The importance of understanding SaaS licensing models

Edwin Covert
8 min readOct 5, 2022
Photo by ThisIsEngineering:

The use of cloud computing has increased for many organizations (Wiggers, 2021). Information Technology (IT) leaders like Chief Technology Officers (CTO) therefore need to understand the different approaches to licensing cloud computing software, particularly Software-as-a-Service (SaaS) applications. This article will discuss SaaS licensing approaches and analyze different aspects of the license models from the cost, scalability, customization, and network impact vantage point.

What is SaaS and How is it Beneficial?

SaaS applications continue to grow in popularity (Choudhary, 2007). In a SaaS application, organizations run applications already created by the service provider or developer via a web browser or other progressive web application; here the organization is not responsible for managing any aspect of the application (updates, patches, etc.) (Rafaels, 2015). SaaS applications offer benefits such as reduced capital costs upfront, an uncomplicated ability to scale both up and down based on need, and the ability to focus on core competencies (Woodford, 2020; Mears, 2018). Rafaels (2015) adds quicker market timing, fewer training costs, and increased agility to this list.

An Overview of Licensing Models

While there are many licensing models in use today, they break down into some basic types. Open Source Software (OSS) is a free-to-use or modify model. OSS is often a component of other software with different licensing models (Papoutsoglou et al., 2022). While this can be boon to software developers who can make use of already-developed code snippets, it also has its drawbacks. The recent issue of Log4j showed that often, application owners and enterprises do not even know what software undergirds their system and platforms (Kerner, 2022). Having a Software Bill of Materials (SBOM) can help ease some of these issues but that process becoming standard is still in its infancy (Cybersecurity and Infrastructure Security Agency, n.d.). However, few organizations rely only on OSS.

The shrink-wrapped, or retail, licensing model is what one gets when he or she purchases software either at a store or directly from a developer. The license is usually an End User Licensing Agreement (EULA) where the software user clicks ‘Yes’ indicating they accept the terms of the license. As Newitz (2018) points out, EULAs bind the user to license terms that are favorable to the software developer. For example, Newitz (2018) says often EULAs forbid users from publicly criticizing the developer or agree to have their use of the software monitored.

The last major licensing format is the enterprise license. This model says that the purchaser is seeking to use the software to address an enterprise-wide problem (Li et al., 2017). Depending on how the organization deploys the software, the license could be for on-premise (where organizations install the software on a physical device the purchaser owns and manages), virtually (where they install the software in non-physical environments such as public or private clouds), or some combination of these two; this is know as a hybrid deployment model (Li et al., 2017). It is this last model that is important to this article.

SaaS Licensing

Using SaaS applications is akin to renting an application. In SaaS applications, organizations have a set of users that have paid a subscription to the software developer or publisher; it is the developer or publisher who maintains the application in real time (Choudhary, 2007). This subscription approach provides several advantages for organizations. These include accessibility, efficiency, and uncomplicated deployments (Thales, 2022).

According to Thales (2022), organizations can access SaaS applications from nearly any device with a web browser or dedicated web application, get real-time and automatic updates to address security and functional issues, and because of its web-based nature, reduce deployment costs associated with traditional software rollouts. Edwards (2022) also notes that SaaS applications can reduce the prevalence of shadow IT where sub-elements of the organization deploy technology outside of the normal CTO process. Shadow IT can create unmanaged environments where security issues do not get addressed leading to potential vulnerabilities in the organization.

Analysis of SaaS and Traditional Approaches

By examining cost, scalability, customization, and network impact of SaaS applications over a traditional on-premise software deployment model, a CTO can better understand the benefits of the SaaS approach.


SaaS applications can provide cost savings over a traditional on-premise solution; however, there are several cost models that organizations should know when considering SaaS applications (Thales, 2022). First is the ‘freemium’ model where basic usage of the application is free but additional features require a paid subscription (Thales, 2022). A variation on ‘freemium’ is called feature-based pricing where there is a base price for basic utility while additional features require additional cost (Thales, 2022).

Another model is called usage-based pricing where organizations pay “based on the number of times they use the SaaS app” (Thales, 2022, para. 24). Providers typically bill at the end of the month on usage-based pricing. Providers can also put features and functionality together in a tier-pricing model. For example, perhaps a SaaS application only lets a user create ten documents at the ‘Silver’ level while the ‘Gold’ level allows for 100 documents. At the ‘Platinum’ level, the user gets 100 documents and the ability to export to other formats.

In this approach, they bundle specific elements of the SaaS application at different pricing tiers (Thales, 2022). The final approach is flat-rate pricing where everyone pays the same price regardless of usage, functionality, or feature set. This is the closest analog to traditional on-premise licensing. As Choudhary (2007) notes, traditional, or perpetual licenses become a significant investment and a sunk cost. If the organization finds it only needs specific features of a SaaS version of an application, it can reduce its costs based on that limited feature set.


