Architecting Successful SaaS: Understanding Cloud-Based Software-as-a-Service Models

Editor’s note: This is the first post in a series about SaaS strategies. Read Part 2 >>

By Gary Stafford, Emerging Partner Solutions Architect at AWS

You’re a startup with an idea for a revolutionary new software product. You quickly build a beta version and deploy it to the cloud.

After a successful marketing campaign and concerted sales effort, dozens of customers subscribe to your Software-as-a-Service (SaaS)-based product.

You’re ecstatic—until you realize you never architected your product for this level of success. You were so busy coding, raising capital, marketing, and selling, that you never planned how you would scale your SaaS product.

I have often heard budding entrepreneurs jest that if only success was their biggest problem. For many, the problems actually come afterward, when they disappoint their customers by failing to deliver the quality product they promised. Or worse, damaging customers’ reputations (and their own) by losing or exposing sensitive data.

As the old saying goes, “You never get a second chance to make a first impression.” Customer trust is hard-earned and easily lost. Properly architecting a scalable and secure SaaS-based product is just as important as feature development and sales. No one wants to fail on Day 1— you worked too hard to get there.

In this post, I will provide a comprehensive introduction to the common ways in which customers consume cloud-based SaaS models. I will also explore the different ways in which independent software vendors (ISVs) sell their software products to customers.

Cloud-Based Usage Models

To get started, let’s review three common ways that individuals, businesses, academic institutions, and the public sector consume services from cloud providers such as Amazon Web Services (AWS):

• Indirect users
• Direct users
• Hybrid users

Indirect Users

Indirect users are customers who consume cloud-based SaaS products. Indirect users are often unlikely to know which cloud provider hosts the SaaS products to which they subscribe.

Many SaaS products can import and export data, as well as integrate with other SaaS products. Many successful companies run their entire business in the cloud using a combination of SaaS products from multiple vendors.

Figure 1 – Indirect users.

Examples of indirect users include:

• Large automotive parts manufacturer that runs its business using the Workday cloud-based Enterprise Resource Management (ERP) suite.
• Software security company that uses Zendesk for customer support. They also use the Slack integration for Zendesk to view, create, and take action on support tickets, using Slack channels.
• Recruiting firm that uses Zoom Meetings & Chat to interview remote candidates. They also use the Zoom integration with Lever recruiting software to schedule interviews.

Direct Users

Direct users are customers who use cloud-based Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products to build and run their software—the do it yourself (DIY) model.

The software deployed in a customer’s account may be created by the customer, or purchased from a third-party software vendor and deployed within the customer’s cloud account. Direct users may purchase IaaS and PaaS services from multiple cloud providers.

Figure 2 – Direct users.

Examples of direct users include:

• Advanced hobbyist that uses AWS IoT Core and Amazon QuickSight as part of a custom Smart Home automation application.
• Private equity firm that maintains its own proprietary artificial intelligence-based investment recommendation engine using a combination of cloud-based services, like AWS Lambda and Amazon SageMaker.
• Mobile payment company that uses Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon DynamoDB to run its own high-volume credit card processing application. To help ensure PCI compliance, they also use Aqua’s customer-deployed product, Aqua Cloud Native Security Platform for ELS (BYOL).

Hybrid Users

Hybrid users are customers who use a combination of IaaS, PaaS, and SaaS products. They often connect multiple products as part of larger enterprise software application platforms.

Figure 3 – Hybrid users.

Examples of hybrid users include:

• Payroll company that hosts its proprietary payroll software product, using IaaS products like Amazon Elastic Compute Cloud (Amazon EC2) and Elastic Load Balancing. In addition, they use an integrated SaaS-based fraud detection product, like Cequence Security CQ botDefense, to ensure the safety and security of payroll customers.
• Online gaming company that operates its applications using the fully-managed container-based PaaS service, Amazon Elastic Container Service (Amazon ECS). To promote their gaming products, they use a SaaS-based marketing product like Mailchimp Marketing CRM.

Cloud-Based Software

Most cloud-based software is sold in one of two ways—customer-deployed, and software-as-a-service.

Figure 4 provides a breakdown by the method of product delivery on AWS Marketplace, as of February 2020. All items in the chart, except for SaaS, represent customer-deployed products.

