Blog
Stay Updated With The
Latest IT News
Choose Your Vendors Carefully
You may have heard about the recent hack of CDK Global, a retail software provider whose clients include nearly 15,000 car dealerships across North America.
The company provides SaaS solutions covering scheduling, inventory management, customer relationships, data analytics, sales, and more. Basically, the entire back office of running a car dealership.
When CDK went down (as of this writing, the outage is into its third week), car dealership clients went down with it, many having to resort to manual, paper-based processes just to keep things going. Some estimates suggest that year over year, the outage will cause a decrease in overall vehicle sales of more than 7% for the month of June — more than 100,000 cars.
Why am I telling you this?
Well, not because I think working with a cloud-based SaaS provider is a bad idea. No, as I have written before, the cloud is where you want to be.
But… it’s not without risk. The more reliant you are on your vendors to keep your business running smoothly, the more damage an outage of this type can do. All of which means you need to carefully vet the vendors you work with.
With that in mind, here are six things worth paying close attention to:
#1. Security and Compliance
Theoretically, anything can get hacked. But a vendor with strong data security measures in place — including encryption, access controls, and certifications (e.g., ISO 27001 and SOC 2) — is less likely to become a victim.
So ask about certifications, how your data will be stored and encrypted, and how access to your data will be controlled. Ask about how your industry-specific compliance requirements will be met (e.g., SEC, HIPPA, PCI). Ask about “incident response” — how the vendor deals with data breaches or other security incidents.
#2. Reliability and Performance
The vendor’s Service Level Agreement (SLA) should specify the amount of system availability you can expect as a customer. For example, a guarantee of 99.9% uptime means system downtime will not exceed a total of nine hours in an entire year.
The more essential the service is to your business, the more important are reliability and performance.
#3. Integration Capability
Does the SaaS service integrate well with your existing systems and third-party tools?
For example, we sell Microsoft licenses to our clients through a distributor. When we add a new client, once provisioned with the distributor, the client is automatically integrated with our billing system.
This type of integration (this is just one example, we rely on many) eliminates duplicative, manual work that would otherwise be required, something that is both expensive and prone to error.
#4. Support and Service
Here, you want to be looking for two things: Is support provided in a timely manner and in a quality manner (i.e., do they know what they are doing)?
In addition to asking the vendor direct questions on this topic, look for independent, qualified reviews. Take time as well to speak with existing customers. (All the better if you can identify customers on your own — the vendor will only share those that are happy!)
#5. Contract Terms and Conditions
In general, the longer the contract term, the lower the price.There’s no right or wrong answer as to where along this trade-off continuum you should fall; each business’s circumstances will vary. But if you know you will be using a vendor for the foreseeable future, negotiate a more favorable agreement.
Whatever the term, be certain you legally own your data in the vendor’s system and that should you decide to leave, you can export all of it and take it with you.
#6. Innovation of Product
Does the vendor have a reputation for updating and improving its products ongoing? If it doesn’t, you may be constrained by what you can do.
For example, if you work with a vendor for payment processing and new methods of payment arise (e.g., Venmo, Zelle), you want the ability to accommodate customers who use these services. Updates like these don’t automatically happen — the vendor needs to stay current and plan for these types of enhancements.
Choose Wisely
I don’t know the source of the CDK hack and it’s certainly possible the company did all it reasonably could have done to prevent it. But it serves as a cautionary tale.
For all its benefits, outsourcing your critical processes and data is not without risk. Be careful when choosing vendors!