What is Software as a Service? Why Paying Someone Else to Deal With Servers Makes Sense
oftware as a Service means the software runs on someone else's servers and you pay for access to it. No installation, no maintenance, no infrastructure. Here is what SaaS actually is, how it changed software delivery, and the decisions behind when it makes sense vs owning your own stack.
At some point in your career, someone is going to ask why you pay $300 a month for a tool you could theoretically build yourself. Maybe it is a project management tool. Maybe it is an email service. Maybe it is a CRM. And there is always someone in the room who says "why don't we just build that?"
The answer, almost always, is that building it is the easy part. Running it is not.
Software as a Service — SaaS — is the model where someone else builds the software, runs it on their infrastructure, maintains it, updates it, and sells you access to it, usually via a monthly or annual subscription. You open a browser, log in, and use it. No installation. No server configuration. No database to manage. No backup strategy to implement. No on-call rotation when the thing goes down at 2 AM.
That is the whole model. And understanding why it became dominant tells you a lot about where software development cost actually lives.
What the Old Model Looked Like
Before SaaS, enterprise software worked differently. A company bought a software license — a one-time purchase, often for tens or hundreds of thousands of dollars. They received a CD, or a download, or a physical delivery. Then they installed it on their own servers. Then they maintained those servers. Then they hired people to manage the installation. Then they negotiated upgrade contracts when new versions released. Then they dealt with compatibility issues when their hardware or operating system changed.
Every piece of that chain was cost. The license was just the beginning. The ongoing operational burden was often larger than the initial purchase price over a multi-year horizon.
Salesforce launched in 1999 and specifically positioned itself as an alternative to this model. "No software" was their early tagline. They ran CRM on their servers, accessed over the internet. The customer paid a monthly fee per user and received a continually updated product that they never had to install or maintain. The model worked. Salesforce is now worth over $200 billion.
The Salesforce bet was that customers would trade some control and customization flexibility for zero operational burden. That bet turned out to be right, over and over, across almost every category of business software.
What You Are Actually Paying For
When you pay for a SaaS product, you are paying for several things bundled together — whether you think about them that way or not.
- Infrastructure: The servers, the database, the networking, the storage, the CDN. All of it. Provisioned, paid for, and operated by someone else.
- Reliability engineering: The on-call rotation. The incident response. The monitoring. The pager alerts at 3 AM when something breaks. The post-mortems after downtime. SaaS pricing includes the cost of someone else's SRE team ensuring the system stays up.
- Security operations: Patch management. Vulnerability scanning. Penetration testing. SOC 2 compliance. GDPR compliance. When a zero-day hits a library they use, they fix it, not you.
- Product development: The engineering team that keeps building features, fixing bugs, and improving the product over time. You pay once and receive ongoing improvements.
- Data backup and disaster recovery: Automated backups, tested restore procedures, geographically distributed data storage. The cost of the catastrophic failure that did not happen.
When you look at it this way, a $500/month SaaS subscription for something your team uses daily is not expensive. Staffing, equipping, and operating an equivalent capability in-house — even at modest scale — costs more when you account for all the above honestly.
What SaaS Gives Up
The trade is real. You are not just getting something for free. You are giving things up.
- Customization: Most SaaS products are designed for a wide range of customers. The features are what the vendor decided to build, not what you specifically need. Deep customization either does not exist or requires expensive enterprise agreements.
- Data location: Your data is on their servers, in their databases, subject to their terms of service. If the vendor gets acquired, changes pricing, or shuts down, you have a problem. Data portability is a real risk that most SaaS buyers underestimate until something goes wrong.
- Cost at scale: SaaS pricing is typically per-seat, per-use, or per-volume. At small scale, SaaS is almost always cheaper than self-hosting. At very large scale, the math sometimes flips. Companies with 50,000 employees paying per-seat licensing fees occasionally save money by building or running equivalent tools themselves.
- Integration complexity: Each SaaS tool has its own API, its own authentication model, its own data format. Building workflows that span multiple SaaS products — a CRM talking to an email tool talking to a customer support system — requires integration work that would not exist if everything lived in the same codebase.
- Vendor lock-in: The longer you use a SaaS tool and the more your processes depend on it, the harder it becomes to switch. This is by design, not accident. SaaS vendors invest in making switching painful.
None of these trade-offs are deal-breakers for most use cases. They are the correct trade-offs for most organizations most of the time. But they should be made consciously, not accidentally.
