This paper was written for ITEC 8502 – Seminar:Systems and Software Management as part of the Doctorate of Information Technology program at Walden University.
Open source software has helped propel Software as a Service (SaaS) into a disruptive technology. According to one study, SaaS sales hit $15 billion in the third quarter of this year, and this trend is expected to continue [19]. In this paper, I will review what literature has to say about SaaS and why it has become so popular with both small and large business alike.
Synthesis of Assigned Literature
Many authors start out the discussion of cloud technologies with a definition of the different levels of support that cloud technologies provide. Infrastructure as a Service (IaaS) provides the most basic services such as virtual machines that can be booted from user defined cloud storage [5]. Platform as a Service (PaaS) provides an interface to a cloud service for computing purposes [5]. Software as a Service (SaaS) refers to a software that is delivered online instead of installed locally, usually on a subscription basis [6]. One article took the concept further and introduced the concept of Tools as a Service (TaaS), which they defined as a groups of the other services that can be used to help a geographically dispersed group of developers collaborate on writing software [3]. SaaS isn’t entirely a new concept. As far back as the late 1940’s, businesses outsourced payroll services to a company that purchased the expensive punch-card driven computers [2]. The idea continued with the use of terminals that were used to access a mainframe computer. Eventually, the terminals were replaced with the personal computer, but with the advent of cloud computing, the concept of paying a subscription for a service has made a resurgence [2].
There are several reasons given for the popularity of SaaS that are repeated throughout the literature. Because the software is used online, there is not a need for servers or an on-site data center. Since businesses aren’t required to come up with the large up-front costs of computing hardware, SaaS is seen as having a lower cost than traditional on-site software [9]. Lower costs were one of the reasons that caused museums in Singapore to switch to SaaS in cataloging and inventorying their artifacts [20]. Since SaaS is usually subscription based, a business can choose to end the subscription when the need for the software has ended [3]). Open source software, free software that allows users to view and modify the code, is often the basis for SaaS, which allows SaaS providers to offer their services at a lower cost than commercial software [6].The total cost of ownership (TCO) is also reduced when using SaaS because there is a reduced need for information technology (IT) staffing [9]. In the case of the Singapore museums, the IT staff expertise was pooled and shared among facilities by using SaaS [20]. Using SaaS also reduces the time it may take to make a service available, since there is no need to order, install, and setup physical hardware, and then configure the software [6]. Another benefit of SaaS mentioned was scalability. SaaS can dynamically add resources to accommodate additional users [9]. Because SaaS is web based, it usually works well on all platforms, weather the application is being accessed on a Windows based computer, an Android based phone, or an iOS based tablet [3]. Multiple platforms must be taken into consideration if there is no control over the devices that the end users may possess, such as a group of volunteers [8]. One final advantage of SaaS given in several articles was the fact that the customers always get to use the most updated version of the software [3].
Even with all of these benefits, there are some pitfalls to using SaaS cited by the literature. Most often mentioned was the lack of customization of SaaS [9]. If a business decides to go with SaaS, they will have to deal with the interface provided. Another danger of SaaS is vendor lock-in [5]. Once a company’s data is on another company’s servers, the owners of the data are at the mercy of their SaaS provider. If the SaaS provider goes out of business, there is also potential for the data to disappear entirely [6]. Portability of data between service providers was also cited as a potential problem with SaaS [14]. As previously mentioned, one benefit cited for SaaS software was the fact that it is always updated, however, as software changes, it may no longer serve the needs of a company, or force a company to re-train the users of SaaS if there is a change in the user interface [6].
Security of SaaS was a theme that was either not discussed, or had differing conclusions in the literature. One article very specifically stated that security was not going to be discussed in their proposal of an innovative SaaS [5]. In some articles, security of the data is presented as a concern [9][6], whereas others saw the cloud as an opportunity to consolidate security [20]. Because there may be regulatory issues concerning the data, security should be serious consideration [6]. One article suggests that sensitive data can be kept locally, particularly if there may be differing laws concerning private data [3]. Since the discussion topic for this week was open source software (OSS) and SaaS, there was little discussion of open source, with the exception of Gallaugher, who addressed OSS thoroughly, and in particular, how it applies to SaaS [6]. Because of the lack of discussion of OSS, I chose this as a topic for further research. There also wasn’t discussion of different theories that support SaaS, or how SaaS should be viewed. In searching for the subject, Christensen’s theory of disruptive innovations was mentioned in conjunction with SaaS. Disruptive innovations not only disrupt the market, but often replace the existing technology [10].
