Resources for Software Companies
-
Find technical resources
-
Find business resources
-
Browse case studies
-
Browse podcast episodes
-
Browse all resources
-
Find technical resources
-
-
Find business resources
-
-
Browse case studies
-
Filter
Filter
-
Browse podcast episodes
-
Filter
-
Browse all resources
-
Explore our FAQs for companies moving to cloud and SaaS
Glossary
-
What is SaaS?
Software as a Services (SaaS) is a method to deploy and deliver your software. It is often combined with a subscription payment model. With SaaS, software companies typically provide a complete product, run and managed by them, and charge a subscription fee to the customers to provide the software.
With a SaaS offering, customers do not have to think about how the service is maintained or how the infrastructure is managed. SaaS with a subscription, can provide a low entry cost, flexible contract and fees combined with cloud driven product innovation and access from anywhere, making it an increasingly favourite way to purchase software solutions for many organizations. -
What is a subscription?
A subscription, in the software context, is a way to pay for a product or service. Customers pay a fees on a regular basis (monthly, quarterly, annual and so on), to access a service. While in the software world it is often combined with a SaaS delivery model, it can be associated also with on-premises or other software delivery models.
While a perpetual license, allows a customer to use a software indefinitely, with a subscription, they are entitled to use the software only during the subscription terms.
It is worth stressing how a SaaS model and a subscription model while often overlapping, can also be separate, the former focused on the technical aspect of delivering a software while the latter is more about a business model.
-
What is ARR and MRR?
ARR stands for Annual Recurring Revenue. This is an essential metric for a SaaS and subscription business. Subscriptions could have different terms and frequency. Some of your customers might have a 2 years subscription contract but billed monthly; others might be on a 1 year term and pay quarterly. ARR is a way to normalize and measure the health of a subscription business and 'normalize' how much revenue you can expect in the year from all your different customers.
It can help predict how much revenue you can expect in the upcoming year, it can be used to show the business progress, measure a company's growth
MRR is Monthly Recurring Revenue. It is very similar to ARR and the only difference is the period of time. ARR shows a longer term view, while MRR focuses on the short term.
-
What is LTV?
LTV, in the software context, refers to Lifetime Value (short for CLV or Customer Lifetime Value). LTV measure the profit your company makes from any given customer. It helps assessing the financial value of either an individual customer or it could be for the overall business.
It is often used in combination with the Customer Acquisition Cost (CAC). This compares the value of the customers with the cost of acquiring them. It helps making decisions about sales and marketing.
-
What is the churn rate?
Churn rate or attrition rate, is the measure of how many customers don't renew their subscription over a period of time. It is a term that can be used in many contexts, but it is a crucial indicator in a subscription business.
In the ideal world, none of your customers would leave your services and your churn rate would be a low as 0. In reality any SaaS subscription business will have a number of customers every year that will not renew the subscription and retain the services.
If the churn rate increases is a strong signal that the profitability of a software business might be at risk. It is vital to try and estimate the future churn rate.
Most SaaS subscription business focus heavily on improving customer satisfaction to ensure their churn rate is a low as possible.
The churn rate might be voluntary or involuntary. In some cases the churn is completely out of the business' control (a customer closing down), whereas in other cases it could be a conscious decision to terminate the subscription to move to a different provider or not use the service at all. The latter, ie. voluntary churn, is the primary measure of churn for many companies as it is directly related to their business and can be more easily influenced.
-
What does deferred revenue mean?
This is a particularly important concept for SaaS Subscription companies. It changes the balance sheet and when transitioning from a perpetual license business has significant implications.
In the software space, deferred revenue refer to when a company receives payments for software services, that have not been delivered yet. If a customer pays for a 1 year subscription to a SaaS solution, they might pay the total subscription upfront. However the service is delivered over the course of the year. When the 1 year payment is received the company does not record the full revenue, but typically it will record the revenue on a monthly basis over the course of the 12 months.
Let's look at an example and compare it against a perpetual model.
