IaaS, PaaS, and SaaS Transactions

Companies around the world are looking to optimize I.T. resources by moving to cloud. There are four main types of cloud deployment models. They are 1. Private cloud; 2. Public cloud; 3. Hybrid cloud; and 4. Community cloud. There are three main types of cloud delivery models. They include the following: 1. Infrastructure as a Service (IaaS); 2. Platform as a Service (PaaS); and 3. Software as a Service (SaaS). Companies need to select one each from the deployment and delivery models to move towards cloud. Cloud model selection need to depend on the size, structure, necessity, financial savings, and future outlook of the company.

Below is the very brief outline of IaaS, PaaS, and SaaS transactions. Please contact us by email or phone to further discuss about your need in this area.

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS) is a delivery model where the IT resources are virtualized and self-contained. The IT resources that are provided by cloud provider include hardware, network, storage, servers, and virtualization of these servers. The cloud provider is responsible for providing fresh initiated virtual servers. These virtual servers capacity depends on the specification provided by the IaaS subscriber including processing power, memory and storage needs. Scaling of the infrastructure is possible depending on the need with IaaS.

Examples of IaaS cloud providers include Rackspace private cloud powered by Red Hat, and Amazon Elastic Compute Cloud (EC2). Amazon EC2 provide services for both linux and windows instances. They also provide various Application Programming Interface (API) actions for EC2. The IaaS subscriber is responsible for operating system, installation, databases, security and their applications. With IaaS, the subscribing client has more control and provides greater security. However, you need to have an dedicated internal I.T. team to take care of the above tasks and development of products.

Platform as a Service (PaaS)

Platform as a Service (PaaS) is a delivery model where the pre-defined I.T. resources are configured and deployed for the PaaS subsriber to use right away. PaaS subscriber is only responsible for application configuration, deployment, and management. PaaS subscriber use I.T. resources provisioned by PaaS cloud provider and use the programming language, and other tools to deploy applications. PaaS cloud provider selection process involves comparing the type of run-time environment, middle-ware options and framework are supported by each of them to the potential subscriber’s liking. Container selection is also important for eliminating the need of installing entire Virtual Machine (VM). Custom apps can be built in the cloud using the default infrastructure of the provider for network, storage, virtual servers, operating systems, database, and security. Popular PaaS cloud provider is Salesforce.

Software as a Service (SaaS)

Software as a Service (SaaS) is a delivery model where the entire infrastructure is managed by cloud provider. The client of SaaS user need not develop anything other than use the service by subscribing to it. Any upgrades are instantaneous along with option of scaling, depending on the need of the user. All of the SaaS related product items are available on the internet with access to any user of SaaS client. Security and control are two major issues that may be relevant to SaaS subscriber. However, SaaS provider state in the terms of SaaS agreement that it is the responsibility of the SaaS subscriber to “…define the level of access and to whom you grant it.” Example of SaaS cloud provider include Zendesk.

Important Provisions for SaaS agreements

Is SaaS a Service or license?: The outcome of whether SaaS is a service or license would determine the SaaS subscriber rights in case of SaaS cloud provider bankruptcy. Upon bankruptcy, under 365 (n) of the bankruptcy code only the licensees are allowed to continue to use the licensed intellectual property. If SaaS cloud agreement is termed as a service, then the cloud provider may stop providing service. That is why it is important to negotiate an agreement with the cloud provider satisfying the bankruptcy code.

Service level: The first priority of SaaS subscriber is the amount of service availability. Determining the threshold level of number of users simultaneously using the service is key to the SaaS subscriber. The maximum amount of allowed down time and availability for service is also a negotiating point. If the maximum amount of allowed down time crosses the agreed upon threshold, then the remedy for the SaaS subscriber in the form of discounts to future services or any increased customer support etc. 

Confidentiality: SaaS subscriber customer personal information need to be kept private, and not shared with third parties. Even though the customer personal information is stored on the cloud, SaaS provider usually will not access the subscriber personal information except in exceptional circumstances such as when there is threat to the overall security of the cloud due to malware uploaded by a customer. All possible even remote ones must be considered for agreement purposes. 

Data security & Control: SaaS subscriber do not have any control over the security of the data on the cloud. The subscriber need to complete audit checks of data security policies of the cloud provider. The subscriber also needs to take backup of the customer information whenever possible. In case of security breach, SaaS subscriber should be one providing the notification to the customer rather than the cloud provider.

Customer service: SaaS cloud provider need to specify the typical response time to any problem related to the cloud. Depending on the complexity of the issue, it need to be resolved in a reasonable manner ranging from a few hours to not more than 48-36 hours.

I.P. ownership: Any subscriber related information, content, customer list belong to the subscriber alone. Cloud service provider also may have claim in materials related to I.P. that are developed and configured for the entire cloud. This I.P. is usually developed independent of any subscriber related service by the provider. The provider is just using it’s independently developed I.P. for providing service.

Other terms: Some other important terms include risk allocation and termination for cause and without cause.