SaaS & Security - Challenges & Solutions
Software-as-a-Service (SaaS) is a cloud service model where the vendor runs a software application in the cloud, and customers are only given access to that application (not the operating system or even the platform, middleware, or programming environment used to develop the application). However, some applications may offer their own programming interfaces to customers.
A SaaS application is often itself hosted in an IaaS cloud offering provided by a different service provider - most commonly the Amazon Cloud.
Sometimes a software business model based on annual (or monthly) license fees is also called SaaS. However, we distinguish that as a separate topic, and use SaaS to strictly refer to software offered from the cloud.
SaaS raises new security concerns related to vendor security practices, identity and access management, backups, and business continuity. See the separate page on SaaS security for more information.