Software as a Service (SaaS)
Software as a Service (SaaS) is the cloud delivery model where the vendor hosts the application, runs the infrastructure, and gives customers access through a web browser or API on a subscription basis.
Definition
Software as a Service (SaaS) is the cloud delivery model where the vendor hosts the application, runs the infrastructure, and gives customers access through a web browser or API on a subscription basis. The customer does not install, patch, or operate any software; they sign up, log in, and use the application. Salesforce pioneered the model commercially in 1999 and remains the canonical example of an enterprise SaaS platform.
SaaS sits in a three-tier cloud taxonomy alongside Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). SaaS provides a finished application (Salesforce Sales Cloud, Slack, Google Workspace). PaaS provides a runtime that customers build their own apps on top of (Salesforce Platform, Heroku, AWS Elastic Beanstalk). IaaS provides raw compute and storage (AWS EC2, Google Compute Engine). Salesforce uses all three tiers internally and resells multiple PaaS and SaaS products built on its own platform.
Why Salesforce became the SaaS reference architecture every B2B vendor copies
Multi-tenancy and shared infrastructure
The defining technical trait of SaaS is multi-tenancy. One physical software deployment serves many customers concurrently, with their data and configuration kept logically separated by tenant ID at the database layer. Salesforce runs roughly 150,000 orgs on a single platform instance, with each org isolated by OrgId in every row of every table. Multi-tenancy is what makes SaaS commercially viable: the vendor amortizes infrastructure cost across thousands of customers, and customers get continuous improvements without coordinating upgrades.
Subscription pricing and license entitlements
SaaS commercials are subscription-based, usually billed per user per month with annual commitments. Salesforce, for example, lists Sales Cloud Enterprise at $165 per user per month with a 1-year commitment, and discounts apply for multi-year or volume tiers. The license entitlements (record limits, API call ceilings, storage, feature flags) are enforced server-side by the SaaS vendor; customers cannot exceed the entitlements they have paid for. This pricing shape is what makes SaaS budgets predictable and what drives the Customer Success motion most SaaS vendors operate.
Automatic upgrades on a publishing cycle
Every SaaS customer is on the latest version of the application. The vendor pushes upgrades on a fixed cadence (Salesforce ships Spring, Summer, and Winter releases each year) and customers receive every new feature, bug fix, and security patch without managing the deploy. The trade-off is loss of control: a customer cannot opt out of a release, cannot pin to an old version, and must adapt to deprecations on the vendor's schedule. The benefit is huge: a 200,000-user customer gets the same upgrades as a 10-user customer, and the platform is always current.
Browser and API as the access surface
SaaS applications are accessed through a web browser, mobile app, or REST or SOAP API. There is no client installer beyond the browser. This is what allowed Salesforce to grow rapidly in the early 2000s: a salesperson with a laptop and a browser could log in from a coffee shop, with no IT installation. Modern SaaS applications expose deep APIs alongside the browser experience, which is what allows them to integrate with the rest of an enterprise stack through middleware like MuleSoft, Workato, or custom integration code.
Customization without code modification
Multi-tenant SaaS cannot let one customer modify the shared code; that would affect every tenant. The model solves this through metadata-driven configuration. The customer configures custom fields, custom objects, validation rules, flows, page layouts, and so on through a Setup UI, and the platform stores these as metadata. The application reads the metadata at runtime to render a customer-specific experience. This is what powers the Salesforce Platform PaaS offering: customers build entire applications on top of the SaaS Sales Cloud without ever modifying its source code.
Security, compliance, and shared responsibility
SaaS vendors operate a shared responsibility model. The vendor secures the infrastructure, the application code, the encryption at rest and in transit, the network, and the access control to physical data centers. The customer secures user access (passwords, MFA, SSO), data they put into the platform, and any third-party integrations they connect. Salesforce, for example, holds SOC 2 Type II, ISO 27001, HIPAA, FedRAMP, and several other certifications; the customer is responsible for any controls beyond those (data classification, retention policy, internal access reviews).
Where SaaS struggles
SaaS does not fit every workload. Applications with massive single-tenant data volumes (exabyte-scale data warehouses, high-frequency trading), strict data residency requirements (certain government and defense systems), or industry-specific regulatory environments that demand bare-metal control sometimes need on-premise or private-cloud deployments. SaaS is also less cost-effective at very high scale where the infrastructure share-cost benefit inverts: a 100,000-user customer of a SaaS application may be paying more than they would for a self-hosted equivalent, which is why some large enterprises run hybrid SaaS-and-on-prem deployments.
Evaluate a SaaS vendor as a buyer
Use the standard SaaS evaluation playbook to compare two vendors on security, scalability, customization, integration, and total cost of ownership.
- Confirm tenancy model and isolation
Ask the vendor whether the platform is multi-tenant, single-tenant, or hybrid. Request the architecture diagram showing how customer data is logically separated. Confirm encryption at rest and in transit.
- Review security and compliance certifications
Request SOC 2 Type II, ISO 27001, HIPAA, FedRAMP, GDPR, CCPA, and any industry-specific certifications relevant to your business. Review the latest audit report.
- Test the customization model
Stand up a trial or sandbox. Customize a custom object, a custom field, a workflow, and a report. Confirm the customization persists across upgrades and that you do not modify any vendor code.
- Validate API and integration capability
Pull the vendor REST and SOAP API docs. Confirm the endpoints you need (CRUD on every object, bulk operations, webhooks, OAuth 2.0). Test rate limits with a realistic load.
- Model total cost over five years
Project license growth, storage growth, API call growth, integration costs, and professional services. Compare to the equivalent on-prem build cost across the same horizon.
- Plan the exit
Confirm data export tooling. Request a sample export of every object you will store. Verify the export format is parseable and complete. A SaaS contract without a clean exit is a lock-in trap.
Vendor-hosted finished application. Customer accesses via browser and API.
Vendor-hosted runtime for customer-built apps. Salesforce Platform, Heroku.
Vendor-hosted compute, storage, and network. AWS EC2, Azure VMs.
Customer installs and operates the software in their own data center.
- SaaS upgrades are mandatory. Customers cannot pin to an old version. Plan a release-readiness program to validate each new release against your critical flows.
- Data residency varies by SaaS region. A US-hosted SaaS contract may not satisfy EU residency rules; confirm the data center geography in writing before signing.
- API rate limits and storage tiers are part of the entitlement. Heavy integration use can push you into a higher tier mid-contract; model usage growth into the budget.
- Exiting a SaaS contract requires data export and reintegration somewhere else. Negotiate clean export tooling and historical retention before the renewal conversation.
Trust & references
Cross-checked against the following references.
- What Is Cloud ComputingSalesforce
- Software as a ServiceSalesforce
- Salesforce TrustSalesforce
Straight from the source - Salesforce's reference material on Software as a Service (SaaS).
- Salesforce SaaS OverviewSalesforce
- Salesforce ComplianceSalesforce
- Salesforce Release CycleSalesforce Help
Hands-on resources to go deeper on Software as a Service (SaaS).
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Test your knowledge
Q1. What is SaaS?
Q2. Who pioneered SaaS for enterprise?
Q3. What does it eliminate?
Discussion
Loading discussion…