Software as a service: SaaS Cheat Sheet

Here's the low-down on software as a service, and the pluses and minuses of taking your organization down the SaaS path.
Written by Toby Wolpe, Contributor
SaaS cloud

So what is SaaS?

Software as a service is the most common form of cloud computing, where you use a browser and an internet link to access a service provider's application, which is hosted and managed on its servers.

You pay for the service according to how much you use it or by subscription, rather than by buying a licence and paying for maintenance, as you would with software run on premise. When people talk about on-demand software and hosted apps, they're usually talking about SaaS.

SaaS has been around for years, but some view the launch of Salesforce.com's customer relationship management service in 1999 as a big moment that marked SaaS's move into the mainstream.

The principle of remotely using software located on someone else's hardware goes back to the earliest days of commercial computing in the 1950s and 1960s, with the bureau and time-sharing services of LEO and IBM.

So it's the same thing that ASPs offered in the 1990s?

Not quite. ASPs, or application service providers, typically ran individual instances of other vendors' software for specific users. But with SaaS, users share instances of the provider's own software but keep data and any customizations separate. In other words, multi-tenancy.

How popular is it?

You'd be hard pressed to find an organization of any size that isn't using SaaS in some form, officially or not. And the figures for the whole SaaS market look impressive.

Analyst firm Gartner reckons that spending on SaaS hit $27.28bn worldwide in 2014, will reach $37.83bn by the end of 2016, and is set to almost double again by 2020, reaching an estimated figure of $72bn.

Anything else about the basics?

It's worth knowing where SaaS sits in relation to the other forms of cloud. As well as platform as a service, or PaaS, and infrastructure as a service, IaaS, there's also business process as a service, BPaaS.

Confusingly, BPaaS can include areas such as customer management and HR. But one way to understand how BPaaS differs from SaaS is to see it as a form of outsourcing delivered via the cloud.

So unlike SaaS, where the customer itself uses the online application, with BPaaS the provider takes full responsibility for managing the business process and its outcomes. Salesforce offers SaaS, but corporate payroll giant ADP offers BPaaS: it manages companies' payroll processes as well as related accounting and legal issues online.

Gartner's projection for total public cloud services spending in 2020 is $372.75bn, which includes IaaS with $70bn, BPaaS on $57.57bn, and PaaS $10bn.

To give some perspective, Gartner estimates that annual spending on on-premise enterprise software will reach $437bn by 2020. On-premise customer relationship management alone will account for $51.2bn by 2020. Mind you, CRM is among the biggest segments by value.

So, what's attracting customers to SaaS?

Its appeal is pretty obvious. Broadly, it comes down to cheapness and flexibility. First, you don't have to buy the hardware or maintain and upgrade it. That alone saves a lot of money.

With SaaS there are no software licences or maintenance fees, which typically come in at an eye-watering annual 20 percent of the on-premise software purchase price. You also find many of the software support tasks are simplified or eliminated. For example, you don't have to ensure upgrades are deployed to all your machines.

Some organizations also like the idea that SaaS makes them better insulated from disasters and security breaches. If they're small or medium-sized businesses, they may feel reassured that their data and systems reside with a big, expert provider.

With some recent exceptions, that confidence in providers' security may be justified, but often the vulnerabilities lie with SaaS customer. A recent Intel Security study showed that 40 percent of the businesses polled fail to protect files located on SaaS with encryption or data loss prevention.

Then you have the advantage of getting an application up and running more quickly, while at the same time the upfront investment in the software is far lower. Because access is browser-based, you should also be able to use the software from a number of types of device.

On top of all those cost and accessibility advantages, you get flexibility and, in theory, scalability. It's only 'in theory' because it may not always be instantly available. So, depending on the deal you've struck, you should be able to add more users or perhaps pay less if your use of the software dips.

So, what's not to like?

As with all things, many of the attractions can also be weaknesses. So, for example, easy access to the software and data through a browser cuts both ways. It could equally facilitate illegitimate access, and security issues still deter many firms from adopting SaaS.

Also, the nice warm feeling that your data is secure in the cloud doesn't alter the fact that it is still located somewhere physically. So, do you know what that location is? It's an issue that has obvious ramifications for governance and data-protection regulations.

Furthermore, how much do you actually know about the software itself and the way it was built? With SaaS, you can't look under the hood at the software and assess the quality of the code you're paying for or understand the stack of applications on which it may be running. You are also tied in to the development plans of the provider. What if you don't like the new features and functionality?

For smaller businesses, the internet link on which the SaaS depends could also restrict software performance and the type of task that lends itself to the on-demand approach.

On top of all that, you expect your SaaS to be resilient, and it usually is. Yet even the occasional outage can have unfortunate consequences, and restoring the service is out of your hands.

The main longer-term risk is lock-in. You have to ask yourself, if your SaaS vendor goes bust or heads in a direction you don't like, how easy will it be to move the data and your internal structures to another provider?

OK, but surely there's nothing negative in the low cost and ease of sign-up?

Nothing whatsoever, unless of course the wrong person in your business signs up on a whim and a credit card.

One of the issues with SaaS is that it can play havoc with IT strategy when departmental directors in, say, marketing or sales sign up to on-demand software and pay for it from operating expenses. In those cases, the short-term benefits may eventually be eclipsed by long-term headaches.

In the most extreme situations, quite apart from adding unnecessary complexity, SaaS can mean the strategic IT direction of a business ends up being dictated by people who haven't a clue about knowledge management, risk or the longer-term view.

However, even this potentially negative aspect of SaaS could ultimately do some good if it leads to firms developing more transparency in the way money is spent on IT and the value it yields. Who knows, it could even strengthen the CIO's role as a broker of services?

Editorial standards