Jump to content

Software as a service

From Wikipedia, the free encyclopedia

Software as a service (SaaS /sæs/[1]) is a form of cloud computing in which the provider offers the use of application software to a client and manages all the physical and software resources used by the application.[2] The distinguishing feature of SaaS compared to other software delivery models is that it separates "the possession and ownership of software from its use".[3] SaaS began around the turn of the twenty-first century and became the main form of software application deployment by 2023.

SaaS is usually accessed via a web application. Unlike most self-hosted software products, only one version of the software exists and only one operating system and configuration is supported. SaaS products typically run on top of rented infrastructure as a service (IaaS) or platform as a service (PaaS) systems including hardware and sometimes operating systems and middleware to accommodate rapid increases in usage while providing the instant and continuous availability that customers expect. SaaS customers are provided with the abstraction of limitless computing resources, while economy of scale drives down the cost.

There are no specific software development practices that distinguish SaaS from other application development, although often there is a focus on frequent testing and releases. SaaS architectures are typically multi-tenant; although usually they achieve superior efficiency by sharing at least some resources between clients, it is not uncommon to offer a completely siloed environment for an additional fee. Common SaaS revenue models include freemium, subscription, and usage-based fees. Unlike traditional software, rarely is it possible to buy a perpetual license for a certain version of the software.

Cloud computing[edit]

Comparison of on-premise, IaaS, PaaS, and SaaS

Infrastructure as a service (IaaS) is the most basic form of cloud computing, where infrastructure resources—such as physical computers—are not owned by the user but instead leased from a cloud provider. As a result, infrastructure resources can be increased rapidly, instead of waiting weeks for computers to ship and set up. IaaS requires time and expertise to make use of the infrastructure in the form of operating systems and applications.[4] Platform as a service (PaaS) includes the operating system and middleware, but not the applications.[5][6] SaaS providers typically use PaaS or IaaS services to run their applications.[5]

Without IaaS, it would be extremely difficult to make an SaaS product scalable for a variable number of users while providing the instant and continual availability that customers expect.[7] Most end users consume only the SaaS product and do not have to worry about the technical complexity of the physical hardware and operating system.[8] Because cloud resources can be accessed without any human interactions, SaaS customers are provided with the abstraction of limitless computing resources, while economy of scale drives down the cost.[9] Another key feature of cloud computing is that software updates can be rolled out and made available to all customers nearly instantaneously.[10] In 2019, SaaS was estimated to make up the plurality, 43 percent, of the cloud computing market while IaaS and PaaS combined account for approximately 25 percent.[11]


In the 1960s, multitasking was invented, enabling mainframe computers to serve multiple users simultaneously. Over the next decade, timesharing became the main business model for computing, and cluster computing enabled multiple computers to work together.[9] Cloud computing emerged in the late 1990s with companies like Amazon (1994), Salesforce (1999), and Concur (1993) offering Internet-based applications on a pay-per-use basis. All of these focused on a single product to seize a high market share.[12] Beginning with Gmail in 2004, email services were some of the first SaaS products to be mass-marketed to consumers.[13] The market for SaaS grew rapidly throughout the early twenty-first century.[14][11] Initially viewed as a technological innovation, SaaS has come to be perceived more as a business model.[15] By 2023, SaaS had become the primary method that companies deliver applications.[16]

Popular consumer SaaS products include all social media websites, email services like Gmail and its associated Google Docs Editors,[17] Skype, Dropbox,[18] and entertainment products like Netflix and Spotify.[19] Enterprise SaaS products include Salesforce's customer relationship management (CRM) software, SAP Cloud Platform, and Oracle Cloud Enterprise Resource Planning.[18]

Revenue models[edit]

Some SaaS providers offer free services to consumers that are funded by means such as advertising, affiliate marketing, or selling consumer data.[20] One of the most popular models for Internet start-ups and mobile apps is freemium, where the company charges for continued use or a higher level of service. Even if the user never upgrades to the paid version, it helps the company capture a higher market share and displace customers from a rival.[21] However, the company's hosting cost increases with the number of users, regardless of whether it is successful at enticing them to use the paid version.[22] Another common model is where the free version only provides demonstration (crippleware). Online marketplaces may charge a fee on transactions to cover the SaaS provider costs.[20] It used to be more common for SaaS products to be offered for a one-time cost, but this model is declining in popularity.[20] A few[20] SaaS products have open source code, called open SaaS. This model can provide advantages such as reduced deployment cost, less vendor commitment, and more portable applications.[23]