SaaS, PaaS, IaaS
SaaS exists in the context of three cloud computing models that partition responsibility differently.
- Software as a Service is fully managed software. You consume it as an end product. Gmail, Slack, Notion, Linear, Figma, GitHub, Shopify — all SaaS. The vendor runs everything. You just use the product.
- Platform as a Service is managed infrastructure where you deploy your own application code. Heroku, Railway, Render, Fly.io — you push code, the platform handles servers, operating systems, load balancing, and scaling. What is Platform as a Service covers this in detail, including the real decisions around when PaaS makes more sense than building on raw infrastructure.
- Infrastructure as a Service is virtualized hardware that you control completely. AWS EC2, DigitalOcean Droplets, Hetzner VMs — you get a server, you decide what runs on it, you manage Linux, the web server, the database, everything. The full cost of operations sits with you. What is Infrastructure as a Service covers what that actually demands.
Most real-world setups combine all three. A company might use GitHub (SaaS) for version control, deploy their application on Kubernetes on AWS EKS (IaaS), use Railway (PaaS) for internal tooling, and Slack (SaaS) for communication. The tier is a tool choice, not a religion.
How SaaS Actually Works
The technical mechanism that makes SaaS economically viable is multi-tenancy. One deployment of the software serves many customers simultaneously, with data isolation between them.
In a single-tenant model, each customer gets their own infrastructure instance. Separate database, separate servers, separate everything. This is expensive and defeats the core economic logic of SaaS — the provider cannot amortize infrastructure costs across customers.
In multi-tenant SaaS, a single database, single application deployment, and single infrastructure setup serves thousands of customers. The economics change completely. The marginal cost of adding customer 5,000 is tiny compared to the cost of the deployment that serves them.
The engineering challenge is data isolation. Customer A must never see Customer B's data. This seems obvious but requires deliberate architectural decisions:
-- Row-level security in PostgreSQL: every query automatically scoped to tenant
CREATE POLICY tenant_isolation ON orders
USING (tenant_id = current_setting('app.tenant_id')::uuid);
ALTER TABLE orders ENABLE ROW LEVEL SECURITY;
-- Set tenant context before any queries
SET app.tenant_id = 'customer-uuid-here';
SELECT * FROM orders; -- automatically returns only this tenant's orders
// Application-level: tenant context injected into every request
function createTenantContext(tenantId: string) {
return {
async query<T>(sql: string, params: unknown[]): Promise<T[]> {
const client = await pool.connect();
try {
await client.query(`SET app.tenant_id = '${tenantId}'`);
const result = await client.query<T>(sql, params);
return result.rows;
} finally {
client.release();
}
}
};
}
Row-level security enforces isolation at the database level. Even if application code has a bug that forgets to filter by tenant, the database rejects queries that would return another tenant's data. Defense in depth for one of the most critical security properties in multi-tenant SaaS.
Pricing Models
SaaS pricing varies widely by product category and customer segment. Understanding the models helps you evaluate what you are actually buying.
- Per-seat pricing: A fixed price per user per month. GitHub, Slack, Linear, Figma all price this way. Predictable, scales with team size, can become expensive as organizations grow.
- Usage-based pricing: You pay for what you consume — API calls, compute seconds, database rows, email messages sent. AWS, Twilio, SendGrid, and many developer tools price this way. Aligns cost with value, but makes budgeting harder. A single misconfigured job that hammers an API endpoint can generate surprising bills.
- Tier-based pricing: A few fixed plans (Starter, Pro, Business, Enterprise) each with different feature sets and limits. Most consumer SaaS and many SMB tools use this model. Simpler for buyers. Often involves artificial feature gates that push customers toward higher tiers.
- Enterprise custom pricing: Large customers negotiate custom contracts. Volume discounts, custom SLAs, dedicated support, security review access, compliance certifications. Enterprise deals are often 10-100x the list price of the public tier.
Freemium — a free tier with paid upgrades — is a distribution and marketing strategy overlaid on top of any of the above models. The free tier acquires users; conversion to paid is the business objective. Evaluating freemium SaaS requires understanding which limits the free tier imposes and whether they are compatible with your actual use case before becoming dependent on the product.
Building SaaS vs Buying It
This is the decision that matters most for developers and technical founders.
The case for buying: operational burden is immediate and real. Building a product and running infrastructure simultaneously is hard. Every hour spent configuring servers, debugging Nginx, rotating TLS certificates, or investigating mysterious disk usage is an hour not spent on the product features that differentiate you. At early stage especially, the trade-off usually favors buying.
