Application service provider
|This article needs additional citations for verification. (April 2007)|
An Application Service Provider (ASP) is a business providing computer-based services to customers over a network; such as access to a particular software application (such as customer relationship management) using a standard protocol (such as HTTP).
The need for ASPs has evolved from the increasing costs of specialized software that have far exceeded the price range of small to medium sized businesses. As well, the growing complexities of software have led to huge costs in distributing the software to end-users. Through ASPs, the complexities and costs of such software can be cut down. In addition, the issues of upgrading have been eliminated from the end-firm by placing the onus on the ASP to maintain up-to-date services, 24 x 7 technical support, physical and electronic security and in-built support for business continuity and flexible working.
The importance of this marketplace is reflected by its size. As of early 2003[update], estimates of the United States market ranged from 1.5 to 4 billion dollars. Clients for ASP services include businesses, government organizations, non-profits, and membership organizations.
There are several forms of ASP business. These are:
- A specialist or functional ASP delivers a single application, such as credit card payment processing or timesheet services;
- A vertical market ASP delivers a solution package for a specific customer type, such as a dental practice;
- An enterprise ASP delivers broad spectrum solutions;
- A local ASP delivers small business services within a limited area.
Some analysts identify a volume ASP as a fifth type. This is basically a specialist ASP that offers a low cost packaged solution via their own website. PayPal was an instance of this type, and their volume was one way to lower the unit cost of each transaction.
The ASP model
The application software resides on the vendor's system and is accessed by users through a web browser using HTML or by special purpose client software provided by the vendor. Custom client software can also interface to these systems through XML APIs. These APIs can also be used where integration with in-house systems is required. ASPs may or may not use multitenancy in the deployment of software to clients; some ASPs offer an instance or license to each customer (for example using Virtualization), some deploy in a single instance multi-tenant access mode, now more frequently referred to as "SaaS".
Common features associated with ASPs include:
- ASP fully owns and operates the software application(s) - ALJO-IN
- ASP owns, operates and maintains the servers that support the software
- ASP makes information available to customers via the Internet or a "thin client"
- ASP bills on a "per-use" basis or on a monthly/annual fee
The advantages to this approach include:
- Software integration issues are eliminated from the client site
- Software costs for the application are spread over a number of clients
- Vendors can build more application experience than the in-house staff
- Key software systems are kept up to date, available, and managed for performance by experts
- Improved reliability, availability, scalability and security of internal IT systems
- A provider's service level agreement guarantees a certain level of service
- Access to product and technology experts dedicated to available products
- Reduction of internal IT costs to a predictable monthly fee
- Redeploying IT staff and tools to focus on strategic technology projects that impact the enterprise's bottom line
Some inherent disadvantages include:
- The client must generally accept the application as provided since ASPs can only afford a customized solution for the largest clients
- The client may rely on the provider to provide a critical business function, thus limiting their control of that function and instead relying on the provider
- Changes in the ASP market may result in changes in the type or level of service available to clients
- Integration with the client's non-ASP systems may be problematic
Evaluating an Application Service Provider security when moving to an ASP infrastructure can come at a high cost, as such a firm must assess the level of risk associated with the ASP itself. Failure to properly account for such risk can lead to:
- Loss of control of corporate data
- Loss of control of corporate image
- Insufficient ASP security to counter risks
- Exposure of corporate data to other ASP customers
- Compromise of corporate data
Some other risks include failure to account for the financial future of the ASP in general, i.e. how stable a company is and if it has the resources to continue business into the foreseeable future. For these reasons Cisco Systems has developed a comprehensive evaluation guideline. This guideline includes evaluating the scope of the ASP's service, the security of the program and the ASP's maturity with regard to security awareness. Finally the guidelines indicate the importance of performing audits on the ASP with respect to:
- Port/Network service
- Application vulnerability
- ASP Personnel
Physical visits to the ASP to assess the formality of the organization will provide invaluable insight into the awareness of the firm.
In terms of their common goal of enabling customers to outsource specific computer applications so they can focus on their core competencies, ASPs may be regarded as the indirect descendant of the service bureaus of the 1960s and 1970s. In turn, those bureaus were trying to fulfill the vision of computing as a utility, which was first proposed by John McCarthy in a speech at MIT in 1961. Jostein Eikeland, the founder of Telecomputing, is credited with coining the acronym ASP in 1996, according to Inc. Magazine.
The ASP model is often compared with Software as a Service (SaaS), but while the latter typically delivers a generic service at scale to many users, the former typically involved delivering a service to a small number of users (often using separate single-tenant instances). This meant that the many benefits of multi-tenancy (cost sharing, economies of scale, etc.) were not accessible to ASP providers, and their services were more comparable to in-house hosting than to true multi-tenant SaaS solutions like Salesforce.
- Business service provider
- Communication as a service
- Hosted service provider
- Service level agreement
- Software as a service
- Utility computing
- "Upstarts: ASPs, ASPs Article". Inc.com. 2000-04-01. Retrieved 2013-01-19.