ASP Trap: The complete guide

The ASP industry is young, and it's still got a lot of kinks. You can't always tell when you're about to be bamboozled or marooned. But some common traps have doomed a disproportionate number of partnerships. Here's how to avoid getting burned.

The ASP Trap
Like many technology sectors, the ASP industry is in perpetual turmoil. And for far too many companies it has become a pit of deception, exaggerated claims, and unfulfilled promises.

Bait and switch
In the race to build their customer bases, ASPs often oversell what they can do, promising easy access to the most desired applications for cents on the dollar.

Here today, gone tomorrow
And the only way to avoid these costs is to screen your ASP with keener scrutiny than you'd apply to any other business partner.

Not my job, Boss
Even when you've found an ideal ASP, can you trust its partners? Virtually all ASPs promise secure servers, bulletproof uptime, and 24-hour instant customer service. But often, a third party is responsible for making good on this sweet talk.

Bad marriage
To avoid the greatest trip-up of all, imagine the terms for divorcing your ASP while standing at the altar.

What to look for
Don't get caught in the ASP trap. Here are five ways to make sure you get what you pay for with a service provider before you sign a long-term contract.

Spot the survivors
1,800 ASPs want your business. Fewer than half of them will survive this year. As a potential ASP customer, how do you spot the survivors?

The ASP Trap

When HostLogic, an application service provider, failed to secure a second round of US$40 million in financing in mid-December, it started handing pink slips to its 100 employees. But signs of trouble came months earlier, when Alan Yuster, president of Invicta Vision (formerly EyeAmerica), says he began receiving invoices for promised consulting and training services HostLogic had never delivered. "They never installed the system," Yuster says. "We never received the hardware or software, but we were receiving so much documentation for money that we knew something was amiss." In November he cut his ties with the ASP.

Herbert Goertz, HostLogic's founder and CEO, calls the allegations untrue. In fact, he says, Invicta never signed a contract with HostLogic. "They fired their whole management team and almost went into bankruptcy," Goertz says. "We ended it with them. We were the hosting partner-to-be but never hosted them since they got new management."

Yuster responds, with irony: "I find it wonderful that he's given you this response. I'll take that as an official release of any possible claims."

HostLogic filed for Chapter 7 bankruptcy on February 28â€"and it remains to be seen whether its creditors will go after Invicta to help pay HostLogic's bills.

Such nasty finger-pointing has become all too common with outsourcing partnerships. Like many technology sectors, the ASP industry is in perpetual turmoil. And for far too many companies it has become a pit of deception, exaggerated claims, and unfulfilled promises.

Still, the strategic benefits of using an ASP are irresistibleâ€"to companies large and small. Why pay software companies every year for the privilege of installing and supporting their applications on an arsenal of PCs when you can hire out, accessing the same programs across the Net? Your company gets best-of-breed applications as soon as they're available. ASPs have reduced client companies' IT costs in some cases by as much as 20 percent. And you gain speed to market. What's more, you can focus on your core business, rather than on the Byzantine art of building your own IT shop.

Even companies that have been burned by ASPs typically haven't lost their faith in outsourcing. According to Greg Blatnik, a vice president at Zona Research, which published a study on ASPs in January, 65 percent of the businesses Zona surveyed use ASPs, with most renting between two and six applications. And most of these companies plan to add more applications in the future.

So why the sour grapes? The industry is young, and it's still got a lot of kinks. You can't always tell when you're about to be bamboozled or marooned. But some common traps have doomed a disproportionate number of partnerships. Here's how to avoid getting burned.

Bait and switch

In the race to build their customer bases, ASPs often oversell what they can do, promising easy access to the most desired applications for cents on the dollar.

Foodservice.com, a content site and e-marketplace for the food service industry, found itself trapped when its ASP repriced its services after a software upgrade.

