What Are SaaS, PaaS, and IaaS?
In 2019, you will see the acronyms SaaS, Paas, and IaaS more often than you did 20 years ago. The growing demand for software, platforms, and infrastructure to be more scalable, faster/easier to use, and cost-effective has shifted us away from the traditional on-premises model to a cloud-based model. This post will dive into the three services above; SaaS, PaaS, and IaaS.
Software as a Service (SaaS)
Software as a Service is a cloud-based software distribution model where the software is hosted on the server(s) by the company providing such software ("Service Provider"). What does that mean? Instead of downloading software from a CD like Microsoft Outlook and having to manually update it, you can use the same software with the same or substantially similar functionality just by logging into the service on a web-browser. The Service Provider hosts the service, maintains and updates it, customizes it (depending on the service), and provides first or second level support (depending on the use). A customer usually pays subscription fees for SaaS services on a scale depending on usage, enhancement of functionality, or amount of users.
There are many SaaS services available, but some of the more popular SaaS products include Gmail, Microsoft Outlook, Salesforce, and Dropbox.
Platform as a Service (PaaS)
Platform as a Service is similar to SaaS in many ways except for target audience and user control. PaaS platforms are cloud-based platforms which are usually used by Developers who are creating service/software. PaaS provides the hardware and software for developers to have a framework for building a platform as opposed to starting from scratch. PaaS provides substantial cost savings, development speed, ease of use, and scalability to its user. Similarly to SaaS, PaaS is hosted, maintained and updated, and is supported by a Service Provider.
PaaS platforms aren't as well known as the SaaS services mentioned above because they are used by a more defined audience. Some popular PaaS platforms include Amazon Web Service (AWS) Elastic Beanstalk, the Google App Engine, Windows Azure, and IBM BlueMix.
Infrastructure as a Service (IaaS)
Infrastructure as a Service shares similarities with SaaS and PaaS but has its unique differences. IaaS provides customers with cloud-based infrastructure for servers, storage, and networking. PaaS and SaaS applications could be, and more likely than not, are stored using some type of IaaS. Instead of having to pay for, maintain, and monitor traditional network infrastructure, you can simply use an IaaS to save time, money, and resources. Unlike SaaS and PaaS, IaaS users need to be more hands-on with the applications and software running on their network. This is usually a great option for smaller companies and startups who cannot afford or don't want the hassle, of maintaining a data center and accumulating infrastructure costs. IaaS is usually a pay-as-you-go model.
IaaS may be more well known than PaaS due to the desire of companies small and large to move to the cloud. Some IaaS providers are Amazon Web Service (AWS), Cisco Metapod, Microsoft Azure, and Google Compute Engine.
What does all this mean for your Startup or Small Business?
Using any of the three models above shifts companies away from the standard license agreements, real estate leases, and other hardware purchases, to a more streamlined subscription-based fee structure. The subscription agreements for SaaS, PaaS, and IaaS, will present some similar but different issues vs. the older generation of agreements, such as;
(1) Data Protection: Maybe the scariest item on the list due to growing cyber threats on the internet; the cloud-based Service Providers will all be hosting vital information on their servers such as personally identifiable information (PII), health records, and confidential information. When negotiating a cloud-based agreement, you should make sure the company you are contracting with has strong data protection policies and security measures. Additionally, you want to make sure you know where the actual servers are located to make sure you are both in compliance with applicable law.
(2) Data input and extraction: In additional to Data Protection, you need to make sure the data you put into the SaaS, PaaS, or IaaS, comes out in a neutrally readable format so you can bring it to the next Service Provider. You don't want to wait until after you terminate the contract to find out your data isn't readable by a competitors software/platform/infrastructure and costs a crazy amount of money to extract from your current system.
(3) Interruption of Service: Negotiating payment terms you can comply with, in addition to trying to remove a Service Provider's ability to cut off your service is key to continuous and uninterrupted use. Depending on the service being used, (Salesforce, Gmail, and Dropbox come to mind) an entire company's communication system and ability to share data could be severely damaged in a short period of time.
(4) Indemnification: While indemnification is important in almost any contract in order to mitigate risk, data privacy and intellectual property indemnification are especially important for these cloud-contracts. You have no control over whose IP, or what IP, is used to make the platform function properly. Requesting indemnification for IP claims is essential to protect yourself from third-party lawsuits. Similarly, you need to make sure PII is listed in the indemnities, especially with the EU GDPR law in effect. If the Service Provider is illegally processing or storing PII, you should be protected from third parties.
(5) Service Level Agreements (SLAs): A very important part of an end user's remedy for service failures. SLAs are service commitments by the Service Provider regarding the service's availability, uptime, and maintenance. Credits are usually a remedy for service failure based on the time of non-usability. If the service failure lasts for a prolonged period of time, you may be entitled to cancel the contract or applicable statement of work.
(6) End User License Agreements (EULA): EULAs are usually used to govern how a specific software or service can be used. Sometimes, they might be attachments or exhibits within a SaaS, PaaS, or IaaS contract, especially at the enterprise level when the services may be passed through to a company's customers/end users. Other times, the EULA may be a click-wrap or shrink-wrap license accompanied by an “accept” button. At the enterprise level, these are usually negotiable and should be, depending on their terms and how they would impact your customers.
(7) Miscellaneous documents incorporated by reference: Additionally, you want to make sure you have your hands on any other document or contract that are incorporated into the cloud-contract by reference. These documents could be acceptable-use policies (AUP), privacy policies, tariffs, terms-and-conditions, or something else. You should always make sure you either click on the link provided within the document or ask the other party for these documents. While they may seem unimportant, you don't want to see extra charges or fees or see service shut off for violating an incorporated document that you didn't review.