Scalability is where the distinction between SaaS applications and traditional on-premise applications becomes apparent. In a traditional model, if the organization requires additional copies of a piece of software, it needs to deploy them in a traditional sense by installing them on each individual workstation or server. This can be time-consuming and result in IT inefficiency. With cloud deployed software, this process becomes easier.

By its ephemeral nature, organizations can spin up and spin down cloud instances, including SaaS applications as the need arises. According to leading virtual software developer VMware (2022), “Cloud scalability in cloud computing refers to the ability to increase or decrease IT resources as needed to meet changing demand. Scalability is one hallmark of the cloud and the primary driver of its exploding popularity with businesses” (para. 1). Such scalability provides the organization with the maximum amount of flexibility when deploying applications. The personnel costs associated with deploying software also diminish significantly.


With on-premise applications, it becomes an all-or-nothing approach. For example, if an organization wants to deploy the Microsoft Windows 11 operating system, it has to install all the additional software that comes bundled with that operating system. Microsoft has run afoul of European regulators over the years for this exact scenario (Dave, 2022). With SaaS applications however, organizations can pick the exact features they need and only pay for those; this is of course heavily dependent on the software itself and the provider.

Network Impact

Most SaaS applications run over the Internet, and most times, use a web browser for functionality. This means the organization requires robust network infrastructure and connectivity to make use of such applications. If connectivity goes out, organizations can experience lost productivity and increased costs (Elliot, 2014). Organizations that have a plan for such scenarios will minimize productivity losses and cost increases.

Brandon (2015) says organizations need to focus on three ideas in the event network connectivity goes out. First is to develop a contingency plan for how the organization will function be it with alternate vendors or on-premise options. Second, organizations should deploy applications that have an offline synchronization feature that allows continued work with no connectivity. Finally, organizations should ensure their members know how to be productive during such outages; they can teach their users how best to operate and react in times of crisis. Each of these three concepts will help reduce downtime when a network outage occurs.


Cloud computing has changed the way organizations deploy applications; SaaS applications are one of these new methods. With their ability to reduce costs, scale, and be customized, they can benefit businesses. However, it is imperative that CTOs understand what licensing model the SaaS application uses and what impact it will have on their organization’s network infrastructure. Only by addressing these concerns can CTOs truly leverage the SaaS approach for their organization.


Brandon, J. (2015, November 4). You moved to the cloud … the internet’s down. Now what? CIO. Retrieved September 29, 2022, from

Choudhary, V. (2007). Comparison of software quality under perpetual licensing and software as a Service. Journal of Management Information Systems, 24(2), 141–165.

Cybersecurity and Infrastructure Security Agency. (n.d.). Software bill of materials. Cybersecurity and Infrastructure Security Agency CISA. Retrieved September 27, 2022, from

Dave, P. (2022, April 1). Microsoft’s cloud business targeted by EU antitrust regulators. Reuters. Retrieved September 29, 2022, from

Edwards, J. (2022). The six steps to successful SaaS License Management. Welcome to CDW. Retrieved September 29, 2022, from

Elliot, S. (2014, December). DevOps and the cost of downtime: Fortune 1000 best practice metrics quantified. Needham, MA; International Data Corporation.

Kerner, S. M. (2022, January 27). Log4j explained: Everything you need to know. Retrieved September 27, 2022, from

Li, S., Cheng, H. K., Duan, Y., & Yang, Y.-C. (2017). A Study of Enterprise Software Licensing models. Journal of Management Information Systems, 34(1), 177–205.

Mears, J. (2018, February). The rise and rise of ID as a service. Biometric Technology Today, 5–8.

Newitz, A. (2018, January 19). Dangerous terms: A user’s guide to EULAs. Electronic Frontier Foundation. Retrieved September 27, 2022, from

Papoutsoglou, M., Kapitsaki, G. M., German, D., & Angelis, L. (2022). An analysis of open source software licensing questions in Stack Exchange sites. Journal of Systems and Software, 183, 111113.

Rafaels, R. (2015). Cloud Computing: from Beginning to End. CreateSpace Independent Publishing Platform.

Thales. (2022). SaaS licensing — what is SaaS licensing? Thales — SaaS Licensing . Retrieved September 29, 2022, from

VMware. (2022, September 25). What is cloud scalability?: Cloud scale. VMware. Retrieved September 29, 2022, from

Wiggers, K. (2021, July 30). AI weekly: AI Adoption Is Driving Cloud Growth. VentureBeat. Retrieved September 29, 2022, from

Woodford, C. (2020, October 18). Cloud Computing. Explain that stuff.



Edwin Covert

Cybersecurity, guitar, jazz, bourbon, rye, enterprise security architecture, current trophy husband. CISSP-ISSAP, CISM, CRISC, SCF, PMP at