Open Source Literature
I’m going to start the discussion of OSS with full disclosure: I am a huge advocate of open source software. I have presented at different conferences on my use of open source in the classroom, and have received media attention for putting it to use [15]. As most of the articles point out, it was the cost of OSS that made it preferable over commercial software. When I was teaching high school, I started teaching a web design class. I was given use of the computer lab that had Windows 95 computers, which was about 8 years old and several versions behind at the time. I spent every Friday afternoon cleaning spyware and viruses from the computers so they would be usable the next week. After reading an article about the Linux Terminal Services Project (LTSP), I purchased a server class computer from E-Bay. By using network boot disks on the workstations, I was able to have a Linux desktop available to all the students as well as centralized storage for their assignments [12]. Viruses and spyware were no longer an issue, and the desktops were very stable. If a student did manage to break their session, I only had to delete a configuration file that would get generated back to its default values when the student logged in the next time. By switching to OSS, I was able to give my students more software and more secure software, all while reducing costs for my school.
Not only does price lead individuals and organizations to OSS, but businesses also look at agility of the software, as well as the quality [1]. Because Netflix has developed their platform on OSS, they can charge so little [1]. As with SaaS, initial start-up costs are reduced since OSS is free [1]. But a business that chooses to use open source software can still make money. Some companies release their software as open source, but sell support contracts or services [18]. Other companies may sell add-ons to go along with OSS, or release separate licensing for individuals and businesses [18]. Money can also be made by releasing the software as SaaS, where the OSS is used on servers [18] .
Aside from costs, there are other positive features of OSS. Since OSS means that the code is available for anyone to read, the code has many more eyes that look through the code for bugs and security issues [11]. Some reports claim that a security hole in the open source software Apache Struts was responsible for the much publicized data breach at the Equifax credit agency [17]. However, an analysis of known vulnerabilities of previous versions of Struts hints that, if Apache Struts were the cause of the data breach, it is likely that Equifax had not applied the most recent security patches [7]. In fact, many software issues, weather OSS or commercial software, are usually caused by configuration errors and not bugs [21]. Even with stories like this, OSS is often chosen, in part, because it is seen as more secure [16].
However, even with free pricing, there is some resistance to using OSS. One study of librarians working in higher education in the United Kingdom found that most libraries were reluctant to use open source. Many librarians relied on the references from peers on which software packages to use, and this slowed the adaption of OSS [4]. This study parallels my own experiences with OSS, other teachers and administrators in the school district were reluctant to use OSS because they were unfamiliar with OSS, even though the costs of OSS made the software a very appealing option. OSS can also be seen as complex and time consuming to set up, and this attitude can keep users from adapting the free alternative [4].
When considering implementation of OSS, there are several tools available to help businesses determine what software will best meet their needs. Models such as the Navica Open Source Security Model (N-OSMM), Capgemini Open Source Security Model (C-OSMM), or the Methodology of Qualification and Selection of Open Source Software (QSOS) provide objective scoring methodologies in determining which project will best suit a business [16]. Each methodology has different strengths, and is intended for different target audiences. Another factor to look at when considering OSS is the community that supports and uses the software. An OSS company should be supporting the community that uses the software, as this will also be the same group that reports bugs, and helps provide documentation and support for the OSS project [11]. From my personal experience, most business will use OSS only if there is an option for paid support. Many companies have procurement processes that require some sort of signed contract [4]. Licensing can also be an issue for OSS adaptation. Some OSS licenses do not allow for any commercial use of the code, or require that the code remain open even if the code is repurposed for other software (Widenius & Nyman, 2014). Licensing issues have plagued many different OSS projects, particularly when they are challenged by commercial software companies with more resources to pursue legal action [6].
Because OSS comes with no cost, it has become the popular building block for many SaaS projects [6]. A recent web server survey of the top one million busiest websites show that OSS projects Apache web server and nginx comprise over 68% of the web servers for those sites [13]. This figure shows that OSS is very popular, reliable, and here for some time.