The case for building: total cost of ownership at scale, control over the roadmap, data ownership, and integration depth. Shopify-scale merchants eventually hit situations where Shopify's platform constraints are expensive in ways that self-hosted e-commerce would not be. Airbnb's messaging infrastructure outgrew Twilio's pricing model at their scale. GitHub at its current scale is not buying version control SaaS; they run it.
The practical answer for most teams most of the time: buy until the build case becomes obvious. The build case becomes obvious when one of these is true — the cost is prohibitive at your current scale, the vendor's feature set does not match your requirements and cannot be extended, or the strategic dependency on the vendor creates unacceptable risk.
Until that point, pay for the SaaS tool and spend the engineering time building what your users actually need.
The Reliability Expectation
SaaS vendors publish SLAs — Service Level Agreements — that specify uptime guarantees. 99.9% uptime means 8.7 hours of downtime per year. 99.99% means 52 minutes. 99.999% means about 5 minutes.
The gap between 99.9% and 99.99% sounds small and is not. The engineering required to go from three nines to four nines is typically an order of magnitude more expensive in both people and infrastructure.
Reading an SLA requires understanding what "uptime" means for that vendor. Whether partial degradation counts. How outages are measured. What credits are available when SLAs are breached and whether those credits meaningfully compensate for actual business impact. A credit of 10% of your monthly bill when an outage costs you days of engineering time and lost revenue is not adequate compensation — it is a legal fig leaf.
The implicit assumption behind every SaaS purchase: the vendor's reliability is better than what you would achieve running it yourself with equivalent resources. For most companies buying SaaS from established vendors, that assumption is correct. For infrastructure-critical components where outages are catastrophic — payment processing, core authentication, the primary data store — the assumption deserves serious scrutiny before you take the dependency.
SaaS and the Modern Development Stack
The development toolchain for most software companies today is entirely SaaS: GitHub or GitLab for version control, Linear or Jira for project management, Datadog or Grafana Cloud for observability, PagerDuty for incident management, Stripe for payments, SendGrid or Postmark for email, Auth0 or Clerk for authentication, Cloudflare for CDN and DNS, Sentry for error tracking.
Each of these represents a category where the SaaS vendor's specialized focus produces a better product than any generalist team would build for themselves. Stripe has rebuilt payment processing infrastructure that individually would take years of specialized engineering to replicate. Auth0 handles authentication edge cases — MFA, social login, enterprise SSO, compliance certifications — that are genuinely hard to get right. Sentry has aggregated error patterns across thousands of applications in ways that improve the product for every customer.
The concentration of development tooling in SaaS means modern software companies can ship faster with smaller teams than was possible in the era of self-hosted everything. That is a real productivity gain. The corresponding risk — dependency on vendors whose pricing, availability, and feature decisions you do not control — is real too.
The decision is never binary. SaaS or self-host is not the question. Which components are worth the SaaS premium, and which are worth building or running yourself, given your scale, your resources, and the strategic importance of each capability — that is the question. And the answer changes as you grow.
When a founder building a startup uses GitHub (SaaS), Ghost (SaaS), and Stripe (SaaS) to ship their first product: that is the right call. When an organization at the scale of a large tech company runs its own internal version control, its own email infrastructure, and its own payment processing: that is also, usually, the right call. The inflection point between the two is a business decision that looks different for every company. The only wrong answer is making it without thinking about it.
How SaaS Is Built
Understanding how SaaS products are built helps you evaluate them and, if you are building one, make better architectural decisions.
- Application layer: The web application itself — typically a frontend React or Next.js application communicating with a backend API. The backend might be Node.js, Python/Django, Go, or Ruby on Rails. The choice depends on team expertise and performance requirements.
- Database layer: Most SaaS products use PostgreSQL for primary storage. Redis for caching, session storage, and rate limiting. Search infrastructure (Elasticsearch, Typesense) for full-text search. Sometimes an analytics database (BigQuery, ClickHouse) for reporting workloads that would tax the primary database.
- Background jobs: SaaS products do enormous amounts of work asynchronously. Sending emails. Generating reports. Processing file uploads. Syncing data with integrations. Running scheduled tasks. This runs through a job queue — Redis-backed queues, Amazon SQS, or dedicated tools like Sidekiq. Docker containers or Kubernetes worker deployments handle execution.