Serverless applications are available elsewhere on AWS, and are not represented in the AWS Marketplace statistics.

Figure 4 – Delivery methods (except serverless) for AWS Marketplace products.

Customer-Deployed Software

Customer-deployed software products are sold by ISVs to consumers of cloud-based IaaS and PaaS services. These products are installed by the customer, systems integrator (SI), or ISV into the customer’s cloud account. Customer-deployed products are reminiscent of traditional “boxed” software.

Figure 5 – Customer-deployed software.

Customers typically pay a reoccurring hourly, monthly, or annual subscription fee for the software, commonly referred to as pay-as-you-go (PAYG). This subscription fee is in addition to the fees the cloud service provider charges for the underlying compute resources on which the customer-deployed software runs.

Figure 6 shows plan types for customer-deployed products on AWS Marketplace, as of February 2020.

Figure 6 – Plan types for customer-deployed products.

Some customer-deployed products may also require a software license. Software licenses are often purchased separately through other channels. Applying a license you already own to a newly purchased product is commonly referred to as bring your own license (BYOL).

BYOL is common in larger enterprise customers, who may have entered into an Enterprise License Agreement (ELA) with the ISV.

Customer-deployed software products can take a variety of forms. The most common include some combination of virtual machines (VMs) such as Amazon Machine Images (AMIs), Docker images, Amazon SageMaker models, or Infrastructure-as-Code such as AWS CloudFormation, HashiCorp Terraform, or Helm Charts.

Customers usually pull these products from a vendor’s AWS account, or other public or private repositories for source code or binaries. Figure 7 shows a breakdown of customer-deployed products on AWS Marketplace by the method of delivery.

Figure 7 – Delivery methods for customer-deployed products.

Although historically, AMIs have been the predominant method of customer-deployed software delivery, newer technologies such as Docker images, serverless, Amazon SageMaker models, and AWS Data Exchange datasets will continue to grow in this segment.

The AWS Serverless Application Repository (SAR) contains more than 500 serverless applications not reflected in this chart. Learn more about how AWS is making it easier to sell serverless software applications in AWS Marketplace.

Customer-deployed cloud-based software products may require a connection between the installed product and the ISV for product support, license verification, product upgrades, or security notifications.

Examples of customer-deployed software products include:

• Fortinet provides high-performance, integrated network security solutions for global enterprise businesses. Fortinet FortiGate (BYOL) Next-Generation Firewall is available on AWS Marketplace.
• Alluxio is a leader in data orchestration for big data, artificial intelligence and machine learning workloads. Alluxio Enterprise Edition – Caching for Data Analytics is available on AWS Marketplace.
• Kasten provides cloud-native data management for Amazon EKS. Kasten K10 offers backup and restore, disaster recovery, and mobility of Kubernetes applications, and is available on AWS Marketplace.
• Deep Vision AI specializes in visual recognition technology for images and videos. It offers several API products, including the Deep Vision context recognition API, Deep Vision brand recognition API, and Deep Vision face recognition API, all of which are sold on AWS Marketplace.

Deep Vision’s APIs work with Amazon SageMaker is priced on an hourly rate for real-time inference and batch transforms. Customer-deployed products designed for Amazon SageMaker are a growing category on AWS Marketplace.

Software-as-a-Service (SaaS)

SaaS products are deployed, managed, and sold by ISVs and hosted by a cloud provider such as AWS. A SaaS product may or may not interact with a customer’s cloud account.

SaaS products are similar to customer-deployed products with respect to their subscription-based fee structure. Subscriptions may be based on a unit of measure, often a period of time. Subscriptions may also be based on the number of users, requests, hosts, or the volume of data.

Figure 8 shows the pricing plans for SaaS products on AWS Marketplace, as of February 2020.

Figure 8 – Pricing plans for SaaS products on AWS Marketplace.

A significant difference between SaaS products and customer-deployed products is the lack of direct customer costs from the underlying cloud provider. The underlying costs are bundled into the subscription fee for the SaaS product.

Similar to customer-deployed products, SaaS products target both consumers and businesses. SaaS products span a wide variety of consumer, business, industry-specific, and technical categories. AWS Marketplace offers products from vendors covering eight major categories and over 70 sub-categories. The top categories are shown in Figure 9.

Figure 9 – SaaS product categories on AWS Marketplace.

