Is it time for “Installed” Software as a Service?


A 3 minute read.

“Installed Software as a Service” sounds like an oxymoron. But it’s actually starting to happen and will accelerate even more.

Most enterprises embrace Software as a Service as their preferred method to solve an IT problem. Whether archiving (Sonian), CRM (, marketing (Hubspot), customer service (Zendesk) or accounting (Netsuite) there is a SaaS offering for nearly every need. It seems only the largest or most security sensitive organizations are not using SaaS. “Installed” SaaS is a delivery method that will make everyone happy about SaaS.

SaaS architectures are designed around massive multi-tenant services with appropriate per tenant (i.e. a customer) security. Multi-tenancy is for economies of scale (we all love SaaS’ low pricing, right?), but less desirable for the customer since data is commingled. Customers desire the managed aspect of of SaaS, but also want to control their own data. Managed by others with data control was a feat too hard or too expensive to accomplish, until now. Technology and market demand are aligning to give customers what they want.

The next wave of SaaS will provide the cost efficiencies of multi-tenancy with the security posture of single tenant. SaaS vendors will offer customers to “install” the service into the customer’s own cloud account. The SaaS vendor will still manage the software, but the customer will have ultimate control over the data structures. Costs will be higher for this type of offering, but customers are willing to pay more for their own control, and will still cost less than traditional on-premises self-managed.

How is “Installed SaaS” possible?

Three emerging technology trends make installed SaaS possible.

The first is the significant amount of devops automation that has matured over the prior seven years. Small teams are using mature tools and processes to fully automate cloud provisioning and software installation to manage massive multi-tenant stacks. This same tooling can manage many single tenant stacks with similar efficiency. Not as efficient as fully multi-tenant, but pretty close.

The second is technologies such as Docker (and containers in general) as well as new cloud capabilities from Amazon Web Services (and others following quickly) such as VPC, Encryption Key Management, Identity and Access Manager & Cloud Native Directory Services. These are all the ingredients SaaS vendors need to “install” into a customer’s cloud account. And now with well documented information security boundaries. With this configuration customers can have a “master” kill switch to cut off external access to their data files. CIOs love this idea.

The third is a new breed of third-party services that can independently “audit” a cloud environment for compliance, security and access. Projects such as Conjur are working on this. Another innovative project is CloudHealth which can monitor cost efficiencies for many single tenant installations and provide automatic cloud infrastructure optimization.

SaaS vendors will need to modify their stack architectures to deliver “installed” SaaS, so there needs to be customer demand to justify the expense. Customers are just now starting to ask for this operating mode.

Why is this different from managed services?

Managed remote services have been around for many years before the cloud became popular. But remote managed services simply supervised existing on-premises systems and didn’t offer the extreme cost efficiencies of the cloud.

What about “hybrid cloud?”

The concept of hybrid cloud is relevant at the IaaS layer. With a hybrid architecture a business can run machines on-premises and machines in a cloud like AWS and unite them together as “one cloud”… maybe even moving workloads between on-premises and cloud.
Installed SaaS is a different take. It focuses on the application layer (SaaS)… imagine if all the major SaaS vendors “installed” a footprint of the same app into a customers cloud account. The SaaS vendor still manages the app, deploys updates, monitors health, etc. But the customer can turn off access to the SaaS vendor and hold their data.

Where is the evidence?

Installed SaaS (or whatever industry term becomes mainstream popular) is an emerging trend. In speaking with larger enterprises I hear a consistent message: “We  want SaaS & cloud economics, but also want to control our own data.”  That desire will eventually be met by the SaaS vendors that need to differentiate in increasingly competitive commoditized markets. In the same way humanity is herky-jerky heading toward more open, more equal, more transparent, SaaS vendors will move toward more flexible delivery modes.

A recent example illustrates “installed” SaaS is beginning:

GitHub is now offering private managed GitHub Enterprise installations on AWS.

“Now it’s possible to deploy GitHub Enterprise, a private version of the service, on the popular Amazon Web Services public cloud.”

“Installed” SaaS is an oxymoron but also an emerging trend

I expect to see this trend continue with more SaaS offerings supporting “installed” mode. Customers will pay a premium to control their own data, but also want to participate in budget favorable cloud economics. “installed” SaaS is a win-win proposition.

Newer SaaS companies will have an easier time adapting their technology for “installed,” but who knows, maybe even a giant like will explore this oxymoron notion.

And wouldn’t it be great if services like Gmail or Dropbox allowed us to supply our own cloud account for data storage, and still benefit from the managed aspect of these popular services? Sign me up.


Look for SaaS vendors to offer a new way to meet customer demand to control their own data. New cloud deployment technologies allow SaaS application stacks to operate in a single tenant mode to support data privacy. There will be a few variations on this theme as to the actual technical details, but the end result is some form of “installed” SaaS into a customer’s own cloud account. SaaS vendors will be able to charge a premium because their costs are higher, and also because customers will pay for more data privacy and ultimately control of their data destiny.