The most common SaaS revenue models involve subscription and pay for usage.[24] For customers, the advantages include reduced upfront cost, increased flexibility, and lower overall cost compared to traditional software with perpetual software licenses.[25] In some cases, the steep one-time cost demanded by sellers of traditional software were out of the reach of smaller businesses, but pay-per-use SaaS models makes the software affordable.[3] Usage may be charged based on the number of users, transactions, amount of storage spaced used, or other metrics.[26] Many buyers prefer pay-per-usage because they believe that they are relatively light users of the software, and the seller benefits by reaching occasional users who would otherwise not buy the software.[26] However, it can cause revenue uncertainty for the seller and increases the overhead for billing.[27]

The subscription model of SaaS offers a continuing and renewable revenue stream to the provider, although vulnerable to cancellation.[3] If a significant number are cancelled, the viability of the business can be placed in jeopardy.[3] The ease of canceling a subscription and switching to a competitor leave customers with the leverage to get concessions from the seller.[28] While recurring revenues can help the business and attract investors, the need for customer service skills in convincing the customer to renew their subscription is a challenge for providers switching to subscription from other revenue models.[29]


SaaS products are typically accessed via a web browser as a publicly available web application.[30][16] This means that customers can access the application anywhere from any device without needing to install or update it.[16][31] SaaS providers often try to minimize the difficulty of signing up for the product.[32] Many capitalize on the service-oriented structure to respond to customer feedback and evolve their product quickly to meet demands. This can enable customers to believe in the continued improvement of the product and help the SaaS provider get customers from an established traditional software company that likely can offer a deeper feature set.[33][34]

Although on-premises software is often less secure than SaaS alternatives,[35] security and privacy are among the main reasons cited by companies that do not adopt SaaS products.[36] SaaS companies have to protect their publicly available offerings from abuse, including denial-of-service attacks and hacking.[37] They often use technologies such as access control, authentication, and encryption to protect data confidentiality.[36] Nevertheless, not all companies trust SaaS providers to keep sensitive data secured.[36] The vendor is responsible for software updates, including security patches, and for protecting the customers' data.[31] SaaS systems inherently have a greater latency than software run on-premises due to the time for network packets to be delivered to the cloud facility. This can be prohibitive for some uses, such as time-sensitive industrial processes or warehousing.[38]

The rise of SaaS products is one factor leading many companies switched from budgeting for IT as a capital expenditure to an operating expenditure.[39] The process of migration to SaaS and supporting it can also be a significant cost that must be accounted for.[40][29]


A SaaS architecture. All customers are running the same version of the software on the same platform.[41]

A challenge for SaaS providers is that demand is not known in advance. Their system must have enough slack to be able to handle all users without turning any away, but without paying for too many resources that will be unnecessary. If resources are static, they are guaranteed to be wasted during non-peak time.[42] Sometimes cheaper off-peak rates are offered to balance the load and reduce waste.[43] The expectation for continuous service is so high that outages in SaaS software are often reported in the news.[44]

There are not specific software development practices that differentiate SaaS from other application development.[45] SaaS products are often released early and often to take advantage of the flexibility of the SaaS delivery model.[46] Agile software development is commonly used to support this release schedule.[47] Many SaaS developers use test-driven development, or otherwise emphasize frequent software testing, because of the need to ensure availability of their service and rapid deployment.[48] Domain-driven design, in which business goals drive development, is popular because SaaS products must sell themselves to the customer by being useful.[49] SaaS developers do not know in advance which devices customers will try to access the product from—such as a desktop computer, tablet, or smartphone—and supporting a wide range of devices is often an important concern for the front-end development team.[50] Progressive web applications allow some functionality to be available even if the device is offline.[51]

SaaS applications predominantly offer integration protocols and application programming interfaces (APIs) that operate over a wide area network.[52]


SaaS architecture varies significantly from product to product.[53] Nevertheless, most SaaS providers offer a multi-tenant architecture.[30] With this model, a single version of the application, with a single configuration (hardware, network, operating system), is used for all customers ("tenants").[54] This means that the company does not need to support multiple versions and configurations.[16] The architectural shift from each customer running their own version of the software on their own hardware affects many aspects of the application's design and security features.[54] In a multi-tenant architecture, many resources can be used by different tenants or shared between multiple tenants.[55]

Application and control planes of a SaaS product

The structure of a typical SaaS application can be separated into application and control planes.[56] SaaS products differ in how these planes are separated, which might be closely integrated or loosely coupled in an event- or message-driven model.[57] The control plane is in charge of directing the system and covers functionality such as tenant onboarding, billing, and metrics, as well as the system used by the SaaS provider to configure, manage, and operate the service.[56] Many SaaS products are offered at different levels of service for different prices, called tiering. This can also affect the architecture for both planes, although it is commonly placed in the control plane.[58] Unlike the application plane, the services in the control plane are not designed for multitenancy.[59]

An example architecture where some services are shared, while others are allocated on a per-tenant basis.[60]