I regularly work with a wide variety of cloud-based software vendors. In my experience, most cloud-based SaaS products fit into one of four categories, based on the primary way a customer interacts with the SaaS product:

• Standalone
• Data access
• Augmentation
• Discrete service

Standalone SaaS Products

A standalone SaaS product has no interaction with a customer’s cloud account. Customers of standalone SaaS products interact with the product through an interface provided by the SaaS vendor.

Many standalone SaaS products can import and export customer data, as well as integrate with other cloud-based SaaS products.

Figure 10 – SaaS standalone product.

Standalone SaaS products may target consumers, known as Business-to-Consumer (B2C SaaS). They may also target businesses, known as Business-to-Business (B2B SaaS).

Examples of standalone SaaS products include:

• A Cloud Guru is an online cloud training platform that sells its A Cloud Guru AWS Training & Certification on AWS Marketplace.
• Hubspot provides marketing, sales, and service B2B SaaS products for businesses. Hubspot, which is hosted on AWS in the United States, offers its Marketing Hub All-in-One Inbound Marketing Software through its website.
• Trello is another example of a B2B SaaS product. Trello’s product is hosted on AWS and enables users to organize and prioritize their projects.

Data Access SaaS Products

Data access refers to SaaS products that connect to a customer’s data sources either in their cloud account or on-premises. These SaaS products often fall into the categories of big data and data analytics, artificial intelligence and machine learning, and Internet of things (IoT).

Products in these categories work with large quantities of data. Given the sheer quantity of data or the real-time nature of the data, importing or manually inputting data directly into the SaaS product, through the SaaS vendor’s user interface, is unrealistic.

Often, these SaaS products will cache some portion of the customer’s data to reduce a customer’s data transfer costs.

Similar to the previous stand-alone SaaS products, customers of these SaaS products interact with the product thought a user interface provided by the SaaS vendor.

Figure 11- Data access SaaS product.

Examples of data access SaaS products include:

• Zepl provides an enterprise data science analytics platform that enables data exploration, analysis, and collaboration. Zepl Science and Analytics Platform provides integration to many types of customer data sources and other SQL databases.
• Sisense provides an enterprise-grade, cloud-native business intelligence and analytics platform, powered by AI. Sisense Business Intelligence lets customers prepare and analyze disparate big datasets using Sisense’s Data Connectors. The wide array of connectors provides connectivity to dozens of different cloud-based and on-premises data sources.
• Databricks provides a unified data analytics platform, designed for massive-scale data engineering and collaborative data science. Databricks Unified Analytics Platform allows customers to interact with data across many different data sources, data storage types, and data types, including batch and streaming.
• DataRobot provides an enterprise AI platform that enables enterprises to collaboratively harness the power of AI. Using connectors, customers can connect their data sources to DataRobot Automated Machine Learning for AWS.

Augmentation SaaS Products

Augmentation is a SaaS product that interacts with, and augments, a customer’s application, which is managed by the customer in their own cloud account. These SaaS products often maintain secure, loosely-coupled, unidirectional or bidirectional connections between the vendor’s SaaS product and the customer’s account.

Vendors on AWS often use services like Amazon EventBridge, AWS PrivateLink, and VPC Peering to interact with customers’ accounts and exchange data. Often, these SaaS products fall within the categories of security, logging and monitoring, and DevOps.

Customers of these types of SaaS products generally interact with their own software, as well as the SaaS product through an interface provided by the SaaS vendor.

Figure 12 – Augmentation SaaS product.

Examples of augmentation SaaS products include:

• CloudCheckr provides solutions that enable clients to optimize costs, security, and compliance on leading cloud providers. CloudCheckr Cloud Management Platform uses an AWS IAM cross-account role and Amazon S3 to exchange data between the customer’s account and their SaaS product.
• Splunk provides real-time operational intelligence. Splunk Cloud enables rapid application troubleshooting, ensures security and compliance, and provides monitoring of business-critical services in real-time.

Discrete Service SaaS Product

Discrete SaaS products are a variation of SaaS augmentation products. They provide specific, distinct functionality to a customer’s software application. These products may be an API, data source, or ML model, which is often accessed completely through a vendor’s API.

Figure 13 – Discrete service SaaS products.

