Datica Blog

Saas, Paas, IaaS; What's the Difference?

Laleh Hassibi

Laleh Hassibi

Director of Content Marketing

July 4, 2017   Healthcare Cloud Cloud Computing

In a recent research report, Datica uncovered interesting trends in digital health, including healthcare cloud trends. One of the interesting trends we discovered was that, within healthcare, the definition of cloud is no longer only scoped to SaaS any longer as it had been in the recent past. In fact, healthcare companies are turning to cloud infrastructure services to help manage costs and increasing complexities.

In 2017, 75% of hospital CIOs plan to use IaaS services within the next year — up from just 15.3% in 2014. In light of this trend, we thought it a good time to once again define the three service delivery models prevalent in healthcare companies today.

Software-as-a-Service (SaaS)

SaaS is a model for accessing an hosted application developed by a vendor. Typically, access is through a web app, mobile app, or an API. And it is is usually billed by user, API calls, or seats and billing is subscription-based.

Subscription-based models have implications for customers because of the low capital expense to get started and implications for SaaS vendors because of the security issues and cost considerations. The classic example of SaaS is Salesforce CRM; Salesforce has moved into PaaS (Force.com) but it started as SaaS and still generates the bulk of its revenue from SaaS. There are literally tons of other SaaS vendors we all use daily — Box, Zendesk, MailChimp, Moz, Maketo, and Hubspot are just a few. In terms of customer control, this is the most limited delivery model of cloud computing.

Platform-as-a-Service (PaaS)

PaaS models allow you to deploy and scale your own application to cloud infrastructure without managing servers and/or databases. You may have some control over the infrastructure but it is limited.

Users of PaaS typically do not have access to the underlying operating system or network devices. Developers can focus on the application, written in a language of their choice, without worrying about building and maintaining the server to run it. The example most developers would think of is Heroku, which is part of Salesforce. There are others, like CloudFoundry and newer offerings like dotCloud. There is also a super cool compliant PaaS just for healthcare… yes, Datica

Infrastructure-as-a-Service (IaaS)

This as the blank slate of cloud computing that has been the driving disruptive force in computing over the last 15 years and is a huge cloud focus for hospital CIOs in 2017. As opposed to SaaS and PaaS, which build layers of abstraction to interact with customers and keep them away from the OS, IaaS vendors provide customers with access to operating system and sometimes network components.

You can think of it as a hosted linux prompt. AWS and Rackspace are the prototypes for this. This is usually the cheapest option. It’s a blank slate, and developers can customize down to the OS level. With that control comes more responsibility and ultimately more time spent on infrastructure. The decision that needs to be made in assessing IaaS is whether time and resources should be spent configuring servers and databases, or does it make more sense to spend a little more money on infrastructure but have more resources for your core product and differentiation. Or, in other words, should you choose a PaaS offering or stay with IaaS?

If you plan on interacting with PHI in any other way beyond simply storing it, you would be wise to consider a PaaS like Datica. Our Compliant Cloud Platform lets you move fast on the world’s leading infrastructure providers, like AWS or Microsoft Azure, while keeping the compliance folks happy.

Earlier

5 Steps to HITRUST CSF Certification

Complying with HIPAA and proving it are two very different things. Datica is HIPAA compliant AND can prove it with our HITRUST CSF certification.

Next Post

What does it take to be a 100% HIPAA compliant cloud company?

Datica has spent extensive time and money on security and organizational policies and procedures specifically to comply with HIPAA and share with our customers.