Software as a Service (SaaS) is a software delivery model, through which applications are hosted in the cloud, delivered to customers via the internet, and licensed as subscriptions. Unlike traditional software licensing, SaaS does not require customers to purchase anything upfront, or to maintain an app’s underlying infrastructure.
The software that SaaS delivers is designed, developed, maintained, and billed by its cloud service provider. Meanwhile, a SaaS subscriber can access the application(s) in question as long as they have a compatible client device — often a web browser or dedicated application — and an internet connection.
SaaS is one of the primary service models of cloud computing, alongside Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Desktop as a Service (DaaS). Whereas IaaS pertains to various infrastructures such as servers and databases and PaaS to development tools and environments, SaaS consists strictly of cloud-based software.
At the same time, SaaS is also closely related to DaaS. DaaS delivers virtual applications and desktops to end users over the internet, but is a bit more complex than SaaS. Whereas SaaS only abstracts applications, DaaS abstracts the operating system as well, to deliver a full desktop experience via the cloud.
Explore additional SaaS topics:
SaaS offers straightforward and scalable access to software with minimal overhead for the customer.
Examples of SaaS include customer relationship management solutions in the cloud, hosted collaboration platforms for chat and video conferencing, online productivity suites, and expense management software, among many others. All of these provide equivalent or similar functionality to traditionally licensed counterparts, while being easier to manage.
The SaaS model has become the primary mode of consuming software for businesses, and it now represents the single largest segment of the overall cloud computing market. Many organizations have made SaaS adoption central to their cloud migration strategies, as a way of streamlining access to key applications and reducing licensing costs.
However, there are some security risks associated with SaaS, due to how it greatly simplifies app access. Using a standard web browser to open an application means that a SaaS user is essentially free to do what they want, beyond the control of IT. Balancing SaaS convenience and security is essential.
The SaaS model has both a technical and a financial component.
As cloud-based software, SaaS is centrally hosted by its service provider in a data center. It is most often delivered as a multi-tenant architecture, with a single configuration serving multiple customers and isolating their data from each other. The provider is responsible for administering all updates and patches to the application and to ensuring its overall reliable delivery to customers. Accordingly, the end customer does not have to manage any of the operating systems, middleware, or runtimes associated with the application.
Access to a SaaS solution happens over the internet. Depending on the specific software in use, there may be a web app and/or downloadable (desktop or mobile) application available. Although access is theoretically as simple as logging into an account associated with the SaaS subscription from any client, organizations may implement extra security measures such as single sign-on or a specialized launcher, in order to protect data and monitor activity during SaaS use.
SaaS is subscription-based software. Instead of paying upfront for one-time licenses and then supporting the application with on-premises infrastructure, subscribers pay for access on an ongoing basis. In other words, SaaS is an operating expenditure (OpEx), instead of a capital expenditure (CapEx).
This model makes SaaS appealing to organizations that prioritize flexibility and low-risk investment in their software. There is usually no upfront commitment and no need to procure and manage any supporting infrastructure. A SaaS solution can be easily scaled as an organization grows, plus it is continually receiving new features and updates from the provider. Startups, SMBs and enterprises can all benefit from SaaS.
SaaS is just one of the service types of cloud computing. Here’s how SaaS, PaaS and IaaS compare at a high level in terms of their functionality and relation to cloud migration.
|Type of IT resources delivered||Cloud-based software||Development tools and environments, plus operating systems||Servers, storage, networking, firewalls and data centers|
|Relative customer responsibility for solution upkeep||Low||Medium||High|
|Role in cloud migration||Replace traditional software outright||Refactor, revise or rebuild applications||Rehost workloads|
|Common use cases||CRM, collaboration, ERP, email||Business intelligence, development frameworks||Website and web app hosting, devtest environments, high-performance computing|
A cloud migration strategy is a plan for moving applications, infrastructure and/or data from an on-prem site to the cloud, or for replacing or otherwise modifying them with cloud technologies. SaaS offers one of the more straightforward cloud migration paths.
More specifically, a SaaS solution may be able to completely replace a traditional on-prem application. For example, an on-premises CRM platform might be retired in favor of a SaaS equivalent hosted and maintained by a cloud service provider.
Migrating to the SaaS model comes with benefits as well as drawbacks, so it’s important to evaluate the application in question, the potential SaaS solution and the track record of the service provider before subscribing.
In addition to such SaaS-driven cloud migrations, an organization might use other cloud solutions in the IaaS and PaaS spaces to rehost and refactor its business applications, respectively, as indicated in the above table.
Putting applications into the cloud via SaaS confers numerous advantages on customers, ranging from consistent access to the latest functionality, to substantial cost savings.
Getting started with cloud-based software is straightforward. After setting up a SaaS subscription and the proper security controls, an organization can start using the business application right away and realizing its benefits. Extensive customization isn’t required in most cases, and client apps are easy to use.
A SaaS solution can be scaled to numerous users without needing to set up and manage additional infrastructure. Usually, all that’s needed is an update to the subscription. The multi-tenant architecture of most SaaS solutions allows the service provider to support numerous concurrent users across the globe.
SaaS scales to actual usage, meaning that customers only pay for what they actually consume. There's no danger of overbuying licenses, nor is there the risk of making a major CAPEX investment that becomes a huge burden over the long term.
Because SaaS applications are delivered via the internet, they can be relatively easily accessed from any mobile or desktop device. This flexibility makes them ideal for remote work organizations and for consistent anywhere/anytime access overall.
SaaS service providers are continually refining their offerings with new features and fixes.
Updating a SaaS application to take advantage of these enhancements is often as simple as confirming a prompt and restarting the software. Specialized implementation services and upgrade packages aren’t needed.
Two of the most important preparations to make before investing in SaaS are to:
Although the cloud service provider handles the bulk of security work, the customer organization still needs to think about how to secure end-user access. Cloud-based software empowers users by giving them significant control over how and where they access company data, and this setup can increase the risk of security incidents and data breaches.
When SaaS is accessed through a normal web browser, IT has only limited visibility into user activity, plus there are no built-in protections against SaaS that might contain malware. With numerous SaaS applications now woven into daily workflows, more secure access is a must.
Some of the proven options for SaaS security include:
Beyond these security measures, any set of SaaS migration preparations should include careful planning, with a focus on knowing what workloads and data need to be moved, how the new cost model will work, and which stakeholders should be involved throughout the transition.
Citrix offers multiple solutions to secure SaaS access, accelerate cloud migration, and improve application delivery.
By using Citrix Workspace and Citrix Secure Workspace Access, organizations can control the entire SSO experience of accessing SaaS applications, along with what happens during each session. Data sent to Citrix Analytics for Security can also be used by IT to better understand the current risk environment around an organization's SaaS usage.
For end users, Citrix Secure Workspace Access provides a convenient SSO experience plus fast app launching from their platform of choice. The Citrix Secure Browser also boosts productivity by isolating activity from the rest of the network. Citrix SD-WAN and Citrix Secure Internet Access combine to create a complete Secure Access Service Edge (SASE) solution that optimizes app delivery while protecting employees from the threats and vulnerabilities of unsanctioned apps accessed via the internet.