Understanding Software as a Service (SaaS)

According to Gartner's 2022 projections, software as a service (SaaS) is anticipated to experience 16.8% growth in 2023 to reach a global SaaS industry value of $60.36 billion. Further, roughly 85% of corporate apps will be based on SaaS by 2025 (Inc42, 2022).

With that type of growth anticipated, it's critical that both IT and business management professionals alike have a strong understanding of SaaS, how it works, and how to choose the right SaaS products to accomplish near-term goals and fulfill long-term growth strategies. Read on to learn more about SaaS and how it can help your organization flourish.

• What is SaaS?
• How does SaaS work?
• SaaS characteristics
• SaaS architecture
• Difference between IaaS, PaaS, and SaaS
• Choosing the right SaaS product
• Examples of SaaS products
• What is the future of Software-as-a-Service?
• FAQ

What is SaaS?

Software as a service (SaaS) is a software distribution model where SaaS providers offer users access to cloud-hosted applications for a standard fee — often on a subscription basis. Most of us utilize software as a service every day as we access video games, word processing software, or even the GPS systems in our cars.

How does SaaS work?

Usually, a SaaS vendor will host their application on the cloud. They may host their SaaS application on their own cloud service or potentially use a third-party cloud provider such as Microsoft Azure, Amazon Web Services (AWS), or Google Cloud Platform (GCP). One of the key benefits of software as a service is that SaaS vendors will take care of all maintenance, updates, and infrastructure for their SaaS applications. In this way, users can simply access desired SaaS solutions via the internet, often from a web browser, and don't have to concern themselves with software maintenance, upgrades, and fixes.

SaaS characteristics

SaaS services and applications have a variety of elements that differentiate them from traditional software and even some that are unique in cloud computing. Some unique characteristics include the following.

SaaS delivery model

Traditional software sales consisted of software vendors selling software licensing for on-premise software usage (e.g., software installed on the user's computer). However, with the SaaS delivery model, the software vendor is technically selling cloud network access to a single copy of their software, which has been specifically designed for SaaS distribution.

(Source: PTC, 2020)

Consistent source code

Most users receive the same SaaS applications without modification. This one-size-fits-all approach enables easy roll-out of software fixes, new features, consistent data security measures, and efficient maintenance for the service provider. And, while some branding customization (e.g., client's logo, brand colors) is possible, customization of SaaS application functionality is usually limited.

Subscription-based pricing models

Rather than paying for a software license as in traditional on-premise software sales, the SaaS model enables SaaS businesses to offer access to their applications via subscription-based pricing models. Business users can choose to pay on a monthly, quarterly, or annual basis and receive instant access upon payment. These subscriptions can be terminated relatively easily and there are no sunken infrastructure costs for the user to be concerned about.

SaaS architecture

There are also several elements of SaaS architecture that support the functionality of this highly valued commodity in the world of cloud computing.

Multi-tenant usage

As referenced in the SaaS delivery model, a SaaS provider usually creates a single copy of their software which has been specifically designed for SaaS distribution. This means that while this one software version runs on host servers, all subscribed users will be simultaneously accessing that version. This is called multi-tenancy.

Scalable, elastic infrastructure

Unlike on-premise software, which can be regulated by local admins and traditional enterprise resource planning, SaaS apps can be accessed by any number of subscribed users at any given time. This means that a SaaS service provider's network must be able to scale up quickly to accommodate user load while maintaining an efficient baseline when demand decreases. As with other types of cloud computing, most SaaS providers employ monitoring agents and microservices to assist with scaling, and tools such as Kubernetes or Docker are employed to drive elasticity.

Automated provisioning

Unlike traditional on-premise environments, where granting access to applications is a manual or semi-automated process, the SaaS model can utilize Cloud Services Broker (CSB) platforms to automate this procedure, providing on-demand access to SaaS applications instantly. And, conversely, CSBs also enable the automation of de-provisioning, where access is removed from users when the clients choose to discontinue their subscriptions to the application.

Access management

Since SaaS applications cannot access a client’s enterprise environment directly, application programming interfaces (APIs) are needed to connect commonly used business applications and specialized client applications with the SaaS application being subscribed to. For this reason, many independent software vendors (ISVs) build APIs and integration hooks for commonly used business solution software packages. To extend these capabilities, many SaaS builders expose a common set of APIs. These may include:

• Schema APIs: These APIs help developers create data entities within a SaaS product (e.g., document repositories, tables, key-value storage).
• Event APIs: When SaaS entities are changed or impacted by an activity, these APIs perform a designated activity, such as updating data or triggering a function.
• Create Read Update Release (CRUD) APIs: CRUD APIs are used to manipulate data and run operations against backend databases.