References
[1] Baldwin, H. (2014). Saying yes to open source. Computerworld, 48(8), 18–22.
[2] Campbell-Kelly, M. (2009). Historical reflections: The rise, fall, and resurrection of software as a service. Communications of the ACM, 52(5), 28-30. doi: http://dx.doi.org/10.1145/1506409.1506419.
[3] Chauhan, M & Babar, M. (2012). Cloud infrastructure for providing tools as a service: quality attributes and potential solutions. Proceedings of the WICSA/ECSA 2012, 5-13. doi: http://dx.doi.org/10.1145/2361999.2362002.
[4] Dalling, J., & Rafferty, P. (2013). Open source, open minds? Program, 47(4), 399–423. doi: http://dx.doi.org/10.1108/PROG-06-2012-0034.
[5] Fouquet, M., Niedermayer, H., & Carle, G. (2009). Cloud computing for the masses. In Proceedings of the 1st ACM workshop on user-provided networking: challenges and opportunities (pp. 31–36). New York, NY: ACM.
[6] Gallaugher, J. (2011). Software in flux: Partly cloudy and sometimes free. In Information systems: A manager’s guide to harnessing technology (pp. 375–434). Washington, DC: Flat World Education. Retrieved from http://www.saylor.org/site/textbooks/Information%20Systems.pdf.
[7] Gielen, R. (2017). Apache Struts statement on Equifax security breach. Retrieved from https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax.
[8] Gill, G. (2012). Pathfinders Eureka. Journal of Information Technology Education, 1, Case 7. Retrieved from http://www.jite.org/documents/DCVol01/v01-07-Eureka.pdf.
[9] Jacobs, D. (2005). Enterprise Software as Service. Queue – Enterprise Distributed Computing, 3(6), 36-42.
[10] Kaltenecker, N., Hess, T., & Huesig, S. (2015). Managing potentially disruptive innovations in software companies: Transforming from On-premises to the On-demand. The Journal of Strategic Information Systems, 24(4), 234–250. doi: http://dx.doi.org/10.1016/j.jsis.2015.08.006.
[11] Kilamo, T., Hammouda, I., Mikkonen, T., & Aaltonen, T. (2012). From proprietary to open source – Growing an open source ecosystem. Journal of Systems and Software, 85(7), 1467–1478. doi: http://dx.doi.org/10.1016/j.jss.2011.06.071.
[12] LTSP. (n.d.). Concepts. Retrieved from http://wiki.ltsp.org/wiki/Concepts.
[13] Netcraft. (2017). July 2017 Web server survey. Retrieved from https://news.netcraft.com/archives/2017/07/20/july-2017-web-server-survey.html.
[14] Shaw, J. (2011). Head out on that open road. CRN, (September), 22.
[15] Simpson, S. (2005). Students learn from software in Keokuk. Des Moines Register. p. S7.
[16] Umm-e-Laila, Zahoor, A., Mehboob, K., & Natha, S. (2017). Comparison of open source maturity models. Procedia Computer Science, 111, 348–354. doi: http://dx.doi.org/10.1016/j.procs.2017.06.033.
[17] Vaughan-Nichols, S. (2017). Equifax blames open-source software for its record-breaking security breach. Retrieved from http://www.zdnet.com/article/equifax-blames-open-source-software-for-its-record-breaking-security-breach/.
[18] Widenius, M., & Nyman, L. (2014). The Business of Open Source Software: A Primer. Technology Innovation Management Review, (January), 4–11. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=ent&AN=94361297&site=ehost-live.
[19] Woodburn, D. (2017). SaaS market predicted to double in size over next two years. Retrieved from https://www.channelweb.co.uk/crn-uk/news/3016566/saas-market-predicted-to-double-in-size-over-next-two-years.
[20] Wu, S & Chua, P. (2008). Museum collection management on-demand. Proceedings of the 2nd international conference on Theory and practice of electronic governance, 310-315. doi: http://dx.doi.org/10.1145/1509096.1509161.
[21] Yin, Z., Ma, X., Zheng, J., Zhou, Y., Bairavasundaram, L. N., & Pasupathy, S. (2011). An empirical study on configuration errors in commercial and open source systems. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles – SOSP ’11 (p. 159). New York, New York, USA: ACM Press. doi: http://dx.doi.org/10.1145/2043556.2043572.