SaaS vs private cloud IoT applications
If you are building IoT applications, you are most likely going to deploy on a SaaS platform or a private cloud. Each have their own pros and cons.
SaaS vs private cloud IoT applications
SaaS vs. Private Cloud IoT Applications
I'm constantly asked about the pros and cons of Software as a Service (SaaS) and Private Cloud IoT applications. It is a complex topic that spans business, legal, and technical issues. Below you will find some insights to hopefully help you make the right decision for your business.
Basic Definitions
SaaS IoT Applications
- Delivered as a managed service
- Paid as a monthly or annual fee, typically per-device or per-transaction
- Service availability is the responsibility of the service provider
- 24x7 monitoring is the responsibility of the service provider
- Your data is collected and stored by the service provider
Private Cloud Applications
- Delivered as software or containers to be self-hosted
- Purchased as a service or as a perpetual software license
- Service availability is your responsibility
- 24x7 monitoring is your responsibility
- Your data is collected and stored within your hosting provider
Managed Service or Self-Hosting
One of the most important factors determining if you should use SaaS or Private Cloud solutions is whether you have the technical capabilities to host and manage the software yourself.
The old IBM commercials show the server lost in the back of the broom closet covered in dust still working away without anyone noticing… If only life were that easy. The reality is that hosting an application involves a number of on-going tasks:
Deploying the Servers and Software
Whether installing software on a group of virtual machines, or deploying a complex Kubernetes application, there is a minimal effort that must be taken to deploy the IoT application.
Keeping Up to Date on Security Fixes and Updates
Great, you deployed an IoT application at your hosting provider — but now you need to manage updates from the vendor and updates to the underlying infrastructure. The IoT market is under constant attack, and it is essential to be ready to continuously and quickly update your application as vulnerabilities are discovered and patched.
Further, not all of the infrastructure required to host an application will be covered by the software vendor. Vendors supplying software typically don't provide recommendations for fixes to the underlying virtual machines or networking components outside the scope of their software. There is peace of mind in using a SaaS service where all of these issues are managed by someone else.
Monitoring the Health of the Solution
Technically waiting for someone to call and say "hey, the site isn't working" is a monitoring strategy, but it's not the right approach. Monitoring means having instrumentation checking the health of the application and sending alerts when problems occur — and having people watching for those alerts who are prepared to act. Customers expect IoT solutions to be 99.9% available, which permits about 43 minutes of downtime per month.
Solutions designed for Private Cloud should provide tools to monitor application health; you just have to provide the people to respond when an alert fires.
Predictable Pricing
SaaS offers a fixed, bundled price that is easy to evaluate — compute, networking, storage, firewalls, logs, and backups are all included. With Private Cloud deployments, all of these cost components are managed by you, and simple mistakes can cost the company thousands of dollars per month.
SaaS Provider Experience and Capabilities
It is important to ask the same operational questions of any SaaS provider that you would ask yourself before self-hosting. The IoT industry includes companies of all shapes, sizes, and maturities. I have encountered SaaS providers with no redundancy, no monitoring, and minimal infrastructure — but whose software was solid enough to make self-hosting a better path to production.
In summary: if your company has a competent IT group with the ability to deploy, manage, and monitor 3rd party applications, Private Cloud may be the way to go. If your core business does not involve managing applications, SaaS is the way to go.
Data Access and Ownership
One of the most important drivers in the SaaS vs. Private Cloud decision is who owns your customer data and who can access it.
GDPR & CCPA
If you provide services in the European Union or California, your data falls under the GDPR or the CCPA. SaaS vendors must provide documentation explaining their compliance, which you must share with your customers. Key consumer rights include:
- Know what personal data is being collected about them
- Know whether their personal data is sold or disclosed, and to whom
- Ability to opt-out of the sale of personal data
- Request a copy of all personal data collected about them
- Request to be forgotten — you must be able to delete all information about a customer
If a potential SaaS vendor cannot supply required compliance documentation, treat it as a red flag. With Private Cloud, you control the data and require no documentation from your software provider.
National Data Access/Hosting Restrictions
Customers in utility, municipal, or transportation sectors commonly require that data be hosted in a specific country or region and accessible only to citizens of that region. When faced with these requirements, SaaS providers may not be able to guarantee compliance. Private Cloud is the solution in these cases.
Ownership of the Data
Some SaaS contracts technically grant the provider ownership of all collected data, with the right to re-sell it without notifying customers. This poses grave liability risks. With a Private Cloud deployment the answer is clear: you own and store the data.
Access to the Data
In IoT, data is typically not encrypted end-to-end, meaning the SaaS provider has access to sensor data from your devices. This access is often necessary to provide technical support, but it should only occur on your request. With Private Cloud, you control who can access the data.
Connecting the Device to Your Application
Cellular Connectivity and the Internet
If your device supports standards-based encryption and is compatible with typical internet NAT policies, you can use the public network with a wide range of connectivity plans. Solutions using non-standard or trivially encoded "encryption" have no business on the internet and should use private VPNs. Standard internet connectivity routes easily to SaaS applications.
Cellular Connectivity and Private VPNs
Most connectivity providers can establish a VPN between the network core and your network. While costly and time-consuming to set up, private VPNs offer benefits like static IP addresses and greater device security flexibility. Routing to a Private Cloud application is straightforward, but connecting to a SaaS application over a private VPN requires additional infrastructure such as VPN chaining or carrier-direct VPN termination at the SaaS provider.
LoRaWAN Connectivity
LoRaWAN solutions have many options for integrating with both Private Cloud and SaaS vendors. Most services support HTTPS data push, and SaaS vendors typically offer integrations from the LoRa Network Server (LNS) for rapid, secure device onboarding.
Sensor as a Service
An emerging trend bundles the device, SIM, and software into a single subscription — with the device cost either amortized over the subscription life or paid upfront. This is highly attractive if you want to build your own application to ingest IoT data without managing device or connectivity details. Providers typically push data via MQTT, HTTP, or hyperscale gateways like Azure IoT Hub or AWS IoT Core.
Red Flags
SaaS Red Flags
| Question | Red Flag Answer | Implication |
|---|---|---|
| During the demo, could you see other customer names or devices? | Yes | Poor information security management |
| Were you shown a live customer's account and data? | Yes | Poor information security management |
| Were multiple evaluators co-resident in the same demo account? | Yes | Poor information security management |
| Could you receive a copy of the vendor's DPA and privacy policy? | No | Immaturity handling legal requirements |
| Can the vendor articulate their SLA and how it is achieved? | No | Immaturity in hosting SaaS applications |
| Can devices communicate securely over the internet? | No | Additional infrastructure required |
Private Cloud Red Flags
| Question | Red Flag Answer | Implication |
|---|---|---|
| Is the application fault tolerant with no single point of failure? | Unclear | Lacks maturity for private cloud deployment |
| Does the vendor supply install, upgrade, and maintenance documentation? | No | Should not be deployed in private cloud |
| Does the application provide easy backup and lifecycle mechanisms? | No | Should not be deployed in private cloud |
| Is the application container-based? | No | Software-based apps are significantly harder to manage |
Summary
There is no one-size-fits-all approach. You need to understand the requirements of your business case, the capabilities of your technical team, and the economics of the solution you are trying to deliver. Both SaaS and Private Cloud deployments have their place and can be very powerful for delivering IoT solutions.
At Tartabit, we provide both options. Our IoT Bridge is available as a SaaS offering in the Azure Marketplace, or it can be deployed as a Kubernetes-native application in your Private Cloud environment. While our preferred hosting partner is Microsoft Azure, IoT Bridge runs in any Kubernetes environment.