that. Their pricing scenario is such that there's no pricing advantage to hosting it yourself."

The other benefit, according to Carter, is when it's time for upgrades. Normally software upgrades mean a lot of labor and expense. But in an SaaS environment, it's as simple as a mouse click. And when traditional upgrades go haywire, agency staff can be in serious trouble. Not so with SaaS.

"One of the other advantages to having them host it is that upgrades are much simpler. If we host it, we're responsible for the upgrade. If it doesn't go well, we don't have to troubleshoot it. We don't have to dedicate staff at the Social Security Administration to installing new software and troubleshooting it if it's not entirely compatible with our infrastructure. To me that's the advantage."

Predictions

SaaS's future in government is uncertain. With only a handful of governmental entities taking advantage of the technology, it is difficult to foresee how the SaaS story will unfold. Widely considered a leader of the SaaS resurgence, Salesforce.com is well known in the private sector, but the inroads to government are still few and far between.

Daniel Burton, Salesforce.com's senior vice president of global public policy, laid out the reasons he thinks government needs to take a hard look at Software-as-a-Service.

"If you go through the characteristics of this model, there are no big upfront software fees; that's obviously very attractive to government. You're paying on a month-to-month subscription basis. It's very easy to customize so you're not locked into an architecture with a whole set of needs, and then if your needs, six months or 12 months out, change, all of a sudden you have this architecture you've built up and you can't change it -- so you can customize it on the fly every week, every day, every month if you want to. It provides a lot of flexibility. There are automatic updates so there's never any legacy software."

And Burton also offered up an SaaS benefit few in government have likely even considered -- a benefit that may eliminate forever the problems of implementing solutions that fail.

"The other piece that is very attractive to government users is that you can do a pilot and get it up and running in 30 to 60 days at a minimal cost," he said. "If you think, 'I don't really want to go this route,' you haven't lost any time or money."

The Software-as-a-Service era is, some say, right around the corner. All indications are that it is going to be the new way to conduct business -- at least in the private sector. As citizens grow increasingly accustomed to high-quality service delivery, can government afford to miss this opportunity?

Chad Vander Veen  |  Editor, FutureStructure

Chad Vander Veen is the editor of FutureStructure.com