Perpetual Model Subscription Model Payment $10,000 for a perpetual license $10,000 per year Revenue recognized in the month of sale $10,000 $10,000/12 = $833 Revenue recognized in the first 6 months $10,000 $833x6 = $5,000 As the financial year of a company passes, the impact is higher. If a company's financial year runs from January to December, if a software sales takes place for $10,000 in December, the business can count on the full $10,000 revenue. In a subscription business however, the company can only recognize as revenue only $10,000/12 = $833
The advantage of a subscription model, however is that, once the initial 2-3 years transition is passed, the company will have a more predictable revenue stream. As the business transforms from a perpetual license model to a subscription model, the focus on innovation, customer service and a better understanding of their client, typically allow companies to generate more value from their customers.
The initially lower investment, brings faster growth, by making it easier to reach new markets and expands in new areas.
-
What is the difference between IaaS, PaaS, and SaaS?
Understanding the differences between Infrastructure as a Service, Platform as a Service, and Software as a Service, as well as what deployment strategies you can use, can help you decide what set of services is right for your needs. Read more about these types of cloud computing.
-
What is an Availability Zone?
AWS Cloud computing resources are housed in highly available data center facilities. To provide additional scalability and reliability, these data center facilities are located in different physical locations. These locations are categorized by regions and Availability Zones (AZs).
AWS Regions are large and widely dispersed into separate geographic locations. Availability Zones are distinct locations within an AWS Region that are engineered to be isolated from failures in other Availability Zones. They provide inexpensive, low-latency network connectivity to other Availability Zones in the same AWS Region.
AZs give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs. All traffic between AZs is encrypted. The network performance is sufficient to accomplish synchronous replication between AZs. AZs make partitioning applications for high availability easy. If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more. AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.
Resources for Security and Privacy
-
Data access on AWS
With AWS, customers own their data, control their location, and determine who has access to that data. We are transparent about how AWS services process the data uploaded to the AWS account (customer data), and we provide capabilities that allow encryption, deletion, and monitoring of the processing of customer data. This is based on the AWS shared responsibility model and the AWS customer agreement. The privacy features of AWS services provide an additional granularity per services.
Resources
- AWS Customer Agreement: this AWS Customer Agreement contains the terms and conditions that govern access to and use of the service offerings.
- Privacy features of AWS services: overview of the key privacy features of AWS Services which can be used to perform data transfer assessments in accordance with the Schrems II decision of the Court of Justice of the European Union, and the European Data Protection Board Recommendations on measures that supplement transfer tools.
- CISPE Data protection Code of Conduct: the CISPE Code assures organizations that their cloud infrastructure service provider meets the requirements applicable to a data processor under the GDPR. Ernst and Young CertifyPoint (EYCP) certified 52 AWS services as compliant, providing customers with additional confidence that they have been independently verified for compliance with GDPR.
- Shared Responsibility Model: security and compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
- AWS Nitro System: a combination of dedicated hardware and lightweight hypervisors enabling confidential computing, by which operator access is restricted.
-
United States Government access of customer data, the CLOUD Act
The CLOUD Act – which applies to all companies, including foreign companies doing business in the US — does not give US law enforcement unfettered access to data. It only applies to a narrow category of data: evidence sought in connection with a crime, such as terrorism, over which the US has jurisdiction.
Clarifying the CLOUD Act: a dedicated page explaining the details around the CLOUD Act and AWS.
IDC Clarification on the CLOUD Act: IDC clarification, diving deep in understanding the facts of the CLOUD Act.
AWS will challenge law enforcement requests for customer data from governmental bodies where the requests conflict with law, are overbroad, or where we otherwise have appropriate grounds to do so.
Resources
- AWS strengthened commitments on law enforcement requests: amendment to the customer agreement by challenging law enforcement requests and disclosing the minimum amount necessary.
- Law enforcement info requests report: bi- annual report of types and numbers of law enforcement requests Amazon processed.
- AWS Well-Architected: AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.
Technical best practices to ensure data protection
-
AWS and data movement
Customers choose the AWS Region(s) in which their content is stored. They can replicate and back up their content to more than one AWS Region. With AWS, customers have full control of their data, including where their data is stored, how it is secured, who has access, and how they architect their data sovereignty needs. AWS will process Customer Data only in accordance with Documented Instructions.
Resources
- Data Privacy FAQ
- AWS and Participation in Gaia-X, a EU initiative that brings together representatives from business, science, and politics to help define standards for the next generation of data infrastructure.
