Modern On-prem vs. SaaS
With a Modern On-prem offering, your customers will be able to install your application just about anywhere: bare metal servers, in a cloud VPC, in their own Kubernetes cluster, GovCloud, vSphere, etc. This is arguably the most secure way that your customers can use your application, where they can enforce any security policies they wish, and they never have to send data outside of their control. Instead of your customer sending their data to you, you send your application to your customer.
Implications for SaaS Vendors
From the perspective of SaaS vendors, offering a Modern On-prem version could be perceived as a bit of a compromise. In reality, offering a Modern On-prem version is not too different from adding any other EnterpriseReady feature like SSO, RBAC, audit logging, etc. All of these features diverge from the core value proposition of an application but are necessary to gain adoption by many enterprises. It is important for vendors to understand the enterprise perspective on Modern On-prem, as this will help frame the requirements more fully for solution-oriented vendors. The most important takeaway is that it isn’t personal. Despite your best efforts to build trust and provide assurance to your customers that you can process their data securely, they’re better off mitigating that risk completely across their portfolio of vendors (which means you’re 1 in 1000). For SaaS vendors who are used to having direct access to the system where their application is running, they’ll need to focus on ensuring all processes are automated, disconnected troubleshooting tools are available, and that licensing and entitlements are enforceable offline.
- Significantly reduced access to the data exhaust that is created by those using the application will have several business and technical impacts.
- Usage based licensing will need to be enforced by the systems with stronger cryptographic techniques.
- Distributing application code, even if compiled or obfuscated, does open up the door for customers to discover source code (this is true of all distributed software, which is why many Modern On-prem vendors actually have an open core model).
SaaS Vendor benefits
- Customer data will never flow through your systems, so you really won’t be “processing” any sensitive data. This significantly reduces the security requirements that most organizations will impose on you (a secure SDLC is still required) and can speed up the adoption process.
- This will benefit the vendor with reduced liability in relation to the transmission, processing, and storage of sensitive data (i.e., PII, trade secrets, etc.). Specifically, we believe this gives vendors stronger contractual grounds to enforce a cap in the limitation of liability.
- Vendors should see reduced hosting costs & higher margins.
- Opportunity is created to capture more market share / bigger customers with much less effort & shorter sales cycles than those provided by the traditional enterprise software model.