At the start of 2020, 87% of public sector organisations surveyed by UKCloud expressed a desire to move traditional IT environments into the cloud. However, due to the effects of the Covid-19 pandemic, the rate of cloud adoption in the UK has grown significantly this year, as many companies not already in the cloud were compelled to migrate to it by enforced remote work.

It is therefore predicted that the software-as-a-service (SaaS) market will be the largest market segment, and is forecasted to reach $116 billion in 2020, due to the scalability of subscription-based software. The overall demand, legislation and compliance requirements — and need to protect worker data as businesses rapidly shift to remote work — are all factors creating a groundswell of demand for simple SaaS offerings (or SaaS-based).

But IT managers don’t always share their colleagues’ enthusiasm, particularly at small and midsize businesses that have historically managed IT internally. As guardians of their organisations’ precious data assets, IT managers are instinctively cautious and may believe that giving control of servers and critical applications to a cloud provider is risky. Security, systems management, compliance and performance are also often cited as concerns.

These concerns are largely overblown, with many of them rooted in outdated perceptions. Commercial SaaS has greatly matured in the more than 20 years it has been available. The value proposition is compelling: cloud providers enjoy economy-of-scale cost savings that they pass on to their customers as subscription or usage-based prices. The same economics also enables them to provide security, availability and data protection that exceed the capabilities of all but the largest enterprises.

This article helps financial professionals address five of the most common issues about the cloud in general, and SaaS in particular, so that they can build a collaborative approach to cloud adoption with a local partner.

Will I have less control if I move to the Cloud?

Few businesses would say that managing computing infrastructure, installing and testing applications, applying updates and securing against cyberattacks is a core competency. For cloud service providers, however, expertise in these areas is essential to their business.

Cloud platform and SaaS providers unburden customers from the tedious and often risky details of managing infrastructure and applications. They provide reliable and scalable service and keep current with all the latest updates and patches. Contracts and service-level agreements (SLAs) guarantee specified levels of reliability, performance and availability. All other control rests with the customer, who owns the data and gets the benefits of speed, agility and flexibility without the cost and complexity of managing infrastructure and applications.

Is the Cloud secure?

This myth is rooted in one misperception and one out-of-date perception. The misperception is that the record number of breaches of data stored in the cloud in 2019 casts doubts on cloud security. The reality is that these breaches of public cloud data stores are almost always the result of user error rather than security failures.

Public cloud operates under a shared responsibility model in which infrastructure security is provided by the cloud vendor while customers are responsible for application and data security. Unfortunately, many customers don’t understand this distinction. Enterprise Management Associates found that 53% of the IT and security professionals it surveyed believe infrastructure as a service (IaaS) providers are accountable for most or all public cloud security.

Does Saas offer any scalability or availability guarantees?

The reality is that no one can ever guarantee availability on-premises or in the cloud because of the number of factors that are beyond the hosting provider’s control. That said, for the reasons listed above cloud companies are much better equipped to provide reliable availability. They employ the best protections against such disruptions as regional outages and denial-of-service attacks and use state-of-the-art failover and backup practices that few of their customers could afford. Cloud SLAs also provide customers with remedies when service levels aren’t met.


Can Cloud applications be customised?

Customising packaged applications is a controversial practice. Modifications to the code can introduce dependencies that invalidate support agreements and limit customers’ ability to stay current with new software releases. The process is labour-intensive, requires extensive testing and even then can’t be guaranteed to be reliable.

Cloud software providers rely upon extensible platforms for customisation and application program interfaces (APIs) integration. An extensible application can be extended without modifying its original code base using platform-as-a-service tools, plug-ins and/or modules. For example, an insurance company might use extensions to add custom fields to its invoices without altering the underlying invoicing functionality of the host application.

Can Saas meet my compliance needs?

Maintaining compliance with laws and regulations is a complicated process that requires expensive expertise. Few companies would call it a core competency.

While some rules and jurisdictions preclude the use of SaaS by requiring data to be kept on-premises, most regulatory scenarios can be readily accommodated. In fact, companies are usually better off using software partners with vertical industry expertise than attempting to manage compliance themselves.

For example, many companies spent millions to become compliant with the ASC 606 revenue recognition accounting standard, which went into effect in 2018. Sage Intacct was preparing its accounting software three years before the rules went into effect, and was fully compliant more than a year before the deadline.


Innovation in the software industry has clearly moved to the SaaS model as the mass migration noted at the outset of this paper proceeds. Nearly every new software company that has launched over the past five years uses a SaaS delivery model and many vendors of legacy applications are now actively encouraging their customers to migrate. For customers seeking the agility the digital business demands, SaaS is no longer an option but a mandate.

We hope this article has dispelled some of the common misperceptions. Having this up-to-date information in hand should better prepare finance and IT professionals to approach the SaaS decision with confidence.

With the future remaining uncertain indefinitely, now is the time for companies to utilise SaaS technology to solve their data protection challenges to best prepare, why not get in touch and take a coffee break demo of the software.