Software as a Service (SaaS)

Short Summary

Software as a Service (SaaS) is a cloud service model where you use a finished application that runs on the cloud provider’s infrastructure. The provider operates the service (including updates and patching), while you focus on your users, the devices that connect, and the data you put into the app. This lesson helps you recognize SaaS and distinguish it from Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

Learning Objectives

By the end of this lesson, you will be able to:

• Define Software as a Service (SaaS) in simple terms.
• Explain how responsibilities are split between you and the provider in SaaS.
• Differentiate SaaS from Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) using a simple “control clue.”
• Identify common SaaS scenarios and examples, including business applications.

Core Concepts

Software as a Service (SaaS) means the provider delivers a complete application as a cloud service. You typically access it through a web browser or a client application, and you don’t run the application on your own servers.

A useful way to reason about SaaS is the shared responsibility model: both you and the provider have responsibilities, but you own different parts of the stack. In SaaS, the provider carries most of the responsibility for running the service.

In SaaS, the provider is responsible for operating the service and the underlying environment that makes it work (for example: datacenters, physical security, power, networking, and application maintenance such as development and patching). You don’t manage servers or the Operating System (OS) for the SaaS service.

You still have important responsibilities in SaaS. You are responsible for:

• The data you put into the service (including how it’s organized and shared).
• The users who have access (identities, roles, permissions).
• The devices you allow to connect (endpoints, browsers, clients).

A helpful “control clue” to separate cloud service types:

• Use the app → SaaS (Software as a Service)
• Deploy your code → PaaS (Platform as a Service)
• Manage the OS → IaaS (Infrastructure as a Service)

SaaS often trades flexibility for convenience. You give up most control over the underlying stack, but you gain speed and reduced operational work because the provider runs the application as a service.

Practical Understanding

Practical Situation 1: When you “just sign in and use it”

Your organization needs email, file collaboration, or a customer system, and you want to start quickly without building or hosting anything. Users sign in, and the provider keeps the service running and up to date.

How to think about it: This is a strong SaaS signal: you are consuming a complete application. The provider operates the service, and your work is mostly around users, configuration, and the data your team creates inside the app.

Common misunderstanding: “SaaS means I don’t have to think about access.” You still decide who can sign in and what they can do.

Practical Situation 2: When you deploy your own code, it’s not SaaS

A team writes an API or web app and wants a managed environment to deploy it without managing servers. They push code, configure settings, and run their own application.

How to think about it: Deploying your own code points to Platform as a Service (PaaS), not SaaS. SaaS is a finished application you use; PaaS is a platform for running your application code.

Common misunderstanding: “It’s managed, so it must be SaaS.” “Managed” can describe PaaS too; the key difference is whether you’re deploying your own code.

Practical Situation 3: Who manages what in SaaS

A security or operations team asks: “If we use SaaS, who patches the servers and the OS? Who maintains the application?”

How to think about it: In SaaS, the provider maintains the infrastructure/platform layers and updates the application service. Your responsibilities shift to identity and access, governance, and protecting the data you place in the application (including how you share it).

Common misunderstanding: “The provider secures everything, including my data settings.” The provider secures the service, but you still control data sharing, permissions, and your internal policies.

Practical Situation 4: A subscription desktop app is not automatically SaaS

A product is sold by subscription, but it requires local installation on each computer and manual updates by users or IT. It might sync data with the cloud, but the core app is still maintained locally.

How to think about it: A subscription price and cloud sync do not define SaaS. If customers must install, update, and maintain the application locally, it does not match the SaaS model where the provider runs and updates the application as a service.

Common misunderstanding: “If it’s subscription-based, it’s SaaS.” Billing style is not the deciding factor; who operates and patches the application is.

Common Pitfalls

• Mistake: Confusing SaaS with PaaS and thinking “deploying my code to a managed platform” is SaaS. Correction: SaaS is a finished application you use; PaaS is where you deploy your application code to a provider-managed platform.

• Mistake: Assuming SaaS requires you to manage servers, the Operating System (OS), or the runtime environment. Correction: In SaaS, the provider manages the underlying infrastructure/platform and runs the application service.

• Mistake: Treating a subscription-based desktop app that needs local install and manual updates as SaaS. Correction: SaaS typically means the provider operates and updates the application as a service; local install/manual maintenance breaks that model.

• Mistake: Forgetting that you still own access control in SaaS. Correction: You usually manage users, permissions, and how identity is configured for your organization, even though the provider runs the service.

• Mistake: Believing SaaS is only “email and office tools.” Correction: Many business applications are SaaS too, including Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP) systems.

Check Your Understanding

• Explain SaaS in one sentence using the ideas “finished application” and “provider-operated service.”
• List three responsibilities the provider typically owns in SaaS, and three responsibilities you still own.
• Pick a product you use at work or at home. Classify it as SaaS, PaaS, or IaaS and justify your choice using the “use app / deploy code / manage OS” clue.
• Describe a case where SaaS is a better fit than building and hosting your own solution.
• Think of a scenario where a tool looks “cloud-like” (subscription, sync), but is not SaaS. What detail makes it not SaaS?

Further Reading

• Microsoft Learn: Describe Software as a Service — https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-types/4-describe-software-service
• Microsoft Learn: Describe cloud service types (module) — https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-types/
• Microsoft Azure: What is SaaS? — https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-saas