- CDN and static assets: CSS, JavaScript, and image assets are served from a CDN (Cloudflare, Fastly, CloudFront). The CDN caches assets at edge locations close to users globally. A request from Tokyo for a static JavaScript file does not hit a server in Virginia — it hits a CDN node in Singapore.
- Observability: Production SaaS runs error tracking (Sentry), application performance monitoring (Datadog, New Relic), infrastructure metrics (Prometheus + Grafana), and structured logging (Elasticsearch, Loki). Without these, debugging production issues is guesswork.
Compliance and Certifications
Enterprise SaaS buyers increasingly require compliance certifications. The common ones:
- SOC 2 Type II: An audit by an independent third party that the vendor's security, availability, and confidentiality controls are properly designed and operated over a period of time (usually 6-12 months). Enterprise customers routinely require SOC 2 Type II before signing contracts.
- ISO 27001: International standard for information security management systems. Common for vendors selling to European enterprises or regulated industries.
- GDPR compliance: European data protection regulation. Applies to any vendor that processes data of EU residents. Requires data processing agreements, data residency options in some cases, and processes for data deletion requests.
- HIPAA: US healthcare data compliance. Required for SaaS vendors storing or processing protected health information. Requires business associate agreements, additional technical safeguards, and audit logging.
- PCI DSS: Payment Card Industry Data Security Standard. Required for any system that handles card payment data. Most SaaS companies avoid storing raw card data by delegating to Stripe or Braintree, which handle PCI DSS compliance for the payment processing layer.
Achieving and maintaining certifications is expensive. SOC 2 Type II audit costs start at $30,000 and require ongoing compliance infrastructure. Enterprise SaaS vendors price this into their enterprise tiers. Startups often operate without these certifications initially and acquire them as enterprise sales require them.
Data Portability and Exit Strategy
Every SaaS dependency is a risk. Vendors get acquired. Pricing changes. Products get deprecated. Features you depend on get removed. The question is not whether any of these will happen to something you use — it is when and which ones.
Before taking a significant SaaS dependency, evaluate the exit:
What data do you have in the system? How much of it? How important?
What export format does the vendor provide? CSV export of your data is the minimum. API access to all your data is better. No export option is a serious red flag.
How long would migration take? A CRM with five years of customer interaction history is harder to migrate than a project management tool with six months of tickets. The migration cost is the switching cost.
What does the vendor's financial situation look like? Venture-backed startups can run out of money or get acqui-hired and shut down. Public companies with profitable products rarely disappear overnight. The risk profile differs.
The practice of building data exports and maintaining the ability to run without a SaaS tool for a few weeks is called defensive architecture. It is not paranoia. It is treating third-party dependencies with the same respect you would give any other systemic risk.
SaaS in 2025: The Maturation
The SaaS model that Salesforce pioneered in 1999 has proliferated into effectively every category of business software. Marketing automation, customer support, HR management, accounting, payroll, legal operations, security tooling, developer productivity — all primarily SaaS now.
The interesting tension emerging is around AI-native SaaS. Products like GitHub Copilot, Cursor, Notion AI, and dozens of others are SaaS products where AI capabilities are the primary differentiator. These products send your data (code, documents, conversations) to AI provider APIs to generate responses. The privacy implications of that data flow deserve evaluation — your code going to GitHub Copilot goes through GitHub, through Microsoft Azure OpenAI — and that evaluation is increasingly part of enterprise procurement.
The other shift: consolidation. The "best of breed" SaaS model — use the best tool for each function — has produced tool sprawl at many companies. Fifty SaaS subscriptions, each with their own API, their own authentication, their own data model. The consolidation trend is toward platforms: Salesforce for CRM and marketing, HubSpot for marketing and sales, Notion for documents and projects. The integration tax of too many single-purpose tools is real, and buyers are increasingly willing to accept a slightly worse product in each category for substantially better integration between categories.
The model works. It worked for Salesforce in 1999. It works for the thousands of SaaS companies running today. And it will work for software you build on top of, as long as you make the build-vs-buy decision consciously rather than reflexively, and plan your exit from the dependencies you take on before you need to use that plan.
Vertical SaaS vs Horizontal SaaS
Most of the names developers recognize are horizontal SaaS — tools that serve customers across many industries. Slack, GitHub, Stripe, Datadog work for e-commerce companies, healthcare providers, financial services firms, and manufacturing companies alike.
