According to polls I've seen and conducted, customer confidence remains a major obstacle to application service provider (ASP) acceptance. After all, a perceived loss of control can be an obstacle to inhouse terminal services acceptance, even when the application servers and users are in the same building, and the people who control the servers work for the same company as the people who use the applications. Outsourcing can make people nervous—they wonder whether the people who control their infrastructure have the same vested interest in the network staying up as they do. Objectively, the ASP has an interest: An ASP's job is to make sure its customers' applications and data are available; if the ASP doesn't succeed, it won't have any customers. But relinquishing control of important applications and data can be scary. Therefore, ASPs have to make relinquishing that control less frightening.

So how do you accomplish this goal? Do you host your own data center, or do you outsource it to a trusted partner? Not surprisingly, there's no definitive answer. According to a recent ASP Industry Consortium (ASPIC) poll, 70 percent of respondents wanted their ASPs to operate their own data centers. However, those respondents also said that as long as the operations were seamless and they had only one point of contact for any problems with the network or applications, they didn't care whether their ASPs partnered with someone else to operate data centers. The message is mixed, but most customers seem to want either a pure-play ASP or an ASP that looks like one: They want one person to praise or blame.

ASPIC has another solution: insurance. An item in last week's ASP News and Views related how ASPIC, in cooperation with the AIG Group, developed an insurance policy for ASPs that protects them from liability. The insurance policy doesn't offer any direct benefits to the policyholder's customers. Instead, the insurance gives customers some guarantee that their ASPs won't dry up and blow away because of crippling lawsuits. According to ASPIC, customers' service level agreements (SLAs) are their insurance; if the ASPs have insurance, they can demonstrate that they're serious about making sure their customers' SLA contracts are covered. It's too early to tell whether this strategy will work, but it's one way of demonstrating that ASPs are real businesses that aren't tarred with the dot-com brush. (ASPIC benefits from the policies because it receives 2 percent of the revenue for the policies it sells. However, ASPIC Communication Director Jim O'Reilly says that the consortium's main concern is attracting more ASPs. Although ASPIC continues to get new membership requests, attrition and lower budgets in the ASP market have dropped ASPIC's membership from its peak of about 650 companies to its current level of about 500.)

Whether they're presenting a secure data center or insuring themselves against financial catastrophe, ASPs must convince their customers that they'll be there for them, not just today and tomorrow, but indefinitely. And although acceptance seems to be growing along with ASP customer lists, gaining customer confidence isn't always easy to do. Talk to me: If you're an ASP, how do you sell security to your customers? If you're using or would consider subscribing to an ASP, what will convince you that your data and applications will be there when you need them?