In response to one of our recent posts, Rick Georges listed some specific concerns about the use of web applications. He posted some very good concerns about web-based practice management which are important for Software as a Service (SaaS) vendors to address. If you are in the market for software and are exploring a web-based solution, these are questions you may want to find out from your provider.

“What guarantees are there for the financial viability and succession of web businesses?”

That depends on the individual solution provider in question. In our case, we are private company with the good fortune to have strong financial backing. In general, Software as a Service vendors benefit from a strong business model of monthly recurring revenue which builds over time. This model gives SaaS vendors a more dependable income stream than traditional license-based software companies.

Of course, there always is the risk that any company, SaaS or not, could go belly up. Prospective SaaS customers should ascertain that they will be able to get their data out of the solution. Fortunately, there are a number of standardized formats, such as vCard for contacts, and iCalendar for Calendar information, that allow you to move data from application to application. XML is also commonly used to export data, as is the case with 37 Signals’ Basecamp. Your data can be retrieved from us upon your request in these standardized formats.

“If I have my data locally, its security is my problem. If you have it, to whom do I complain if it is compromised? Are you saying that online banking is completely safe? What about the customers of online access services whose information has been compromised?

Security is a very serious issue in the practice of law. Confidentiality is key. The security measures we included in Rocket Matter are comprehensive. Every request is encrypted with 128-bit secure SSL, the same encryption used by many major banks and financial institutions. Passwords are hashed (stored in an encrypted format) and known only by you. Threat Modeling, which is the practice of identifying and countering attacks, is a fundamental part of our development process. There are a host of other security measures we have taken to lock down and isolate a firm’s data, and will be conducting ongoing audits with independent security specialist firms.

You should be aware that there is risk to any system and should base your business decisions accordingly. The odds of your data being compromised from a well-designed web-based application are lower than less sophisticated security breaches, such as data being physically stolen from your premises. Consider that if you do not take appropriate security precautions, whether on a server in a remote location or in your office, a computer can be vulnerable to attack. Another thing to think about, especially when running Windows machines, is maintaining up-to-date security patches.

Not all web applications are created equal, unfortunately. Ultimately, it is up to the consumer to ask questions to find out how seriously the software firm considers security. A responsible SaaS firm will incorporate security design as a fundamental part of their design process. They should be able to answer your questions about security, and specifically, have answers about data isolation, encryption, and threat modeling.