Do you use on-premises or hosted (SaaS) software?

On-premises

There are many advantages of having an on-premises server. Most notable is having the data within a couple of key strokes. Other than credit cards going down, if you lose the internet, you can still function. Internet losses can occur in many places from your building, your local ISP, to the main provider (AT &T) router in a larger city. If you have an on-premises server, you will not be affected other than credit cards. Some on-premises software allows you to authorize transactions within a certain dollar amount while you are offline. If your property has frequent internet outages for extended times, it is recommended you go with an on-premises solution.

To add a new PMS/POS/Spa Software as on-premises, you will need most likely a decent powered server. The cost for a server ranges for from < $1000.00 to > $100,00.00. It is not recommended to use the existing server for the new software unless you are completely doing away with the old software. You will most likely need the to access the old software for at least 1 to 2 years or longer.

Support staff is key to having a successful deployment of an on-premises solution. As I tell just about every executive a $100,000.00 server is not worth a penny if it does not work and work correctly. If your IT staff is overworked or lacks your confidence, then think twice about adding additional hardware to your property. New deployments are very hard on the IT staff because the systems need to stabilize; when the system is unstable, then you have issues. You will be expecting your IT staff to track down every little bug, but the reality is, the small bugs will most likely work their way out, without your IT staff haveing to do much at all. Inexperienced IT staff will drive themselves crazy trying to resolve every issue. It takes about a month of full operation to workout most bugs. If the bugs are persistent past a month, then think about pushing the vendor for answers; your staff will have most likely done everything they can do to fix the problems, and the vendor should help.

Backups for on-premises software is another task your IT Staff will have to perform. If you have the traditional daily, weekly, monthly and yearly backups and off property, then you are familiar with the procedures. Traditional databases start out somewhat small and can scale to many Gigabytes depending on how many clients and how much data is imported. Whatever backup solution you select, remember to complete at least semi-annual recovery to test the backup on a completely different system. Never attempt a recovery on a live system unless you are actually doing the recovery. There is no good reason to test on a live system that I can think of.

Both on-premises and hosted solutions require you to check with your vendor to make sure module will interface (Interface has many definitions) with their software such as your key encoders and PBX, scanners for inventory.

You will be responsible for EMV, PCI, and P2PE for all your equipment

EMV – Chip in the credit cards

PCI – Security standards for credit cards

P2PE – encryption from the keyboard to the application where malware can capture your data and cause a security breach.

I can guarantee a security breach will cause you many restless nights. Heads usually roll from the top down in this case. The penalties can be in the $Millions of dollars not to mention your reputation and customer loyalty loss. These requirements are the same for either solution you select, on-premises and hosted solutions.

The cost of the hardware can be considered a capital expense, making your accountants very happy.

SaaS

Hosted software is usually called Software as a Service (SaaS) mainly for Intellectual Property rights. The open source code the software vendor cannot copyright or secure for themselves; however, using the software as a service, you can keep your code out of the customer’s’ hands. If a software vendor finds themselves in a lawsuit, using SaaS, they have legal grounds not to transfer the code to a customer, opposed to on-premises software where the customer has the software in their possession.

When using SaaS, the customer at no time has the source code in their possession. Why is SaaS an advantage or disadvantage, the following will explain.

To add a new PMS/POS/Spa Software using SaaS then you will most likely not need anything other than an internet connection, and a web-enabled device and printers. There are some variable to this statement. If you are using any serial device such as a serial printer or some other hardware device that does not connect to a computer or is not using ethernet.

Another possibility of needed extra hardware with SaaS is that some SaaS software requires a “liaison” server. The “liaison” server will focus all communication from all the local computers on the property to the SaaS servers. This does add a level of security where the local computers are not talking directly to the internet. The requirements for the “Liaison” server usually are no more than a PC.

This said the startup investment for a SaaS is far less than that of an on-premises application. SaaS is considered an operating expenditure. On-premise systems are considered a capital expenditure. If you check with your accountant, you can see if you pay all upfront costs to get the first year in a capital expense under project financing (Creative-financing) and capitalize the entire project.

Backup is generally handled by the hosting company. Make sure you make arrangements to have routine backup sent to your property. The hosting company will most likely have “Snap-shots” taken, and your server will be virtualized. This is excellent in the event of a needed recovery.

The most important item here to talk about is PCI responsibility and accountability. Please make sure your contract covers responsibility, liability, and accountability. You would think in a SaaS environment the hosting company is responsible and accountable but not all cases.

Security is both your hosted SaaS service and your responsibility. You will most likely need to have a P2PE or EMV device in place depending on your SaaS software. These devices range from $100.00 to nearly $1,000.00 or more PER workstation. You are mainly concerned about a man-in-the-middle attack (MitM). MitM is covered more in depth in PCI questions.

With any SaaS service, you need to make sure you have a backup plan to access the SaaA server. I recommend that you have a cellular tablet or hotspot and a couple of tablets for the front desk. The cellular companies usually have a redundant system to keep the data flowing. Cellular tablets or hotspot are just a backup solution.