What is a software as a service (SaaS)?
Software as a service (SaaS) is a software delivery model. With SaaS, applications are hosted in the cloud, delivered to customers via the internet, and licensed as subscriptions. Unlike traditional software licensing, SaaS does not require customers to purchase anything upfront or to maintain an application’s underlying infrastructure.
Explore additional SaaS topics:
The software that SaaS delivers is designed, developed, maintained, and billed by its cloud service provider. Meanwhile, a SaaS subscriber can access the application(s) in question as long as they have a compatible client device—often a web browser or dedicated application— and an internet connection.
SaaS is one of the primary service models of cloud computing, alongside infrastructure as a service (IaaS), platform as a service (PaaS), and desktop as a service (DaaS). Whereas IaaS pertains to various infrastructures such as servers and databases and PaaS to development tools and environments, SaaS consists strictly of cloud-based software.
At the same time, SaaS is also closely related to DaaS. DaaS delivers virtual desktops and applications to end users over the internet, but is a bit more complex than SaaS. Whereas SaaS only abstracts applications, DaaS abstracts the operating system as well to deliver a full desktop experience via the cloud.
SaaS offers straightforward and scalable access to software with minimal overhead for the customer.
Examples of SaaS include customer relationship management (CRM) solutions in the cloud, hosted collaboration platforms for chat and video conferencing, online productivity suites, and expense management software—among many others. All of these provide equivalent or similar functionality to traditionally licensed counterparts, while being easier to manage.
The SaaS model has become the primary mode of consuming software for businesses, and it now represents the single largest segment of the overall cloud computing market. Many organizations have made SaaS adoption central to their cloud migration strategies, as a way of streamlining access to key applications and reducing licensing costs.
However, there are some security risks associated with SaaS, due to how it greatly simplifies application access. Using a standard web browser to open an application means that a SaaS user is essentially free to do what they want, beyond the control of IT. Balancing SaaS convenience and security is essential.
Securing the remote workforce with a zero trust strategy
See why zero trust is the best way to secure SaaS applications in the era of remote and hybrid work.
As cloud-based software, SaaS is centrally hosted by its service provider in a datacenter. It is most often delivered as a multi-tenant architecture, with a single configuration serving multiple customers and isolating their data from each other. The provider is responsible for administering all updates and patches to the application and to ensuring its overall reliable delivery to customers. Accordingly, the end customer does not have to manage any of the operating systems, middleware, or runtimes associated with the application.
Access to a SaaS solution happens over the internet. Depending on the specific software in use, there may be a web app and/or downloadable (desktop or mobile) application available. Although access is theoretically as simple as logging into an account associated with the SaaS subscription from any client, organizations may implement extra security measures such as single sign-on (SSO) or a specialized launcher, in order to protect data and monitor activity during SaaS use.
SaaS is subscription-based software. Instead of paying upfront for one-time licenses and then supporting the application with on-premises infrastructure, subscribers pay for access on an ongoing basis. In other words, SaaS is an operating expenditure (OpEx), instead of a capital expenditure (CapEx).
This model makes SaaS appealing to organizations that prioritize flexibility and low-risk investment in their software. There is usually no upfront commitment and no need to procure and manage any supporting infrastructure. A SaaS solution can be easily scaled as an organization grows, plus it is continually receiving new features and updates from the provider. Startups, SMBs and enterprises can all benefit from SaaS.
A cloud migration strategy is a plan for moving applications, infrastructure and/or data from an on-premises site to the cloud, or for replacing or otherwise modifying them with cloud technologies. SaaS offers one of the more straightforward cloud migration paths.
More specifically, a SaaS solution may be able to completely replace a traditional on-premises application. For example, an on-premises CRM platform might be retired in favor of a SaaS equivalent hosted and maintained by a cloud service provider.
Migrating to the SaaS model comes with benefits as well as drawbacks, so it’s important to evaluate the application in question, the potential SaaS solution, and the track record of the service provider before subscribing.
In addition to such SaaS-driven cloud migrations, an organization might use other cloud solutions in the IaaS and PaaS spaces to rehost and refactor its business applications.
Putting applications into the cloud via SaaS confers numerous advantages, ranging from consistent access to the latest functionality, to substantial cost savings.
- Shorter time to value: Getting started with cloud-based software is straightforward. After setting up a SaaS subscription and the proper security controls, an organization can start using the business application right away and realizing its benefits. Extensive customization isn’t required in most cases, and client apps are easy to use.
- Increased scalability: A SaaS solution can be scaled to numerous users without needing to set up and manage additional infrastructure. Usually, all that’s needed is an update to the subscription. The multi-tenant architecture of most SaaS solutions allows the service provider to support numerous concurrent users across the globe.
- Lower costs: SaaS scales to actual usage, meaning that customers only pay for what they actually consume. There's no danger of overbuying licenses, nor is there the risk of making a major CAPEX investment that becomes a huge burden over the long term.
- Easier remote work and flexibility: Because SaaS applications are delivered via the internet, they can be relatively easily accessed from any mobile or desktop device. This flexibility makes them ideal for the remote workforce and hybrid work models, since they provide consistent anywhere, anytime access.
- Continual improvement: SaaS service providers are continually refining their offerings with new features and fixes. Updating a SaaS application to take advantage of these enhancements is often as simple as confirming a prompt and restarting the software. Specialized implementation services and upgrade packages aren’t needed.
Two of the most important preparations to make before investing in SaaS are to:
- Choose a reputable provider with a service-level agreement that meets the organization's needs.
- Mitigate security risks related to accessing business applications beyond the company premises, such as through digital workspaces.
Although the cloud service provider handles the bulk of security work, the customer organization still needs to think about how to secure end-user access. Cloud-based software empowers users by giving them significant control over how and where they access company data, and this setup can increase the risk of security incidents and data breaches.
When SaaS is accessed through a normal web browser, IT has only limited visibility into user activity, plus there are no built-in protections against SaaS that might contain malware. With numerous SaaS applications now woven into daily workflows, more secure access is a must. Some of the proven options for SaaS security include:
- SSO: Access to SaaS apps can be centrally managed, simplifying provisioning and decommissioning of user accounts as needed.
- Specialized embedded browsers: These applications may include controls for copying, pasting, printing, and more to prevent data exfiltration when using SaaS.
- Web filters: When links are clicked within SaaS applications, a proper web filter can block malware, check for policy violations and if desired, launch an isolated browser to open unknown URLs outside of the company network.
- Analytics platforms: Security analytics and user behavior analytics solutions can read data about SaaS usage, rank behavioral risks, and take necessary corrective actions like logging out a risky user.
- Secure network access: Firewalls, web gateways, and cloud access security brokers can all be used to protect network connections to SaaS.
- Security integrations and multi-factor authentication (MFA): Connecting to services like Okta and Active Directory helps secure SaaS, as does implementing MFA.
Beyond these security measures, any set of SaaS migration preparations should include careful planning, with a focus on knowing what workloads and data need to be moved, how the new cost model will work, and which stakeholders should be involved throughout the transition.
Citrix offers multiple solutions to secure SaaS access, accelerate cloud migration, and improve application delivery.
By using Citrix Secure Private Access, organizations can control the entire SSO experience of accessing SaaS applications, along with what happens during each session. Data sent to Citrix Analytics for Security can also be used by IT to better understand the current risk environment around an organization's SaaS usage.
For end users, Citrix Secure Private Access provides a convenient SSO experience plus fast app launching from their platform of choice. The Citrix Remote Browser Isolation also boosts productivity by isolating activity from the rest of the network.