Karin Wertheim, Foodservice.com's cofounder and vice president of e-business services, says the plan was to run Oracle software with ColdFusion, which would allow the company to turn its flat files into a relational database. But her service provider, Breakaway Solutions, "had tremendous problems running ColdFusion with Oracle," Wertheim says. "Our site was continually down. Breakaway believed it could run ColdFusion on a Sun platform when it works better on an NT box."

Problem was, Wertheim says, when Breakaway switched Foodservice.com's apps to a Windows NT server, the ASP also repriced the contract.

Wertheim says she felt snookered. Breakaway, she says, pulled her in with affordable prices, then jacked up costs after it debugged the system. "They assured us when they signed the contract they knew how to take care of the problems," Wertheim explains. "Instead, we were down a couple of times a week, sometimes for a few hours. When we did switch to NT, it was fine."

Ultimately, Wertheim dumped Breakaway in favor of managing and hosting her company's databases in-house. Sharing services was unacceptable, she saysâ€"and she didn't like losing control of her company's data and having to ask someone else to run reports for her. In the end, she says, Foodservice.com found it could run three servers for the same price Breakaway charged to share servers.

While ASPs bill their services as an inexpensive way to get to market quickly, they could be a more expensive option long term. Once you're hooked with fast setup and low cost of entry, it's often too costly to shake a relationship.

Cost analysis is key, says Lawrence Chiango, corporate vice president of technology at Cornerstone Brands, a USinternetworking client. "There were certain costs I wasn't expecting," he says. "If you're the type of business that constantly wants to be upgrading and establishing promotional relationships to drive traffic to your site, you need constant changes. If you just want to do basic cosmetic changes on your site, the cost behind the certification process the ASP charges you to test it and recertify the code can be equal to or greater than the initial development effort."

These changes don't come cheap. "People need to look at their contracts very closely and at their projected development time," Chiango says. "They got you up very quickly for low cost. But does the [additional] cost every time you need to make a change in your site fit into the development plan?"

Chiango's advice: Involve your technical people in all ASP implementation decisions. After all, they know how systems willâ€"or shouldâ€"integrate, and how much additional technical work will need to be done over the life of the project. "You have these marketing and finance majors making tech decisions that six months or a year down the line are very costly because they didn't have that knowledge," he says.

Here today, gone tomorrow

Worse than getting gouged on price is being left holding the bag.

When HotOffice announced on its Web site that it would shut down in mid-December, it was the first that John Simmons heard about it. The senior vice president of service teams for Greeson, a food broker, was surprised to say the least. "When I spoke to senior management December 1, I was told they had secured funding," he recalls. Greeson had used Hot Office's platform to link its sales offices in Columbus, Indianapolis, Toledo, Detroit, and Cincinnati via email and document sharing since 1998.

Last year, Simmons noticed inconsistencies in service. "As they grew, their capacity to meet customer needs was strained. The last six months were bumpy, and we'd go offline," he says.

When it came time for Greeson to update its contract with HotOfficeâ€"just days before the ASP would announce its demiseâ€"Simmons says he was told everything was in order. But when the closure went public, Simmons had only two weeks to pick a new ASP and transfer his company's data. It took a week for the company to research new options and another week for employeesâ€"taking time away from their jobsâ€"to transfer their information.

Employees' time adds up. And the only way to avoid these costs is to screen your ASP with keener scrutiny than you'd apply to any other business partner. Many ASPs will oblige you with general information: how many clients they have; how big their clients are; and general financial information such as earnings to liabilities, historic retained earnings, and receivables to accounts payable.

Better ASPs will provide their entire list of customers, rather than a handpicked group of references, if you ask them. George Tomko, CIO of Astaris, demanded a list of all eOnline's customers before he signed up. "I said, 'I want you to give me your entire customer list and allow me to call anyone I want,' " he says. "At first, it caught them by surprise, but they gave us their whole list. We weren't looking for glowing recommendations. I wanted to know if they had encountered any problems and if they could recommend eOnline after going through [the implementation]. It's not the warts I wanted to see, but whether they had been cured."

