SaaS 101

What is Software as a Service (SaaS)?

SaaS is both a business model and a technical approach to delivering software capability to users. Under SaaS, an application is hosted and managed on a server at one location for use by customers using local devices at any location where the Internet can be reached, such as from a laptop computer or smart phone. You may already be familiar with some of these types of applications, which include Facebook, Hotmail and Salesforce.com.

When you use software as a service, you don’t buy or license the software; rather you consume the services the software provides. Some of these applications are available for free, and some require that you purchase a usage contract, or subscription. But in no case do you have license to the software; you don’t get to modify it, and generally you don’t get to inspect it. You merely get to use it.

How is a license different from a subscription?

Generally speaking, when you buy a license to a particular software program, you obtain the legal right to install and run the software on computers that you control. Depending on the terms of the license, you may additionally get the right to modify or customize the program to meet your particular needs, or even, in the case of open-source software, to redistribute the software. Although you have certain rights, copyright, which defines the right to copy or use the work, resides with the publisher.

When you license software you often get rights to the version you purchased plus any subsequent upgrades to that software. The license is sometimes limited to a particular machine.

Say, for example, that you purchase a MacBook computer from Apple, Inc. With that purchase comes a license to use the Mac OS X operating system. After you’ve registered with Apple, you will be periodically contacted by Apple and offered free upgrades to the operating system. If for any reason you don’t want to upgrade, you don’t have to – you have a license to use the version that was on your machine when you first got it.

With a subscription, as opposed to a license, you do not acquire any rights to any particular version of the software; you don’t install it on a machine. You don’t have backup copies. What you do have, on the other hand, is access to the software services.

When you use software that is delivered as a service, your company does not own or license the computers on which the software runs, and it is not responsible for installing, maintaining, or upgrading that software.

Where is the SaaS server software actually running? Where are the computers?

When software is delivered as a service, the software provider takes care of the hardware issues. The software provider may own the hardware, lease it from a third party, or, most frequently, consume hardware capability from vendors of “cloud computing” services.

What is Cloud Computing?

Cloud computing is a term used to describe the purchase of computing power from “farms” of machines located on the Internet. In cloud computing, the consumer doesn’t know or care where the machines actually are, all that matters is the computational service. The actual computers are “out there someplace, in the cloud.” Providers of SaaS often deliver their software using a Cloud Computing vendor.

A typical cloud-computing vendor is Amazon.com, which sells its computational resources as AWS, Amazon Web Services. You may think of Amazon.com as a retail vendor of books and other consumer items, but in recent years Amazon has also become a seller of online, “cloud-based” computing horsepower. Here’s how that happened.

In order to handle its gigantic online retail business, Amazon built an enormous and highly sophisticated network with vast computational resources. This network has lots and lots of servers, of course. But there’s more than hardware involved. Amazon’s “cloud” also has sophisticated network management and “failover” capabilities built into it, such security is maintained, audit trails are clear, and everything continues to run smoothly even when individual machines fail.

Very few companies can afford to develop that kind of infrastructure and expertise. But many companies would be happy to rent access to such a cloud. Amazon realized they had a resource to sell at the same time that other companies realized that purchasing computing power was much less of a headache than purchasing and running a network of servers.

Amazon is not the only Cloud Computing vendor of course. Companies like Oracle and 3tera and Microsoft and Salesforce.com offer competing products. What these companies have in common is ability to reliably deliver computing services over the Internet.

How is SaaS different from software delivery by an Application Service Provider (ASP)?

In a typical ASP deployment, there is an “instance” of a software application running on a machine (or virtual machine) dedicated to your company. Your company must have a license to this software, and the software is typically “served” over a private network.

In SaaS there is one usually only one instance of any particular program running and that one instance serves all of its users, or tenants.

Consider the Customer Relations Management program Salesforce.com. According to Salesforce, more than 70,000 companies use this application. But there aren’t 70,000 copies of it running to handle all those customers. Rather, there is a single instance that has been designed to handle all of those individual company accounts, spreading the workload over Salesforce.com’s cloud computing infrastructure.

What is multi-tenancy?

Multi-tenancy is the term use to describe how individual accounts gain access to all the capabilities of an SaaS product without sharing any data to unauthorized users. When your company has a subscription to Salesforce.com, it appears that the Salesforce program is dedicated to you (and your company). In fact the same code that is generating the information that appears on your screen is being used to generate the information that appears on tens of thousands of other screens for people at thousands of other companies. Each company’s data is private to it, but the code that manipulates that data is shared by all Salesforce users.

Each account that shares data among various users is called a tenant. Typically this means that each company or customer of the SaaS product is a tenant.

How can I be certain that my data is secure when it’s in the “cloud? How do I know that other “tenants” aren’t seeing my company’s private data?

There are two answers to this question. The first is at the level of the cloud platform; the second is at the level of the SaaS application itself.

As pertains to the security of the cloud platform, Cloud vendors each have their own detailed policies that cover everything from the physical security of the datacenters where the servers are located, to advanced networking and operating system techniques that are beyond the scope of this paper. Each vendor typically makes available a white paper that explains their general approach. For example, Amazon Web Services security policies are described in this white paper (PDF)

At the level of the application each vendor uses software engineering techniques that ensure non-communication between tenants. These techniques include using strong encryption and the secure https Internet protocol, having certificates from third-party trustees, adhering to standards, and having rigorous, repeatable software development practices that have been proven to reduce defects.

If you would like to learn more, this article in CIO magazine gives a top-level overview of some of the main themes of security in the cloud from Microsoft’s perspective: http://www.cio.com/article/500505/Five_Lessons_from_Microsoft_on_Cloud_Security

The website Cloudsecurity.org provides a forum for exploring these issues.

Tell me more about direct costs and hidden costs of the different deployment approaches (SaaS vs. on-premise)

To do a proper cost comparison between on-premise software and SaaS, you need to look at both the operating and capital costs of the purchase.

With SaaS, there are very few hidden costs, since all the capital costs are rolled into the subscription fee. The service provider takes care of all aspects of running the software (e.g. hardware, patches, upgrades and backup).

With on-premise licenses, there are lots of other costs to be factored in. These include capital costs such as server hardware and overhead costs such as IT staffing.

Said another way, using Software as a Service delivered from “the cloud” is essentially a way of outsourcing a traditional IT function to an outside vendor. Instead of having your IT department buy or lease server machines, then purchase, install, customize and maintain server software, your company’s employees subscribe to a service provided by a third party. This SaaS approach has the potential to:

Although on-premise licensing may appear less expensive at first glance, when all the costs are factored in, SaaS is very often the more economical solution.