SaaS is a model for accessing an hosted application developed by a vendor. Typically, access is through a web app, mobile app, or an API. And it is is usually billed by user, API calls, or seats and billing is subscription-based.
Subscription-based models have implications for customers because of the low capital expense to get started and implications for SaaS vendors because of the security issues and cost considerations. The classic example of SaaS is Salesforce CRM; Salesforce has moved into PaaS (Force.com) but it started as SaaS and still generates the bulk of its revenue from SaaS. There are literally tons of other SaaS vendors we all use daily — Box, Zendesk, MailChimp, Moz, Maketo, and Hubspot are just a few. In terms of customer control, this is the most limited delivery model of cloud computing.
PaaS models allow you to deploy and scale your own application to cloud infrastructure without managing servers and/or databases. You may have some control over the infrastructure but it is limited.
Users of PaaS typically do not have access to the underlying operating system or network devices. Developers can focus on the application, written in a language of their choice, without worrying about building and maintaining the server to run it. The example most developers would think of is Heroku, which is part of Salesforce. There are others, like CloudFoundry and newer offerings like dotCloud. There is also a super cool compliant PaaS just for healthcare… yes, Datica
This as the blank slate of cloud computing that has been the driving disruptive force in computing over the last 15 years and is a huge cloud focus for hospital CIOs in 2017. As opposed to SaaS and PaaS, which build layers of abstraction to interact with customers and keep them away from the OS, IaaS vendors provide customers with access to operating system and sometimes network components.
You can think of it as a hosted linux prompt. AWS and Rackspace are the prototypes for this. This is usually the cheapest option. It’s a blank slate, and developers can customize down to the OS level. With that control comes more responsibility and ultimately more time spent on infrastructure. The decision that needs to be made in assessing IaaS is whether time and resources should be spent configuring servers and databases, or does it make more sense to spend a little more money on infrastructure but have more resources for your core product and differentiation. Or, in other words, should you choose a PaaS offering or stay with IaaS?
If you plan on interacting with PHI in any other way beyond simply storing it, you would be wise to consider a PaaS like Datica. Our Compliant Cloud Platform lets you move fast on the world’s leading infrastructure providers, like AWS or Microsoft Azure, while keeping the compliance folks happy.