An ASP's clients may be less than forthcoming about their arrangements. Yet you needn't be invasive. Ask whether the ASP met its service-level agreement 100 percent of the time. Did they get reimbursed when ASP errors caused downtime or other problems? Ask about reliability, customer support, data backup, and how well the ASP's development staff communicated during the setup phase. Would those references use that ASP if they had to do it again?

Not my job, Boss

Even when you've found an ideal ASP, can you trust its partners?

Virtually all ASPs promise secure servers, bulletproof uptime, and 24-hour instant customer service. But often, a third party is responsible for making good on this sweet talk. In the worst scenarios, the ASP is little more than a middleman between you and a host of companiesâ€"including the software makers that write the applications.

One e-tailer, which wishes to remain anonymous, noticed that while customers could place orders on its ASP-hosted site, the orders weren't being routed through its internal ordering system. Something was wrong. A manager called the third-party data center, Digex, to find the point of failure. A router wasn't working properly, but data centre staff couldn't pinpoint the exact problem.

Digex staff then allegedly told the retailer that because its service-level agreement was not with the data centre but with the ASP, there was nothing it could do. "It took us five days to get it fixed," says the retailer's CTO. "We've never been down that long. They didn't know if it was a software problem. It took a lot of work on our part to identify what the problem was. We had to get someone from 40 minutes away to get into [the data centre] to fix it in about two minutes. There was nobody there except the guard."

These are the kinds of headaches that get buried in the fine print of your contract. There's no sure-fire way to avoid traps with third-party partners, but it's crucial to find out how your ASP ensures that its partners will honor your contract. When the ASP has a problem with hardware, who do you call? Ask for a dedicated account manager so you're not making calls in a vacuum. Also find out how many people answer phones in customer support.

"If an ASP gets notified of a problem when the customer calls, that's too late. Bigger players have more control of the process and know where the points of failure occur," says Brice David, director of consulting at the Strategis Group.

Visit the ASP's data centre. Who owns it? How many people work there? Who has access to your hardware? Who fixes problems? Someone will be fiddling with the server that houses your dataâ€"and it probably won't be an employee of your ASP. Know the chain of command. Get a list of names and bios of people with access to your data.

"If I were the CIO, and it were my decision to outsource, I'd treat the employees as if I were hiring people in-house and look at their résumés," says Melissa DiDonato, vice president of services marketing at eOnline. "They aren't XYZ employee. They are supporting my mission-critical data. I'd want to meet the architect and the other employees. Never underestimate the power of people."

When touring the data centre, look at how the server cages are set up. Check the backup and disaster-recovery processes. Do competitors that use the same data centre have access to your servers? Is the climate controlled? How is security access enforced? Are you sharing your server with other companies? Can the routers easily be switched off?

Astaris's Tomko says the data centre walk-through is telling: "If I walk into an airplane hangar and the tools are strewn about, there is grease all over the place, packaging and trash [are] all over, and the people are in disarray, I don't want to fly that airline. Now compare that with an airline hangar where the workers are in white coats and the tools are packed away neatly."

When 99.99% isn't good enough
Lots of service providers guarantee 99.99 percent uptimeâ€"the so-called four nines. Sounds like bulletproof reliability, but it actually translates to about 50 minutes of downtime per year. Is that acceptable?

Companies that deal in critical functions such as online financial transactions, high-volume business-to-consumer e-commerce, or medical applications that handle patient info in real time, require 99.99 percent uptime, says former Gartner senior analyst H. Peet Rapp. But if even an hour of downtime is too risky, opt for five ninesâ€"99.999 percent uptime, or a maximum of five minutes of downtime per year.

Other applications, such as customer relationship management, generally don't need more than three nines (99.9 percent uptime, or a max of 500 minutes of outage per year). Human resources or sales-force automation apps that small or medium-size businesses use less than 50 hours per week would be covered with two nines: 99 percent uptime or a maximum of 5,000 minutes, Rapp says.

Bad marriage

To avoid the greatest trip-up of all, imagine the terms for divorcing your ASP while standing at the altar.

