What is Software as a Service?
Software as a Service (SaaS) is a model that allows a user to subscribe to and use a software application from the cloud. Currently, the cloud provides services that allow businesses to subscribe to a wide range of SaaS, such as applications for Human Resources, project management, sales management, marketing, accounting, and others. In addition, SaaS gives users the ability to customize applications according to their needs and make use of them from any device, anywhere in the world.
SaaS applications are built with the latest advances in technology and are designed to be secure at every layer of the cloud. Artificial intelligence and data-driven intelligence are an intrinsic part of these applications.
Advantages of a SaaS application
For software developers, SaaS applications are a mechanism for recurring revenue and provide faster deployment times than locally deployed applications.
For customers, SaaS applications offer small businesses the opportunity to explore existing markets while taking advantage of the beneficial payment models offered by these types of solutions.
Among the main advantages of SaaS applications are the following:
- Accessibility: One of the strongest advantages of any SaaS application is the ability to run through a web browser. This means that it does not matter what operating system or architecture is used to access it. SaaS applications are overwhelmingly designed to be compatible with mobile devices so that they can be used in a wide range of situations and circumstances.
- Updates and patches: Another important advantage of SaaS applications is that vendors can update the software centrally without the inconvenience of affecting users’ operations. This is in contrast to what happens with locally installed applications, where a certain degree of compatibility and security testing is required even before patches or routine updates are applied. The SaaS model, therefore, avoids the testing setbacks that can slow down development cycles and user access to new features, while ensuring that security updates are applied as soon as possible; unlike locally installed applications that can remain outdated until the technical support team has completed deployment in all instances.
- Hardware: another major advantage of SaaS applications is the lack of initial investment for their use (in terms of hardware). For locally installed applications, it is often not enough for workstations to have compatible hardware and software configurations. It may also be necessary to purchase additional servers and interconnection devices as part of the necessary investment in the company’s infrastructure to support the IT system to be deployed. SaaS completely eliminates this need, meaning that even the smallest businesses can access cloud tools that previously only large organizations could afford.
Additionally, SaaS provides the facility to adjust payment plans according to infrastructure needs, based on demand (more or fewer users accessing). In the case of local applications, this would imply the purchase of more hardware in case of needing to expand or simply underutilize expensive computing resources when demand drops and they become redundant.
- Market access: For vendors, this means being able to provide a software service to the majority of the market and not just a limited segment of the target market. It means that prices can be lower and accessible to businesses of any size.For users (customers) this means they can access services that would not normally be available, expanding and improving the services they provide, their productivity, and generally their business opportunities.
- Information storage: Storing data on local servers involves the need to invest in reliable backup mechanisms such as cloud storage or another disaster recovery plan to mitigate any serious hardware accidents that could lead to a massive loss of information. However, with SaaS, the data is already persisted in the cloud. This makes it doubly advantageous, not only the redundancy aspect but also the fact that users can access indistinctly from different devices without implying a loss in the work done.
- Data and Analytics: Since everything is running through a centralized platform, it is easy to capture data and provide it for use in analytics. Businesses using SaaS applications usually have access to reporting and business intelligence tools that can provide valuable information about business operations. For the vendor, since access is subscription-based, there is no concern about piracy, which would otherwise mean damage to both access and pricing models.
Disadvantages of a SaaS application
The drawbacks of adopting SaaS technologies revolve around data security and speed of delivery. Because data is stored on external servers, companies must have assurances about data security and denial of access to unauthorized third parties.
Slow internet connections can reduce the performance of SaaS applications, especially if cloud servers are being accessed from distances far from where they are physically hosted. Internal networks tend to be faster and more reliable than Internet connections. Given their remote nature, SaaS applications can experience loss of control over data and suffer from lack of customization, especially if the required functionality affects the implementation of basic core functionality.
|✔ Advantages||✖ Disadvantages|
Functionalities and features of a SaaS application
A good way to understand the Software as a Service model is to think of a bank. A bank protects the privacy of each customer while providing a service that is reliable and secure on a massive scale. All of the bank’s customers use the same technology and financial systems without having to worry about unauthorized access to their personal information. A bank meets the key characteristics that a SaaS application should have.
Many of the features and functionalities that a SaaS application must provide are closely linked to the advantages of using this type of architecture; others add value that many users are looking for:
- Multi-tenant model: multi-tenant is a type of software architecture where a single deployment of a software application provides service to multiple users/clients. Each user is considered a tenant within the system and the most important feature is that a tenant cannot access the data of another tenant. A multi-tenant system may contain functionalities that allow users to customize some parts of the application. Nowadays applications are designed following one of three models:
- Separating the information of each user in different databases (Multi-tenancy at database level).
