What is a SaaS Company?

by Chris Brook on Tuesday December 4, 2018

Contact Us
Free Demo
Chat

Learn about what a Software as a Service, or SaaS, company is and why it may make sense for your organization in this week’s Data Protection 101, our series on the fundamentals of information security.

A SaaS company is a company that hosts an application and makes it available to customers over the internet. SaaS stands for Software as a Service. This infers that the software sits on a SaaS company’s server while the user accesses it remotely.

The SaaS Business Model: How a SaaS Company Works

A SaaS company maintains servers, databases, and software that allow the application to be accessed over the internet — most likely by web browsers. Users can access the software from almost any device.

SaaS customers usually pay a subscription fee— often monthly — to access the application. Some subscriptions are based upon how much data needs to be stored, the number of users who will access the application, or the level of technical support desired.

Examples of Saas Companies

SaaS companies can handle just about every business function. Some of the more popular types of SaaS applications available include:

● Customer resource management (CRM) — These applications allow SaaS customers to manage customer information and track sales through their pipeline.
● Enterprise resource planning (ERP) — This is a system of many SaaS applications most suited for big organizations.
● Accounting and invoicing — Some SaaS companies focus on billing and invoicing services. Others offer a full range of financial tracking and reporting services.
● Project management — Software can help collaborators communicate and stay on track.
● Web hosting and ecommerce —  Remote servers can handle everything a business needs in its online presence.
● Human resources — SaaS companies can offer tools to track employee hours, manage payroll, schedule and manage the hiring process.
● Data management — SaaS products can help analyze and secure a company’s data.

Blog Post

Why Managed Security Services?

Benefits of SaaS Companies

A SaaS company’s major selling point is how much more efficient it is to use their centrally managed applications rather than installing software onsite. This means SaaS customers can realize the following benefits:

● Cost savings — Most SaaS companies charge a subscription fee that helps spread out the cost of the application over time. SaaS customers have lower initial costs because they don’t need to invest in expensive hardware to host the applications.
● Low-effort updates — SaaS companies maintain the software and update it when needed. SaaS customers do not need to install any software or install patches and updates.
● Mobility — In theory, SaaS customers can access to their systems from any device or location. This is very useful for workforces that are not confined to a central location or office.
● IT expertise — SaaS companies invest in the IT needed to troubleshoot and maintain applications so their customers don’t have to. Also, SaaS companies have the resources to maintain system reliability and data security better than customers with limited IT budgets.
● Scalability — If a SaaS customer needs to expand capacity or add users, it doesn’t need to purchase new hardware or install new software. A SaaS company can increase capacity quickly, but it most likely will come at an increased subscription fee.

Risks of SaaS Companies

A great promise of SaaS companies is that they can handle infrastructure and maintenance so their customers don’t have to. That means a third party will be responsible for basic business functions. That entails some risk.

● Pricing — While system flexibility is a key feature of SaaS companies, their contracts may not be so flexible. Having SaaS services on demand can be costly. Scaling back to less expensive options or cancelling the contract may not be allowed. And upgrading capacity or access could come at a steep price increase.
● Downtime — Being able to use a SaaS application and accessing the data depends on the reliability of a third party. The SaaS company's downtime could be your downtime.
● Security — Data security is in the hands of a third party. There are SaaS companies that don’t comply with security standards and aren’t transparent about security. Also consider that allowing users remote access with any device can increase convenience and vulnerability to unauthorized use.
● Solvency — A crucial aspect of the SaaS customer’s business depends on the SaaS company staying in business. If the vendor goes out of business, access to the SaaS service and data could be cut off. In the best-case scenario, the SaaS customer needs to find a new SaaS company and migrate the data.

Best Practices for Choosing a Saas Company

SaaS companies work very hard at making their applications easy to use for users. And they try to make it just as easy to purchase their SaaS products. Perhaps too easy. Slow the process down and consider some best practices for choosing a SaaS company:

● Find out what happens when you are no longer a customer. Can you get your user data back in a standardized format easily?
● Test customer support. Just how good is it when you’re a paying customer?
● Get as much training and migration help as possible. Or use it as leverage in negotiations.
● Find out what is the backup plan. Nothing is bulletproof. There will be downtime. Have a plan for when the system is unavailable.
● Look for data vulnerabilities. Speaking of vulnerability, does the SaaS company offer strong defense against hackers and data breaches?
● Understand the prices. Look for hidden fees and what kind of usage will trigger a higher subscription tier.
● Make sure your systems are compatible. The promise of SaaS is functionality on any device used anywhere. But does the application really work with all browsers or phones?

SaaS companies can provide needed business services at a low cost. Due diligence will help ensure the user experience matches expectations and promises.

Tags: Data Protection 101, Managed Security Services

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.