‘On Premise’ Deployments or SaaS - Trends and How to Choose?

‘On Premise’ Deployments or SaaS - Shift in Deployment Trends

As the CTO of a global Regtech company, I talk to a great many tech leaders about TAINA providing both a SaaS model  and the ability to deploy our platform on premise. Over the last two years, the trend away from on premise towards SaaS has been significant.  In this article I will explain the reasons given by our customers for this shift in deployment trends.

The Trend Towards SaaS

Two years ago, I was talking to a Tier 1 bank about how they could implement our product, and the conversation was simply about how easy it was to deploy our platform onto their servers.  Fast forward to one year ago and the conversation with the same person was very different. This time I was being asked about how we could provide a SaaS offering, and their express desire was for us to host using Cloud computing.  This is now such a common request that most of our pre-sales technical information is based around our SaaS offering. So why the change in mindset? 

5 Reasons Financial Institutions are Moving from On-Premise to SaaS

The main factors which have helped to influence this change in perceptions in moving from on-premise to SaaS include:

• 1. The need to drive costs down.

Being able to select and use only the computing resources you need, as opposed to having large servers sat in your computer centre, running along using a fraction of its computing power, is clearly going to give you cost savings.  When running on premise it is common to see infrastructure teams procure huge servers just in case demand spikes.  SaaS providers invariably will host using a Cloud service provider and can therefore keep costs to a minimum by reducing ‘wasted’ computing resource.  Even if your customer hosts using a Cloud service provider, a SaaS provider can share infrastructure across several of its customers, therefore benefitting from economies of scale. 

But it isn’t just computer resource that helps keep costs lower when employing a SaaS model.  Take a look at any implementation of software in any large organisation and you will see the average project duration will be measured in months, and in some cases years.  The cost of having project teams assigned for that extended period, whilst they try and train in-house technical teams on how to install, configure, upgrade and troubleshoot your software is significant.  Even if your customer uses modern technologies such as Kubernetes, which should in theory be much easier to deploy, the project time savings using the SaaS model are significant.  We find that SaaS implementations are typically much, much shorter, typically measured in days or weeks, as opposed to being measured in months.

• 2. A scarcity of skills.

Organisations naturally have a common or core set of technologies that they use.  However, where a customer purchases a range of software products and wishes to host those products themselves, you have to expect that  you now need to have the skills to support the range of new technologies. This is often  over and above your core, approved tech stack.  The net result is that those companies who insist on hosting software often find themselves with a skills shortage.

• 3. Ease of maintenance.

These days many software providers employ Agile software practices, with new versions being delivered every couple of weeks.  Those vendors clearly understand their product, including how to upgrade, configure and troubleshoot any problems.  For a customer insisting on taking products in-house life isn’t so easy.  Our experience is that we can continue to provide upgrades to customers using the SaaS model every two weeks, but for those customers hosting themselves, they tend to take upgrades every three months!

• 4. Speed to market.

I mentioned implementations above, and implementing a new software product via a SaaS offering is most definitely faster than hosting the software yourself.  As a SaaS provider we can have services available in hours rather than months, and in some cases years, where the customer hosts.  One of the main reasons we see all the time for this extended period are the internal processes that customers need to go through in order to install any software within their firewalls.  It’s understandable: if you are bringing software inside then you do need to be certain that your information security risk profile isn’t seriously increased.  Whilst our customer’s IT teams are doing the correct thing managing risk, it does hinder their ability to react quickly.  Being able to deploy new software quickly is a vital element in being competitive in the current climate.  Having long, drawn out projects is a sure-fire way to limit your ability to get to market quickly.

• 5. Data Security: Outsourcing risk

If malicious actors are able to gain access to your systems, stealing your customer data or disrupting services then this will cause you significant reputational damage.  There is a section of IT leaders that feel it is better to outsource this risk!  This isn’t a common mindset, and some IT leaders would be horrified at the mention of this, but we have heard the sentiment expressed to us that it would at least be better if the customer could blame the SaaS provider rather than admit the breach was their fault! When you adopt SaaS model, the SaaS provider will have a whole team of dedicated to constantly monitoring, managing and defending your data against attacks.

3 Barriers to Moving to SaaS

Whilst perceptions are most definitely changing, we do still see some resistance to using SaaS.  The main reasons we see for this include:

• 1. Perceptions regarding information security.

There is a very common perception that using a SaaS model will in some way significantly increase your risk profile.  Whilst I accept that in order to employ SaaS you are often moving your data outside of your own firewalls and opening up extra connectivity, this perception makes little sense to me.  SaaS providers understand that customers are rightly nervous about transferring their data, but any professional SaaS provider will go to great lengths to protect that data that I often believe the data is more secure than if were to stay on premise. 

