After a whirlwind of activity in late 2006, I get a brief respite to reflect on things before hitting the road again next week. We had a great 2006, far beyond our wildest expectations, and it feels like we’re spending less and less time explaining what Real User Monitoring is and more time understanding how it’s going to change the way a particular industry does business.

One example of this came across in the past month. While we’ve got customers in all kinds of industry verticals, from healthcare to finance to entertainment to e-commerce, one of the places we’re particularly strong is in the Software-As-A-Service (SaaS) sector. This class of web applications offer software functionality with a hosted model. SaaS heavyweights include companies like Salesforce.com (salesforce automation and CRM), RightNow Technologies (CRM and customer support), Taleo (Human resources and recruiting), and ADP (HR and payroll.)

Most of these companies collect revenue through “seats” — that is, the number of users subscribed to the application. It’s a lot harder to regulate account abuse in a SaaS model than it is with a software license. When I sell a copy of some software, I can include a license key and some form of online verification, which prevents sharing. And that license isn’t very portable: The overhead of uninstalling it on one machine and installing it on another is usually overwhelming. But as a SaaS vendor, I can’t enforce licensing in this manner when one of my main value propositions is that there’s nothing to install!

To make matters worse, another key advantage of SaaS is the portability and mobility of the application. Customers can use Salesforce.com from home, or work, or anyone else’s machine. So how does Salesforce know they’re not sharing user accounts?

It turns out that this is a major issue for many of our SaaS customers. Some real estate offices have a single account with a SaaS provider, but an entire office uses that account. Recruiters give out their password to people in other countries. Some salespeople adopt a “timesharing” approach to hosted applications. It’s astonishing how creative end-users can get when it comes to saving $40 or $50 a month!

As you might imagine, Real User Montioring is a great tool for detecting and proving account abuse. We’ve recently added all kinds of geographic lookup and service provider tracking capabilities to the latest release of TrueSight, and some of our recent customers — who initially came to us for incident detection and service level reporting — are using us for account fraud detection. It’s easy to win an argument with an end-user when you can prove that he apparently got to work in Texas, had lunch in Bangalore, and ended the day in France. And I’m not making that one up. Sounds like my travel schedule.

Of course, some of this stuff can be detected within the application itself — most SaaS tools won’t allow multiple logins from the same account. But few of the SaaS providers have properly instrumented this, much less tied it back to an account team who can then call the customer and sell them a few more account licenses. And with all of the sneaky tricks people play in order to circumvent additional licenses, the forensic information you get from Real User Monitoring is invaluable. For example:

• You might get several logins that look like they’re from the same IP — but have different X-Forwarded-For headers because they’re really different machines behind a proxy
• You might get different user-agents within a session as people switch browsers
• The TCP round-trip-time (a measure of delay across the Internet) may vary wildly, indicating different latencies behind a hop on the net

One of the best things about working with a bunch of smart customers is that they’re always pushing the envelope. In our case, Coradiant’s Session Networking technology — the stuff that powers our TrueSight boxes — has all sorts of interesting and creative uses we hadn’t thought of when we set out to make a latency monitoring appliance back in 2003. And we had no idea we were going to build an appliance when we started monitoring user experience on the sites we were operating as an MSP back in 2000.

The holiday seasons are always a time to reflect, and it’s been a fascinating few years discovering all of the unexpected ways this technology can be put to good use throughout the Internet world. Here’s to an equally fascinating 2007!