Vertical SaaS is built for a specific industry. Veeva Systems for pharmaceutical companies. Toast for restaurants. Procore for construction. Mindbody for fitness studios. The appeal of vertical SaaS: deep domain expertise baked into the product, integrations with industry-specific systems, compliance with industry-specific regulations, and pricing calibrated to industry-specific economics.
The structural advantage of vertical SaaS: lower competition within the niche, higher switching costs because the product is deeply integrated with industry workflows, and word-of-mouth distribution within tight industry communities. The disadvantage: smaller addressable market, deeper domain expertise required to build the product correctly, and slower feedback loops because you serve one type of customer.
For developers evaluating SaaS: horizontal tools are well-understood and have extensive documentation, community support, and examples. Vertical SaaS tools often have less documentation, smaller communities, and fewer third-party integrations. Factor this into evaluation.
Open-Source SaaS Alternatives
For many SaaS categories, open-source self-hosted alternatives exist. The trade-off is operational overhead in exchange for cost savings and data control.
Notable examples in common categories:
Email marketing: Listmonk (self-hosted) vs Mailchimp/ConvertKit (SaaS)
Analytics: Plausible or Umami (self-hosted) vs Google Analytics (SaaS)
Customer support: Chatwoot (self-hosted) vs Intercom/Zendesk (SaaS)
Error tracking: GlitchTip (self-hosted) vs Sentry (SaaS)
Status pages: Cachet (self-hosted) vs Statuspage.io (SaaS)
Authentication: Keycloak (self-hosted) vs Auth0/Clerk (SaaS)
Feature flags: Unleash (self-hosted) vs LaunchDarkly (SaaS)
Monitoring: Grafana + Prometheus (self-hosted) vs Datadog (SaaS)
The pattern: each open-source alternative requires you to run infrastructure, apply updates, manage backups, and handle incidents yourself. The SaaS alternative handles all of that and costs a monthly fee. For cash-constrained early-stage companies, self-hosted open-source often makes economic sense. For companies where developer time is more expensive than SaaS fees, paying for the managed version usually wins.
Ghost, which CoderOasis runs on, is another example of this pattern. Open-source, self-hostable, with a managed SaaS version (Ghost.io) for teams that do not want to operate infrastructure. I self-host because the cost savings matter and I am comfortable with the operational overhead. Read why I switched from WordPress to Ghost if you want the full story of that decision.
The category of "open-source SaaS alternative" has grown substantially in the last five years as awareness of data privacy, vendor lock-in, and SaaS pricing at scale has increased. The category will likely continue growing as AI components in SaaS products raise data sensitivity concerns and as the total cost of managed Kubernetes and cloud infrastructure decreases enough to make self-hosting economically compelling for smaller organizations.
The bottom line on SaaS: it is a delivery model that transfers operational risk from buyer to vendor in exchange for money and some loss of control. For most teams, most of the time, that trade makes sense. Evaluate it explicitly, understand the trade-offs you are accepting, build exit strategies for the dependencies that matter most, and spend the engineering time you save on building the things that actually differentiate your product.
Pricing Psychology and SaaS Sales
Understanding how SaaS is priced and sold helps you evaluate purchases and, if you are building SaaS, design your own go-to-market approach.
- Annual vs monthly billing: SaaS vendors strongly prefer annual billing — it reduces churn risk, improves cash flow, and simplifies revenue recognition. They incentivize annual commitments with discounts, typically 15-20% off the monthly equivalent. From the buyer's side, annual billing locks you in and reduces flexibility. Evaluate whether the discount justifies the commitment given your confidence in the product.
- The enterprise tier: Most SaaS products have an opaque "Enterprise" tier with custom pricing. This tier exists because large organizations have requirements — dedicated support, custom SLAs, SAML SSO, audit logs, compliance certifications, volume discounts — that are expensive to provide and valuable enough to price separately. If you are buying for a team over ~50 people or have specific compliance requirements, talk to sales rather than self-serve on the website pricing page.
- Seat creep: Per-seat pricing with easy onboarding is designed to grow within organizations. The champion who bought three seats becomes twenty seats when their team grows. The vendor wins if the product delivers value — the expanding usage represents genuine ROI. The risk is seat creep without corresponding value delivery, where adoption expands because the tool is convenient rather than because it is producing measurable outcomes.
- The freemium funnel: Free tiers acquire users at the top of the funnel. Conversion to paid happens when users hit usage limits, need collaboration features, or require admin controls. The free tier must be valuable enough that people continue using the product but constrained enough that teams need paid plans. This balance is one of the hardest product decisions in SaaS.