The application plane—which varies a great deal depending on the nature of the product—implements the core functionality of the SaaS product.[59] Key design issues include separating different tenants so they cannot view or change other tenants' data or resources.[61] Except for the simplest SaaS applications, some microservices and other resources are allocated on a per-tenant basis, rather than shared between all tenants.[62] Routing functionality is necessary to direct tenant requests to the appropriate services.[60]

Example SaaS deployment architecture that offers complete siloing on a premium tier and mixed microservice deployment to other tenants.[63]

Some SaaS products do not share any resources between tenants—called siloing. Although this negates many of the efficiency benefits of SaaS, it makes it easier to migrate legacy software to SaaS[64] and is sometimes offered as a premium offering at a higher price.[65] Pooling all resources might make it possible to achieve higher efficiency,[66] but an outage affects all customers so availability must be prioritized to a greater extent.[67] Many systems use a combination of both approaches, pooling some resources and siloing others.[68] Other companies group multiple tenants into pods and share resources between them.[69]

Legal issues[edit]

In the United States, constitutional search warrant laws do not protect all forms of SaaS dynamically stored data. The result is that governments may be able to request data from SaaS providers without the owner's consent.[70][71]

Certain open-source licenses such as GPL-2.0 do not explicitly grant rights permitting distribution as a SaaS product in Germany.[72]


  1. ^ Panker, Jon; Lewis, Mark; Fahey, Evan; Vasquez, Melvin Jafet (August 2007). "How do you pronounce IT?". TechTarget. Archived from the original on 28 November 2016. Retrieved 24 May 2012.
  2. ^ Golding 2024, p. 14.
  3. ^ a b c d Dempsey & Kelliher 2018, p. 2.
  4. ^ Rosati & Lynn 2020, p. 22.
  5. ^ a b Rosati & Lynn 2020, p. 23.
  6. ^ Ibrahim et al. 2023, p. 258.
  7. ^ Dempsey & Kelliher 2018, p. 17.
  8. ^ Dempsey & Kelliher 2018, pp. 17–18.
  9. ^ a b Dempsey & Kelliher 2018, p. 19.
  10. ^ Dempsey & Kelliher 2018, p. 33.
  11. ^ a b Rosati & Lynn 2020, p. 20.
  12. ^ Dempsey & Kelliher 2018, pp. 23, 31.
  13. ^ Watt 2023, p. 8.
  14. ^ Dempsey & Kelliher 2018, pp. 24, 32.
  15. ^ Dempsey & Kelliher 2018, p. 35.
  16. ^ a b c d Watt 2023, p. 4.
  17. ^ Watt 2023, pp. 4, 8.
  18. ^ a b Clohessy et al. 2020, p. 40.
  19. ^ Watt 2023, p. 9.
  20. ^ a b c d Dempsey & Kelliher 2018, p. 48.
  21. ^ Dempsey & Kelliher 2018, pp. 61–63.
  22. ^ Dempsey & Kelliher 2018, pp. 63–64.
  23. ^ Bhandari & Gupta 2019, p. 21.
  24. ^ Dempsey & Kelliher 2018, pp. 48, 57.
  25. ^ Clohessy et al. 2020, pp. 40–41.
  26. ^ a b Dempsey & Kelliher 2018, p. 57.
  27. ^ Dempsey & Kelliher 2018, pp. 57–58.
  28. ^ Dempsey & Kelliher 2018, p. 11.
  29. ^ a b Dempsey & Kelliher 2018, p. 66.
  30. ^ a b Garbis & Chapman 2021, p. 185.
  31. ^ a b Kinnunen 2022, pp. 123–124.
  32. ^ Golding 2024, p. 18.
  33. ^ Golding 2024, p. 20.
  34. ^ Watt 2023, p. 15.
  35. ^ Watt 2023, pp. 6, 16.
  36. ^ a b c Ibrahim et al. 2023, pp. 264, 266, 268.
  37. ^ Garbis & Chapman 2021, p. 186.
  38. ^ Kinnunen 2022, pp. 137, 139.
  39. ^ Tallon et al. 2020, p. 2.
  40. ^ Kinnunen 2022, p. 124.
  41. ^ Golding 2024, p. 25.
  42. ^ Dempsey & Kelliher 2018, p. 36.
  43. ^ Dempsey & Kelliher 2018, p. 37.
  44. ^ Dempsey & Kelliher 2018, p. 39.
  45. ^ Watt 2023, p. 11.
  46. ^ Watt 2023, p. 16.
  47. ^ Younas et al. 2018, p. 142.
  48. ^ Watt 2023, pp. 11–12, 16.
  49. ^ Watt 2023, p. 12.
  50. ^ Watt 2023, pp. 13–14.
  51. ^ Watt 2023, p. 13.
  52. ^ Manvi & Shyam 2021, p. 105.
  53. ^ Golding 2024, p. 47.
  54. ^ a b Golding 2024, pp. 25–26.
  55. ^ Golding 2024, p. 26.
  56. ^ a b Golding 2024, p. 27.
  57. ^ Golding 2024, p. 44.
  58. ^ Golding 2024, p. 40.
  59. ^ a b Golding 2024, p. 28.
  60. ^ a b Golding 2024, p. 38.
  61. ^ Golding 2024, pp. 36–37.
  62. ^ Golding 2024, p. 37.
  63. ^ Golding 2024, p. 76.
  64. ^ Golding 2024, p. 55.
  65. ^ Golding 2024, pp. 55, 74–75.
  66. ^ Golding 2024, p. 69.
  67. ^ Golding 2024, p. 70.
  68. ^ Golding 2024, pp. 75–76.
  69. ^ Golding 2024, p. 78.
  70. ^ Arthur, Charles (2010-12-14). "Google's ChromeOS means losing control of the data, warns GNU founder Richard Stallman". The Guardian. UK. Archived from the original on 2014-02-28. Retrieved 2012-02-16.
  71. ^ Adhikari, Richard (2010-12-15). "Why Richard Stallman Takes No Shine to Chrome". Linux Insider. Archived from the original on 2021-01-23. Retrieved 2015-03-24.
  72. ^ Ballhausen 2014, p. 61.


