Software as a Service

What Does Software as a Service Mean?

Software as a service (SaaS) is a software distribution model that delivers application programs over the Internet. End users can access SaaS cloud apps with a web browser. The SaaS provider is responsible for hosting and maintaining the application throughout its lifecycle.

Advertisements

Advantages to using the SaaS delivery model include:

  • Clients can easily access the software from multiple locations and computing devices.
  • Updates and patches can be applied automatically without client assistance.
  • Application access, as well as storage to support application use, can be sold on a subscription basis.

SaaS solutions tend to work best for non-strategic, non-mission-critical processes that do not require a high level of integration with the consuming organization's other business functions and systems.

SaaS offerings are typically offered through the web, but they can also be applications or application programming interfaces (APIs) that can be integrated with another service. SaaS is also known as hosted software or on-demand software.

Techopedia Explains Software as a Service

SaaS can be thought of as subscription-based commercial off-the-shelf (COTS) software that's hosted on a cloud service provider's (CSP's) servers. SaaS offerings are generally dedicated in nature and target a specific business need such as collaboration, document management or human resources functions.

In recent years, a number of developments have allowed SaaS to become the preferred delivery model for a large number of software applications. One contributing factor is bandwidth; the internet is simply faster than it was a decade ago and access is more widely available. Another major factor has been the growing acceptance of distributed computing for business use.

Today, there are literally thousands of SaaS vendors, but Salesforce.com is perhaps the best known example, as it was one of the independent software vendors to significantly disrupt a traditional software vertical by changing the delivery model.

SaaS Security Risks

Cloud platforms consist of multiple software and hardware components that in turn, may be sourced from multiple providers and it's not unusual for subsystems to be outside of the direct control of the cloud provider.

This is why it is imperative for SaaS customers to confirm what security services and controls the cloud provider will supply — or not supply. To avoid creating gaps in security, controls must be applied commensurately with those used for internal organizational systems.

Some SaaS providers will have the ability to integrate with existing identity access providers; others will not have authentication integration options and will have their own identity realm. Unfortunately, this means that if an aversary determines a weaknesses in a provider's subsystem component, they can take advantage of the weakness and launch an advanced persistent threat (APT) attack in the cloud environment by moving laterally through the cloud, looking for vulnerabilities that will allow them to elevate privileges.

Although mitigating supply chain attacks against the cloud platform is mainly the responsibility of the cloud service provider, it's important for SaaS customers to:

  • Choose software-as-a-service (SaaS) vendors carefully.
  • Implement configuration and security controls to lower risk for SaaS subscriptions.
  • Continuously monitor cloud use.
  • Pen test the organization's SaaS applications and infrastructure at least twice per year.
Advertisements

Related Terms

Latest Cloud Computing Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Blockchain

The Future of Ethereum: Vitalik Buterin Looks to Enshrinement

Mensholong Lepcha1 year
dummy_img
Analytics

6 Real-World Edge Computing Use Cases

Linda Rosencrance1 year
dummy_img
Artificial Intelligence

What ChatGPT with Web Capabilities Can Do For Your Business

Neil C. Hughes1 yearSenior Tech Writer
dummy_img
Blockchain

What It Takes to Be a Blockchain City

Ruholamin Haqshanas1 yearCryptocurrency Journalist
dummy_img
Artificial Intelligence

AI Translation Could Help Crack the Secrets of Chicken Language

Kaushik Pal1 yearTechnology Writer
dummy_img
Featured Content

Future Trends in Container Security: What Every IT Professional Should Know

Alan Draper1 yearEditor-in-Chief

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
Trading
Trading
VoIP
VoIP
VPN
VPN