Software as a Service (SaaS)
What is Software as a Service (SaaS)?
Software as a Service (SaaS)A cloud delivery model in which a vendor hosts and operates an application that customers access over the Internet on a subscription basis.
SaaS is a cloud service model where the provider runs the application, the underlying platform, and the infrastructure, while the customer simply consumes the software through a browser or API. The vendor handles patching, scaling, availability, and most of the security stack; the customer is responsible for its data, user identities, configuration, and integrations. Common SaaS risks include account takeover, OAuth-token abuse, third-party app over-permissioning, data leakage through shared links, and silent configuration drift. Typical controls include SSO with MFA, conditional access, SaaS Security Posture Management (SSPM), CASB inspection, and data-loss-prevention policies anchored to clear contractual responsibilities.
● Examples
- 01
Microsoft 365, Google Workspace, and Salesforce.
- 02
Slack and Zoom as collaboration SaaS suites.
● Frequently asked questions
What is Software as a Service (SaaS)?
A cloud delivery model in which a vendor hosts and operates an application that customers access over the Internet on a subscription basis. It belongs to the Cloud Security category of cybersecurity.
What does Software as a Service (SaaS) mean?
A cloud delivery model in which a vendor hosts and operates an application that customers access over the Internet on a subscription basis.
How do you defend against Software as a Service (SaaS)?
Defences for Software as a Service (SaaS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Software as a Service (SaaS)?
Common alternative names include: Software-as-a-Service, On-demand software.