In my last blog I described the origins of Cloud and highlighted some of the benefits of Infrastructure as a Service (IaaS), but this does not reflect the real value of Cloud. To uncover this, we will explore the concepts of Platform as a Service (PaaS) and Software as a Service (SaaS).
Platform as a Service – nitrous oxide for developers
PaaS can be thought of as a series of Lego blocks, with each block representing a service offering a distinct set of features that are easy to use. PaaS blocks build on top of IaaS blocks and other PaaS blocks, creating increasingly sophisticated capabilities.
Cloud providers ensure each service is highly and globally available, durable and operates consistently with low processing overheads. And as with IaaS, providers charge for their PaaS services on a “pay as you use” basis.
The range of PaaS services available is now very broad (see below for AWS in May 2019), with individual services offering lots of flexibility. For example, AWS RDS (Relational Database Service) offers multiple RDBMS engines (Oracle, Microsoft SQLServer, MySQL, PostgreSQL and Amazon Aurora) in many configurations.
Serverless PaaS services are particularly powerful. Originating as a concept to deliver solutions simply by deploying code, with the Cloud provider managing all aspects of the infrastructure the code runs on, this idea is now spreading to other types of service. AWS’s “Aurora Serverless” service offers a RMDBS where the developer only defines the schema and AWS handles everything else, including scaling, read replicas, backups and failover.
With Enterprise IT based delivery, developers are constrained to use products from a company’s “standard” software catalogue, must order both the software licences and hardware, wait for delivery and then hope the installation meets their needs. Introducing a new software standard is a protracted process: first identifying the correct “standard”, then building a centre of excellence with the skills in the new technology, designing patterns for use, establishing a chargeback model etc. – adding months to the solution’s timeline.
By contrast, PaaS services are immediately available, so developers can get the core scaffolding of their solutions running in minutes. This allows them to focus on the business problem (and later, to be able to experiment with different PaaS services to optimise around performance and cost).
The result is better solutions, delivered faster using fewer staff.
Software as a Service – a rich ecosystem of high-quality functionality
SaaS predates Cloud (SalesForces started life in 1999), however today most SaaS vendors (such as Fintechs) their build solutions on Cloud and leverage PaaS services extensively.
SaaS solutions are developed and managed remotely from their customers, who access functionality via browser-based UIs, APIs and SDKs. Customers simply consume the solution and are charged for the amount they use (potentially with subscription charges as well).
As a result, they only need to think about their data and processes, rather than manage software installations on-premises with attendant issues around upgrades, hardware etc.
Embedding SaaS vendors into business processes can prove very effective, allowing companies to transition to modern, cheaper and more scalable solutions whilst incrementally removing expensive incumbent technologies.
As an example, Capital Markets organisations normally use traditional vendors (such as Murex or Calypso) for their derivatives trading operations. These are expensive large scale, multi-product systems that provide execution and post-trade functionality, including pricing and risk. When deployed either on-premises or in Cloud, these systems generate significant IT overhead and costs, not least in hosting their HPC grids.
Organisations could save on costs by selectively using SaaS vendor solutions such as Clarus Charm for their risk management requirements, whilst continuing to use the incumbent system for other requirements, providing more flexibility and more timely information.
Note that SaaS solutions are a form of outsourcing, and this can present challenges for highly regulated organisations. For example, FCA guidance requires financial sector organisations to have a sufficient understanding of the vendor’s solution and operations so that the risks are well understood.
In particular, how a vendor manages its customer’s data is a key area of concern. Even well-established SaaS vendors can have serious incidents with their customer’s data (e.g. SalesForce, May 2019).
For some SaaS solutions, customer’s data can be managed entirely in-memory and never stored (this is the approach used by Charm). Data is provided by the customer’s users within a dedicated secure session created for the user, and deleted once that session ends.
Where the solution needs to store customer data for extended periods, at a minimum the data should be encrypted at rest using a master encryption key managed by the customer. This allows the customer to exit easily (simply deleting the master key removes any access to the data without having to physically remove it from the SaaS vendor’s systems) and allows regulated organisations to meet their obligations to provide effective access to data to regulators and other relevant authorities.
Summary
For those companies able to leverage it, PaaS revolutionises the delivery of business solutions. It dramatically shrinks the time to delivery whilst increasing performance, availability and global reach: it is the essence of software-based Agility and the fundamental benefit of using Cloud.
SaaS offers companies the ability to transition away from owning and managing their entire fleet of solutions, allowing them to save costs and focus their resources on their core business strategy, whilst using vendor solutions for their non-strategic processing.