- Data network effects: Some SaaS products get better as more customers use them. Anomaly detection tools that aggregate patterns across customers. Benchmarking tools that compare your metrics against industry peers. Security tools that share threat intelligence across the customer base. These network effects are a genuine and often underappreciated part of the value proposition — you are not just paying for a tool, you are joining a network that improves the tool for everyone.
The Economics of Running SaaS
For developers who are building or considering building SaaS, the economics are worth understanding explicitly.
- Gross margin: SaaS businesses target 70-80%+ gross margins because infrastructure costs are low relative to revenue once scale is achieved. A $100/month subscription costs maybe $5-10 in cloud infrastructure, customer support, and payment processing per customer per month at scale. The rest funds sales, marketing, engineering, and profit.
- Churn: Monthly churn rates of 2-3% are typical for SMB SaaS. Annual churn of 20-30% means you must replace a fifth of your customer base each year just to stay flat. This is why SaaS companies invest heavily in customer success — reducing churn by a few percentage points is often worth more than equivalent investment in new customer acquisition.
- Customer acquisition cost and lifetime value: The ratio of LTV (lifetime value of a customer) to CAC (cost to acquire them) should exceed 3:1 for SaaS economics to work. If it costs $500 to acquire a customer who pays $100/month and churns after 8 months, the unit economics are negative. Getting LTV/CAC right is what determines whether a SaaS business is fundamentally healthy.
- Expansion revenue: The best SaaS businesses grow within their existing customer base. When customers expand from 10 seats to 50, from 100GB storage to 500GB, from the Starter plan to the Business plan — that is expansion revenue. Expansion revenue has no CAC attached to it. Businesses with strong expansion revenue can grow even with high new customer churn rates, because their best customers are getting more valuable over time.
Understanding these economics as a buyer helps you evaluate vendor health. A SaaS vendor with clear expansion revenue mechanics and a product that delivers measurable outcomes is building toward durable business. A vendor with aggressive discounting, constant feature announcements without depth, and no clear retention story is potentially building toward a pricing reset or acquisition exit that disrupts your operations.
The SaaS model has been the dominant paradigm for software delivery for over two decades, and nothing about the current technology landscape suggests that is changing. What is changing is the criteria for evaluation — AI capabilities, data privacy, consolidation versus best-of-breed, and the maturation of self-hosted alternatives are all shifting how sophisticated buyers approach the category. The model is not going anywhere. The decisions around it are getting more complex.
When SaaS Fails You
SaaS outages are not hypothetical. In 2021, a Fastly CDN misconfiguration took down major websites globally for about an hour. AWS has had notable S3 and EC2 outages that affected thousands of SaaS products simultaneously — because most SaaS runs on AWS. GitHub has had significant outages. Slack has had multi-hour degradation events. Stripe has had payment processing disruptions.
The failure modes differ from self-hosted outages in important ways. When your own infrastructure fails, you have full visibility into what is wrong, direct access to fix it, and control over the recovery timeline. When a SaaS vendor fails, you have none of these. You wait, you monitor the status page, you communicate to your users that a dependency is down, and you hope the vendor resolves it faster than your SLA buffer allows.
Designing for SaaS dependency failure means building graceful degradation. If your email provider is down, can your users still complete their primary tasks? If your analytics service is unreachable, does your application still function? If your payment processor has an outage during checkout, do you queue the transaction for retry or lose the sale?
These are engineering decisions that most teams do not make explicitly until a dependency fails and they discover what they assumed. Making them explicitly, documented as architecture decisions, is part of responsible SaaS dependency management.
Single points of failure in SaaS dependencies — where one vendor being down takes your entire product down — warrant either redundancy (multiple vendors for critical functions), fallback behavior (degraded but functional mode), or acceptance of the risk with explicit communication to stakeholders about the dependency's criticality.
The corollary: if you are building SaaS, your customers are making the same evaluation about you. Your reliability, your status page transparency during incidents, your communication during outages, and your recovery speed all affect whether customers trust you enough to take a deep dependency on your product. Reliability is a product feature. It is often the most important one.
SaaS changed software delivery permanently. The operational burden shifted from buyers to vendors. Development teams got faster. Small companies got access to enterprise-grade tooling they could never have built or maintained themselves. The cost — vendor dependency, pricing control by the vendor, reduced customization, data residency trade-offs — is real but for most organizations most of the time, smaller than the benefit. Evaluate it honestly. Make the decision consciously. And know how to get out before you need to.