For starters, identify a backup ASP in case your partner closes shop or the relationship sours. "Pretend you need to go through the process this weekend," says Dave Boulanger, research director covering enterprise management at AMR Research. "Who owns the data? Who converts the data? Who owns the interfaces? Who pays for the conversion? You need a transition plan even before you sign the contract."

While you're at it, determine whether you will pay penalties for ending the agreement earlyâ€"and clarify termination remedies in the contract. Make sure to fully document your system's source code. You need to know exactly how your systems work if that ASP goes belly-up. What's more, you don't want programmers to be the only people holding your company's information. If they leave, they take that knowledge with them.

Better ASPs provide punitive reimbursements when the terms of your contract aren't met, including when outages and slowdowns occur. Make these a demand. You'll also want to flesh out vagaries that may come back to haunt you. If a system slows down considerably, is that considered downtime? Designate a threshold. When you hit five seconds of slowdown, that's an outage. Check an ASP's service-level agreement on continuous availability and consecutive-month requirements before you can expect payment for failures. Know that one minute or one hour of downtime can cost thousands of dollars in productivity (calculate a specific amount for your company). What happens if it goes down at 2 a.m., or several times a month for 12 months in row? How much money do you lose? Then incorporate appropriate punitive damages into your service-level agreement.

Also, how quickly will you require your service provider to respond toâ€"and resolveâ€"problems and update applications? Put fees at stake. If there are repeated failures, find out how you can get out of the contract. Solid ASPs will have the answers documented.

Stating the obvious, one e-tailer who got caught when his ASP went belly-up, sighs, "Nobody cares for your business the way you do."

What to look for

Don't get caught in the ASP trap. Here are five ways to make sure you get what you pay for with a service provider before you sign a long-term contract.

• Check for battle scars.
  Ask for a complete customer listâ€"and check those references. Would they use that ASP if they had to do it again?

• Uncover hidden expenses.
  Find out if prices go up if your company grows or switches to a new application.

• Rattle the piggy bank.
  Request copies of the ASP's financials. What are its earnings compared with debt? Does it have enough money to stay in business for another four monthsâ€"or four years?

• Do a background check.
  An ASP is only as good as its worst partner. Make sure a flaky partnerâ€" whether providing infrastructure, data storage, or other technologyâ€"doesn't drag you down with it. And be sure to tour the data centre.

• Put it in writingâ€"and plan your exit.
  Solidify your contract in a detailed service-level agreement. Put performance fees at stake and demand cash back when your terms aren't met. Be sure there aren't any penalties for ending the agreement earlyâ€"and clarify termination remedies in the contract.

  Spot the survivors

  1,800 ASPs want your business. Fewer than half of them will survive this year.

  The tech downturn last year stranded the fledgling ASP industry. Analysts rushed to change once-optimistic forecasts from a $1.2 billion market projection for 2001 to about one-third of that amount. Of 1,800 ASPs, only 40 percent would last the year, analysts said. "The phenomenon of 2001 will be the vultures circling," says Dave Boulanger of AMR Research.

  In the fourth quarter of 2000, USinternetworking announced layoffs, then early this year USi, NaviSite, and Breakaway Solutions announced more layoffs. Still unprofitable, the darlings-turned-dogs traded below $2 a share in early May, having lost more than 90 percent of their value year on year. KPMG dropped its stake in Qwest Cyber Solution. And software makers like J.D. Edwards, which had recently gotten into direct hosting, quietly retreated to selling software the old way.

  As a potential ASP customer, how do you spot the survivors? Look for companies with the potential for long-term customers. Smart ASPs offer applications and services to companies "where there is no way on earth they could begin to replicate that application themselves," says H. Peet Rapp, a former senior research analyst with Gartner. For example, a provider could take a payroll application for a sales-heavy field and add a way to incorporate bonuses and commissions based on a particular vertical industry.

  Ultimately, the survivors will be more than just software partners. "Successful ASPs will need to own some technology," says Steve Crummey, cofounder and CEO of Intranets.com. "Applications are the glue."