- Data Residency Guardrails in AWS Control Tower: Simplified way to translate data residency requirements into controls which can be applied to single and multi-account environments.
-
Data encryption on AWS
AWS notifies customers before disclosing data, and also provides a number of advanced encryption and key management services that customers can use to protect their content. Explore AWS' key data encryption resources.
Resources -
EU Laws, Privacy Shield and AWS
AWS customers and partners can continue to use AWS to transfer their content from Europe to the US and other countries, in compliance with EU data protection laws – including the General Data Protection Regulation (GDPR). Customers and partners can also store and process data within a region in the European Union and make sure there is no data transfers so that they comply with the ruling by Schrems II.
Resources
-
GDPR and how AWS can support
AWS is committed to offering services and resources to help our customers comply with data protection requirements that might apply to their activities, and has more than 500 features and services focused on security and compliance. With this in mind, in March 2018, we announced that all AWS services and features can be used in compliance with GDPR.
AWS offers a Data Processing Addendum (DPA) in the AWS Service Terms that applies automatically, whenever AWS customers use AWS services to process personal data uploaded to their AWS account. The GDPR-compliant terms of the AWS DPA are considered a high watermark for privacy compliance worldwide and exceed requirements of most other data protection laws. This means customers will achieve at least an equivalent – if not higher - compliance standard to that required under most data protection laws.
For more information on what AWS is doing to help customers navigate data protection requirements, see our Data Protection page.
Resources
- Data Privacy Centre: all resourced about Data Privacy at AWS.
- GDPR Center: all GDPR resources and FAQ.
- AWS compliance programs: the AWS Compliance Program helps customers to understand the robust controls in place at AWS to maintain security and compliance in the cloud.
- AWS Security, Identity and Compliance: overview of security use cases and the respective AWS services for data protection, identity & access management, network & application protection, threat detection & continuous monitoring as well as compliance & data privacy.
- AWS Well-Architected: AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.
- AWS Artifact: AWS Artifact is the go-to, central resource for compliance-related information that matters for AWS customers. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
-
Geographic location of data centers
AWS customers choose the AWS Region or Regions in which their content and servers will be located. This allows customers with geographic specific data residency requirements to establish environments in a location or locations of their choice. Customers retain complete control and ownership over the region in which their data is physically located, making it easy to meet regional compliance and data residency requirements. AWS will not move customer content without the customer’s consent, except as legally required.
Resources
- AWS Global Infrastructure: detailed overview of the current AWS Regions, Availability Zones, Points of Presence and countries and territories served.
- Regions and Availability Zones: map view of the location of AWS Regions and Availability Zones.
- Data Centers Info: extensive information on AWS data center’s perimeter layer, the infrastructure layer, data layer as well as the environmental layer.
-
Regulated sector on AWS
AWS has achieved a number of internationally recognized certifications and accreditations, demonstrating compliance with third-party assurance frameworks, including HIPAA, GDPR, Personal Health Data Protection in France (HDS), Cloud Computing Compliance Catalogue (C5), Government Standards in Spain (ENS high), Cyber Threat Protection in the UK (Cyber Essential Plus), Government Standards in the UK (G-Cloud), and the Attestation for Swiss Financial Market Supervisory Authority Circulars to meet the unique security, regulatory and compliance obligations of institutions from Regulated Sectors/Public Sector.
Resources
- Compliance Financial Institutions FAQ: frequently asked questions of the German financial institutions about using AWS.
- Compliance & Security for Financial Services: AWS understands the unique security, regulatory, and compliance obligations financial services institutions face on a global scale. This overview considers all resources and steps needed for financial institutions to securely navigate through the cloud.
- Cloud Governance for Financial Services: a framework to guide customers in establishing processes and selecting tools to manage and govern their AWS environment.
- AWS Artifact: the go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
- AWS Compliance Programs: this program helps customers understand the controls in place at AWS to maintain security and compliance in the cloud based on tying together governance- focused, audit-friendly services features with applicable compliance or audit standards.
- AWS in the Public Sector: one-stop resources for governments, non-profit organizations, education and healthcare institutions to pave the way for innovation and supporting world changing projects.