These products have a limited or no visual user interface, and are sometimes referred to as a “Service as a Service.” Discrete SaaS products often fall into the categories of AI and ML, financial services, reference data, and authentication and authorization.

Examples of discrete SaaS products include:

• Twinword provides a variety of text analysis APIs, including the Sentiment Analysis API, Text Similarity API, Emotion Analysis API, and Text Classification API, all sold on AWS Marketplace. The APIs are priced based on the number of requests per month.
• Sensifai offers a comprehensive video recognition system that can be used to tag videos and pictures. Sensifai offers several SaaS-based APIs, including Automatic Video Recognition, Automatic Audio or Sound Classification, and Action Recognition (Trainable Algorithm), all sold on AWS Marketplace.

AWS Data Exchange SaaS Product

There is a new category of products on AWS Marketplace. Released in November 2019, AWS Data Exchange makes it easy to find, subscribe to, and use third-party data in the cloud. AWS Data Exchange vendors can publish new data, as well as automatically publish revisions to existing data, and notify subscribers.

Once subscribed to a data product, customers can use the AWS Data Exchange API to load data into Amazon S3 and then analyze it with a wide variety of AWS analytics and machine learning services.

Figure 14 – AWS Data Exchange SaaS products.

AWS Data Exchange seems to best fit the description of a customer-deployed product. However, given the nature of the vendor-subscriber relationship, where data may be regularly exchanged (revised and published by the vendor and pulled by the subscriber), I consider AWS Data Exchange a cloud-based hybrid product.

AWS Data Exchange products are available on AWS Marketplace. The list of qualified data providers is growing and includes Reuters, Foursquare, TransUnion, Pitney Bowes, IMDb, Epsilon, ADP, Dun & Bradstreet, and others.

As illustrated in Figure 15, data sets are available in the categories of financial services, public sector, healthcare, media, telecommunications, and more.

Figure 15 – Data exchange SaaS product categories in AWS Marketplace.

Examples of AWS Data Exchange SaaS products include:

• Dun & Bradstreet currently offers more than 30 data products on AWS Marketplace, delivered using AWS Data Exchange. Products include Direct Marketing Services – First Research Industry Profile, Insurance Agencies & Brokerages – First Research Industry Profile, and Department Stores (US) – Industry Marketing File. Dun & Bradstreet’s datasets are priced based on a 12-month subscription.
• Reuters currently has nine data products on AWS Marketplace, delivered using AWS Data Exchange. Products include Reuters News Archive: Automotive (1 Year), Reuters News Archive: Pharmaceutical (1 Year), and Reuters News Archive: Energy (1 Year).
• SafeGraph offers accurate Points-of-Interest (POI) data, business listings, and store visitor insights data for commercial places in the United States. SafeGraph currently offers 23 different products on AWS Marketplace, delivered using AWS Data Exchange. This includes SafeGraph Core Places – Restaurants, SafeGraph Core Places – Entire US, and SafeGraph Foot Traffic Patterns (2019) – Car Dealerships.

Conclusion

In this first post of my series, you have become familiar with the common ways in which customers consume cloud IaaS, PaaS, and SaaS services. We also explored the different ways in which ISVs sell their software products to customers.

Be sure to read the second post in my series called Interacting with Your Customer’s Cloud Accounts.

In future posts, I will examine different high-level SaaS architectures and review tenant isolation strategies. I will also discuss how SaaS providers can meet best-practices, like those from AWS SaaS Factory and the AWS Well-Architected Framework.

Here are some great references to help you learn more about building and managing SaaS products on AWS:

• SaaS Partners on AWS
• SaaS Partner success stories
• AWS SaaS Factory for APN Technology Partners
• AWS SaaS Competency for APN Consulting Partners
• AWS SaaS Factory on the APN Blog
• AWS Marketplace: SaaS-Based Products

About AWS SaaS Factory

AWS SaaS Factory helps organizations at any stage of the SaaS journey. Whether looking to build new products, migrate existing applications, or optimize SaaS solutions on AWS, we can help. Visit the AWS SaaS Factory Insights Hub to discover more technical and business content and best practices.

SaaS builders are encouraged to reach out to their account representative to inquire about engagement models and to work with the AWS SaaS Factory team.

Sign up to stay informed about the latest SaaS on AWS news, resources, and events.