  • Ballhausen, Miriam (2014). "OpenSaaS: Using Free and Open Source Software as Software-as-a-Service". International Free and Open Source Software Law Review. 6: 61–68. ISSN 2666-8106.
  • Bhandari, Guru Prasad; Gupta, Ratneshwer (2019). "An Overview of Cloud and Edge Computing Architecture and Its Current Issues and Challenges". Advancing Consumer-Centric Fog Computing Architectures. IGI Global. pp. 1–37. ISBN 978-1-5225-7149-0.
  • Dempsey, David; Kelliher, Felicity (2018). Industry Trends in Cloud Computing: Alternative Business-to-Business Revenue Models. Springer International Publishing. ISBN 978-3-319-87693-1.
  • Garbis, Jason; Chapman, Jerry W. (2021). Zero Trust Security: An Enterprise Guide. Apress. ISBN 978-1-4842-6703-5.
  • Golding, Tod (2024). Building Multi-Tenant SaaS Architectures. O'Reilly Media. ISBN 978-1-0981-4061-8.
  • Ibrahim, Ahmed Mamdouh Abdelfatah; Abdullah, Norris Syed; Bahari, Mahadi (2023). Software as a Service Challenges: A Systematic Literature Review. Springer International Publishing. pp. 257–272. ISBN 978-3-031-18344-7.
  • Kinnunen, Juha (2022). ERP as Software-as-a-Service: Factors Depicting Large Enterprises Cloud Adoption. Springer International Publishing. pp. 123–142. ISBN 978-3-030-99191-3.
  • Lynn, Theo; Mooney, John G.; Rosati, Pierangelo; Fox, Grace (2020). Measuring the Business Value of Cloud Computing. Springer Nature. ISBN 978-3-030-43198-3.
    • Tallon, Paul P.; Mooney, John G.; Duddek, Marvin (2020). "Measuring the Business Value of IT". Measuring the Business Value of Cloud Computing. Springer International Publishing. pp. 1–17. ISBN 978-3-030-43198-3.
    • Rosati, Pierangelo; Lynn, Theo (2020). "Measuring the Business Value of Infrastructure Migration to the Cloud". Measuring the Business Value of Cloud Computing. Springer International Publishing. pp. 19–37. ISBN 978-3-030-43198-3.
    • Clohessy, Trevor; Acton, Thomas; Morgan, Lorraine (2020). "The SaaS Payoff: Measuring the Business Value of Provisioning Software-as-a-Service Technologies". Measuring the Business Value of Cloud Computing. Springer International Publishing. pp. 39–55. ISBN 978-3-030-43198-3.
  • Manvi, Sunilkumar; Shyam, Gopal (2021). Cloud Computing: Concepts and Technologies. CRC Press. p. 105. ISBN 9781000337952.
  • Watt, Andy (2023). Building Modern SaaS Applications with C# And . NET: Build, Deploy, and Maintain Professional SaaS Applications. Packt. ISBN 978-1-80461-087-9.
  • Younas, Muhammad; Jawawi, Dayang N. A.; Ghani, Imran; Fries, Terrence; Kazmi, Rafaqut (2018). "Agile development in the cloud computing environment: A systematic review". Information and Software Technology. 103: 142–158. doi:10.1016/j.infsof.2018.06.014. ISSN 0950-5849.

Further reading[edit]

  • Fox, Armando; Patterson, David A. (2020). Engineering Software As a Service: An Agile Approach Using Cloud Computing. Pogo Press. ISBN 978-1-7352338-0-2.