Single sign-on

Organizations often enable user access to multiple SaaS applications as part of their daily work function. To simplify both user experience and management, a single identity system can be put in place to authenticate user identity and access permissions for multiple systems and applications. While single sign-on would be complex and time-consuming within a traditional environment, the ease of SaaS application integration and auto provisioning enable single sign-on with minimal human intervention.

Cybersecurity

As with all cloud-based apps, cybersecurity posture is of paramount importance. However, in addition to leading cloud security best practices, SaaS providers must take further steps due to the nature of their products and access.

Data security

Due to multi-tenancy within the SaaS distribution model where multiple clients (and multiple users within each client) are accessing the same SaaS application simultaneously, certain types of data accessed by the SaaS application must have encrypted storage so that while one client (or tenant) can access that data, another tenant using the SaaS application simultaneously cannot and is directed to their own data set.

Additional SaaS security elements to protect customer data include:

• Strong monitoring and mapping protocols.
• Identity and Access Management (IAM) tools.
• Key management frameworks (internal or via external interface).
• Role-Based Access Control (RBAC).
• CASB (Cloud Access Security Broker) tools.

Application security

In addition to ongoing data security best practices, SaaS application service provider(s) must consider application security beginning at the point of development. By using a security-first Software Development Life Cycle (SDLC), along with penetration testing and threat modeling as part of the SDLC, SaaS applications can be hardened against possible cyber threats. In addition, the use of Security Posture Management (SSPM) tools during the SDLC can help reduce misconfiguration while regulating and enhancing data security efforts, as well.

Difference between IaaS, PaaS, and SaaS

There are three common types of cloud computing that offer differing degrees of support and client responsibility. Understanding these models is an important step in determining the right cloud computing environment for any organization.

(Source: Business Tech Weekly, 2020)

Infrastructure as a Service (IaaS)

Infrastructure as a service (IaaS) is an entry-level step towards cloud adoption for organizations that are new to cloud-based models or have a significant investment tied up in their on-premises environment. With IaaS, organizations can access cloud service provider created virtualization and storage without having to build or maintain it themselves. And, as many IaaS services are pay-as-you-go, organizations need only pay for the services they use rather than purchase an overall service contract.

Platform as a Service (PaaS)

Platform as a service (PaaS) provides organizations with a complete cloud platform. This means that, in addition to IaaS services, the organization has access to the cloud-hosted resources needed to develop, run, and maintain applications without having to create or own a cloud platform.

Software as a Service (SaaS)

The SaaS model is the highest level of cloud services support in that organizations receive a complete application that is wholly managed by a SaaS vendor. This means there are no development, maintenance, troubleshooting, or upgrade responsibilities for the organization — they simply can use the application as desired.

Learn more about the differences between SaaS, PaaS, and IaaS.

Choosing the right SaaS products

Choosing the right SaaS product is a requirements-driven process. Each organization must consider its own unique needs and how SaaS products will fit within its enterprise strategy. Some key elements to consider include:

• Product's alignment with required features and functionality.
• Product's and provider's alignment with required compliance standards.
• Product's and provider's reliability and performance ratings.
• Internal knowledge of desired SaaS product(s) usage.
• Availability of training services.
• Ease of organizational data migration.
• Provider's cybersecurity posture.
• Integration availability and requirements.

In addition, it may be helpful to consult annual ratings reports, such as Gartner or Forrester, to understand where SaaS businesses or SaaS solutions rank in relation to competitors in the SaaS market.

Finally, checking top periodicals and blogs specific to your industry can be helpful in understanding how SaaS is being implemented both currently and where this technology may be headed in the near future relating to your specific discipline.

Examples of SaaS products

SaaS services and applications are common across most industries. Some of the industries which consume significant amounts of SaaS services include Enterprise Resource Planning (ERP), planning and billing, project management, accounting, content management, retail/eCommerce, communications, human resources (HR), and customer relationship management (CRM).

Here are some examples of common SaaS application providers in several verticals (listed in alphabetical order).

Planning and Billing

• Amdocs
• Salesforce
• SAP
• Zuora

Project management

• Asana
• Monday.com
• Smartsheet
• Trello
• Wrike

HR

• ADP Workforce Now
• SAP Human Capital Management
• SAP SuccessFactors
• UKG Pro
• Workday HCM

What is the future of Software-as-a-Service?

The U.S. SaaS market is anticipated to continue to grow rapidly, with an 11.2% CAGR growth from just 2022 to 2028 alone.

(Source: Grand View Research, 2022)

In addition, with the implications of advances in artificial intelligence (AI) and other technologies, reliance on software as a service will become even more important as organizations without internal AI competency seek quick ways to leap-frog ahead in innovation. Further, given the significant cost savings from both a development and infrastructure standpoint, SaaS products and services are crucial to the success of organizations throughout this decade and beyond.