A light has gone out

Dr_James_MartinJames Martin died recently. He was 80 years old. He died swimming off his house in Bermuda — there are, I’m sure, worse ways to go.

Dr. Martin was a formative thinker on technology and software development. Many of the ideas we consider foundational today — rapid iterative development, reusable component libraries, fourth-generation software languages — were all ideas he either created or greatly advanced. In his 1978 book The Wired Society Dr. Martin predicted how revolutionary what we now call the Internet would become. He was nominated for a Pulitzer for that book, which was just one of more than a hundred books he wrote.

There would be no agile-development-based, SaaS global talent management industry today without Dr. Martin’s many contributions to computer science. He invented new ways of working for programmers, analysts and engineers. He also made major contributions in other fields. He even, over dinner one night at his house on Agar’s Island in Bermuda, dreamed up the idea for what eventually became known as Bowie Bonds, the bundling of intellectual property like song rights into pre-packaged and market-priced revenue streams (and yes, David Bowie and his wife Iman were guests at the dinner).

When Ray Ruff, Michelle Sparks, Emily Chan and I started NetDimensions in 1999, a lot of people told us we were crazy. They said a Hong Kong-based, globally-focused, enterprise technology company that was not even VC-backed (we were effectively employee owned) had no realistic chance of survival.

One of our few industry friends in the early days was Headstrong, a consulting company James Martin founded and chaired. The Headstrong folks did take us seriously. They liked our approach and were willing to partner with us when we most needed the support of a serious industry player. So I am grateful to Dr. Martin and to all of the Headstrong executives who were willing to listen to a new company with some new ideas, including Steve Kucia, Paul Kidman, Liviano Lacchia and Peter Deacon in Asia, Rinze Koornstra and Cor Broekhuizen in the Netherlands and all of their wonderful colleagues in Chicago.

That was almost 15 years ago and we did survive. Now we’re listed on the London Stock Exchange AIM and traded in the U.S. on the OTCQX. We have offices in seven countries and hundreds of clients productively using our solutions in more than 50 countries around the world. Our software touches millions of lives today.

So we are grateful and I’d like to say thank you to the folks at Headstrong who supported us early on.

On behalf of NetDimensions we wish you well and we remember Dr. Martin with the deepest respect.

An analyst states the obvious (finally)

Cute but cold comfort and no guarantee of security
Cute shield but cold comfort and no guarantee of security

We have always maintained that SAS 70 Type I and II certifications, though a great make-work program for U.S. accountants and required under some companies’ SOX programs, are next to useless if you want to know whether or not a hosted service provider has adequate security controls in place.

The list of problems with using SAS 70 documents as “security certifications” is long, too long for this post. Though of course, coming from a vendor, any complaints about the abuse of a certification certain competitors rely on can end up sounding like carping.

But Gartner has now stepped up to the plate and agreed with us. Here’s the money quote from Gartner Research Vice President French Caldwell:

“Chief information security officers (CISOs), compliance and risk managers, vendor managers, procurement professionals, and others involved in the purchase or sale of IT services and software need to recognize that SAS 70 is not a security, continuity or privacy compliance standard.”

The press release is here. You can buy the full report here.

There are several useful security standards, including ISO 27001, which is the gold standard and probably what you want to demand from your hosted service vendor.

But one piece of paper you won’t want to be relying on is a SAS 70 certificate.

You say customize, I say configure

How do you know if the LMS you’re about to buy is going to cost you an arm and a leg in professional service (mostly implementation and customization) fees?

Here’s one proxy measure. It’s not perfect but it will give you a sense of likely costs. Ask to see the vendor’s audited financial statements with a segmental analysis by revenue stream (companies that do IFRS (international GAAP) reporting will already have these numbers on hand — companies that use country-specific GAAP reporting standards may have to do the math for you).

If the vendor you’re considering gets more than half of its revenue from professional services, you’re likely to end up spending a lot of money on the implementation.

If the vendor gets, for example, 60 percent of its revenue from professional services and only 30 percent from licenses, whatever the vendor tells you the license will cost, double that figure and add it back to the license fee to get the real cost of doing business with that vendor. So if the license costs $100,000 you’re likely to end up spending $300,000 all in with that vendor.

This is not a perfect indicator, but it’s a good start for having the hard conversation before you sign because armed with the vendor’s real revenue breakdowns, you’re in position to force that vendor to justify his service fees to you.

Note: This test works equally well with SaaS vendors. If the hosting contract is X and professional service charges for the vendor generally equal 2X, then assume 3X in your year-one costs.