Software as a service (SaaS) is a software delivery model. With SaaS, applications are hosted in the cloud, delivered to customers via the internet, and licensed as subscriptions. Unlike traditional software licensing, SaaS does not require customers to purchase anything upfront or to maintain an application’s underlying infrastructure.
Explore additional SaaS topics:
SaaS software is designed, developed, maintained, and billed by its cloud service provider. Meanwhile, a SaaS subscriber can access the application(s) in question as long as they have a compatible client device—often a web browser or dedicated application— and an internet connection.
SaaS is one of the primary service models of cloud computing, alongside infrastructure as a service (IaaS), platform as a service (PaaS), and desktop as a service (DaaS). Whereas IaaS pertains to various infrastructures such as servers and databases and PaaS to development tools and environments, SaaS consists strictly of cloud-based software.
At the same time, SaaS is also closely related to DaaS. DaaS delivers virtual desktops and applications to end users over the internet, but is a bit more complex than SaaS. Whereas SaaS only abstracts applications, DaaS abstracts the operating system as well to deliver a full desktop experience via the cloud.
SaaS offers straightforward and scalable access to software with minimal overhead for the customer.
Examples of SaaS include customer relationship management (CRM) solutions in the cloud, hosted collaboration platforms for chat and video conferencing, online productivity suites, and expense management software—among many others. All of these provide equivalent or similar functionality to traditionally licensed counterparts while being easier to manage.
The SaaS model has become the primary mode of consuming software for businesses and it now represents the single largest segment of the overall cloud computing market. Many organizations have made SaaS adoption central to their cloud migration strategies, as a way of streamlining access to key applications and reducing licensing costs.
However, there are some security risks associated with SaaS, due to how it greatly simplifies application access. Using a standard web browser to open an application means that a SaaS user is essentially free to do what they want, beyond the control of IT. Balancing SaaS convenience and security is essential.
SaaS is typically centrally hosted by its service provider in a data center. It is most often delivered as a multi-tenant architecture, with a single configuration serving multiple customers and isolating their data from each other. The provider is responsible for administering all updates and patches to the application and ensuring its overall reliability. Accordingly, the end customer does not have to manage any of the operating systems, middleware, or runtimes associated with the application.
Access to a SaaS solution happens over the internet. Depending on the specific software in use, there may be a web app and/or downloadable (desktop or mobile) application available. Although access is theoretically as simple as logging into an account associated with the SaaS subscription from any client, organizations may implement extra security measures such as single sign-on (SSO) or a specialized launcher to protect data and monitor activity during SaaS use.
SaaS is subscription-based software. Instead of paying upfront for one-time licenses and then supporting the application with on-premises infrastructure, subscribers pay for access on an ongoing basis. In other words, SaaS is an operating expenditure (OpEx), instead of a capital expenditure (CapEx).
This model makes SaaS appealing to organizations that prioritize flexibility and low-risk investment in their software. There is usually no upfront commitment and no need to procure and manage any supporting infrastructure. A SaaS solution can be easily scaled as an organization grows, plus it continually receives new features and updates from the provider. Startups, SMBs and enterprises can all benefit from SaaS.
A cloud migration strategy is a plan for moving applications, infrastructure and/or data from an on-premises site to the cloud, or for replacing or otherwise modifying them with cloud technologies. SaaS offers one of the more straightforward cloud migration paths.
More specifically, a SaaS solution may be able to completely replace a traditional on-premises application. For example, an on-premises CRM platform might be retired in favor of a SaaS equivalent hosted and maintained by a cloud service provider.
Migrating to the SaaS model comes with benefits as well as drawbacks, so it’s important to evaluate the application in question, the potential SaaS solution, and the track record of the service provider before subscribing.
In addition to such SaaS-driven cloud migrations, an organization might use other cloud solutions in the IaaS and PaaS spaces to rehost and refactor its business applications.
Hosting applications in the cloud via a SaaS provider confers numerous advantages, ranging from consistent access to the latest functionality, to substantial cost savings.
Two of the most important preparations to make before investing in SaaS are to:
Although the cloud service provider handles the bulk of security work, the customer organization still needs to think about how to secure end-user access. Cloud-based software empowers users by giving them significant control over how and where they access company data, but this setup can increase the risk of security incidents and data breaches.
When SaaS is accessed through a normal web browser, IT has only limited visibility into user activity, plus there are no built-in protections against SaaS that might contain malware. With numerous SaaS applications now woven into daily workflows, more secure access is a must. Some of the proven options for SaaS security include:
Beyond these security measures, all SaaS migration preparations should include careful planning, with a focus on knowing what workloads and data need to be moved, how the new cost model will work, and which stakeholders should be involved throughout the transition.
Citrix offers multiple solutions to secure SaaS access, accelerate cloud migration, and improve application delivery.
By using Citrix Secure Private Access, organizations can control the entire SaaS application experience with SSO, along with what happens during each session. For end users, Citrix Secure Private Access provides a convenient SSO experience plus fast app launching from their platform of choice. Organizations that also leverage uberAgent can utilize the threat detection engine to identify threats and risky behavior based on granular user data. For an extra layer of protection, businesses can use Citrix Remote Browser Isolation to isolate risky activity from the rest of the network.