- Separating the information using different schemas within the same database (Multi-tenancy at schema level).
- Separating the information using the same database but using discriminants (Multi-tenancy at table level).
- Single sign-on: An organization would want to have a single-sign-on system that allows users to access the different systems they need to consume. It is also important for organizations that this process occurs through a single authentication page. Therefore, it is important for a SaaS application to be able to easily integrate with different identity management systems.
It is a great overhead for enterprises to store and maintain multiple credentials per system used by their users. That’s why it is important for SaaS applications to provide the “authenticate once and access all systems” experience. Typically, SaaS applications use mechanisms such as OpenID or SAML to achieve this critical functionality.
- Subscription-based billing: SaaS application pricing strategies do not involve the complexities of license or upgrade payment models. Typically, payments in SaaS applications are subscription-based. This allows customers to purchase applications when they need them and discontinue payment if they no longer require them. Generally, SaaS applications use a payment model based on the number of users, which determines the amount of money to be paid. Some modern applications also incorporate the ability to charge based on the functionality used.
Another very desirable feature is that SaaS applications allow users to bill their customers through the application. This is why support for various payment mechanisms is also paramount.
- High availability: SaaS applications are used by multiple users and the availability of this type of application is expected to be high. They must be accessible from anywhere in the world at any time and provide management and monitoring APIs that allow a constant check of the health and availability of the service.
- Variable infrastructure: the use of SaaS applications is generally not predictable; the consumption of services can vary dramatically in a matter of weeks or months. The infrastructure where these applications are deployed must have the capacity to expand or reduce the resources used. Today, SaaS applications are designed in such a way that they are able to identify the behavior of the infrastructure. Monitoring agents residing within the deployed resources inform the infrastructure management servers about the availability of the resources. Usually, policies and procedures are implemented as part of the base architecture, which allows infrastructure resources to be expanded or reduced.
Microservices-based applications are a classic example. Tools such as Docker and Kubernetes are used to manage the elasticity of SaaS applications.
- Data-level security: ensuring that business information and data are protected from unauthorized access or corruption is very important. Since SaaS applications are designed to be shared by different users, it becomes extremely important how data is protected. Certain types of data must be encrypted when stored in a certain space and at the same time cannot be accessed from a different space. The implementation or integration with Secure Cloud Access Brokers (CASB) and key management frameworks (KMF) become essential parts of SaaS applications. Also, important to ensure adequate data protection is the implementation of strong role-based access controls.
- Application-level security: SaaS applications must be equipped with protection against vulnerabilities. They should usually be protected against vulnerabilities identified by OWASP/SAMM. They must also implement strong identity and access control managers.
Other aspects that can make SaaS applications secure are the following:
- Strong session handlers.
- Identify unauthorized sessions, and multi-session protection.
- Do not store sensitive data in cookies,
- Multi-factor authentication.
- Implementations that enhance segregation of duties.
- Protection against denial-of-service attacks (DoS/DDoS).
- Protection against buffer overload attacks.
- Auditing: Generally, SaaS applications provide audit trails on the transactions performed. This allows users to work on business strategies by applying business intelligence to the data collected. These services must also comply with government regulations and internal company policies.
Examples of SaaS applications
Mail and messaging applications are prime examples of SaaS. Commonly used applications such as Microsoft Outlook are ingrained in the business culture and their accessibility from the cloud can be a vital factor. Although emails are still the most widely used method of communication in the world, messaging applications such as Slack or Telegram are gaining popularity.
Other SaaS solutions enhance capabilities for storing, organizing, and maintaining data. Cloud tools for marketing automation and customer relationship management (CRM) solutions are great examples of how on-demand applications are helping businesses achieve their goals.
Whatever the solution, customers for SaaS applications range from individuals attracted by the affordability (or free) aspect of the applications to large enterprises looking to integrate SaaS applications into their departments’ lines of business. Examples of popular SaaS applications include Office 365, Google G Suite, Salesforce, and Zoom.
- Office 365 is an integrated experience of office applications and services such as Word, Excel, PowerPoint, and others
- Google G Suite is Google’s answer to the productivity issues facing many companies and organizations. In a suite of tools, it offers mail solutions, word processing, spreadsheets, presentations, shared calendars, cloud storage, and more.
- Salesforce is a CRM solution that brings companies and their customers closer together. It is an integrated CRM platform that gives all departments in an organization a single, shared view of every customer.
- Zoom unifies video conferencing, online meetings, and group messaging into one easy-to-use cloud platform.