As a SaaS provider we take information security so incredibly seriously.  We employ dedicated teams of people to ensure best practice is always followed.  We understand our software, we understand its strengths and its weaknesses.  We understand how sensitive it is to certain controls and it stands to reason that we would do a better job of securing our own software than our customer would if they were to host it.

• 2. Data transfer

In many organisations we talk to, their IT resource is scarce and it can take months or years to obtain approval for a project.  This clearly limits the ability to transfer data in certain circumstances, especially if you need API development undertaking.  It is a common reason we are given for not wishing to engage with the SaaS model.  There are two answers we give to this: firstly, as a SaaS provider we know and understand the problem, and that is why we put in place many mechanisms to avoid this barrier.  Secondly, if data transfer is needed, then regardless of whether the solution is made available via SaaS or whether it is hosted internally, you still have work to do. 

Take our platform for example, it can of course accept a wide range of data, and some advanced features do need this data, but equally it can stand on its own without any form of data transfer or integration whatsoever.  We also provide very simple mechanisms whereby any business person with access to the data can run a very ‘light touch’ data transfer system.  Most organisations will be able to extract data in some shape or form without involving IT, and with a little clever thinking we can achieve data transfers without complex project involving IT.

• 3. Legacy systems.

Most organisations, especially the larger ones, have legacy systems.  Their business teams have been repeatedly told that no one can touch these, let alone integrate a SaaS platform with them.  These legacy systems often involve important logic, data, or both, that are needed.  Or so they have been told!  Most SaaS providers have clever ways around the need to integrate with legacy systems.  We have run several implementations where this problem was explained to be a showstopper from the outset, but when we analysed the problems, there was always a simple way to avoid having to touch legacy systems. 

How to Choose Between ‘On Premise’ or SaaS?

Having been in the industry for over 25 years, and having been on both sides of a SaaS agreement, I would suggest the following points are the most common factors in deciding whether to use SaaS or stay on premise:

• 1. Cost.

This seems obvious, but one mistake I have seen repeated time and again is failure to accurately identify all the hidden costs.  Implementation costs are obvious, but what about the ongoing maintenance costs, e.g., the cost of having someone run security updates or product updates every month?  What about the management costs?  What about the cost of supporting a product on premise if it goes wrong?  Be careful to identify all the hidden costs, especially the ongoing ones.

• 2. Product capabilities.

Again, this would seem obvious, and the product must be fit for purpose, but one aspect I see regularly missed from the calculation is the product roadmap.  A product strong, in particular areas, but what will the landscape look like in 6-12 months?  It is vital to consider not only the capabilities here and now, but also how those are likely to change over time.

• 3. Due diligence on the SaaS supplier.

There are many ways to achieve this but is clearly a vital consideration.  I have found that the best, and most revealing approach, is to talk to a supplier’s existing customers, ideally without the supplier present in the room.  Only then will you find out what they are really like as a supplier.

• 4. Time to market.

A product maybe perfect on paper, it may be innovative, feature rich, etc., but if you cannot get the product to market quickly, or in time, you will lose competitive advantage.  We often talk to customers who decided to build their own solution, only to have them re-engage with us a year later when they realise, they need to move quickly.

• 5. Ease of maintenance.

Implementing a product now is one thing but keeping that up to date over the coming months and years is an entirely different proposition.  Many SaaS providers will have a frequent product update cadence, the good ones as often as every couple of weeks.  There are a few industries where this is less important, but in many – compliance for example – you cannot afford not to provide continual updates.

• 6. Information & data security.

Data sovereignty is vital, as is information security.  The initial reaction is often that using SaaS is less acceptable than on premise in this aspect, but for reasons explained above, this is rarely the case in practice.  All good SaaS providers allow for data sovereignty controls and ensuring the highest levels of information security.

Can you afford not to use SaaS?

Having worked on both sides of the SaaS model for decades I understand the complexities in deciding whether to go on premise or use SaaS.  It is very clear to me that momentum is gathering more and more towards SaaS.  Perceptions around having ‘walled gardens’ are rapidly changing, either out of necessity to move quickly, or organically as people realise that their initial fears about the SaaS model are simply not being realised.  The first instinct of customers is becoming more to use SaaS as the default.  More and more the question is becoming ‘Can you afford not to use SaaS?’.

For more information on how TAINA's fully automated FATCA and CRS Validation platform is deployed using both a on premise or SaaS Model, get in touch or request a demo to see it in action.