Offtopic - SaaS ROI Explained and why On-Prem is a bad idea (for most)

In this post we explain what has been explained 50 million times over the last decade: SaaS has a many times better ROI than on-prem.

Our typical On-Prem customer that should have SaaS looks like this:

  • They run very old versions of eramba (Btw - we are security people that is involved in writing patching and vulnerability polices)

  • The underlying Linux that runs eramba has very old PHP versions, Etc.

  • They raise 900 million support tickets to us, not about eramba, about their infrastructure making a waste of their and our time.

Why SaaS is CHEAPER? On-Prem cost structure involves:

  • Our SaaS infrastructure is layers and duplicated. In AWS terms this means two zones within a single region. This requires at least: 1 x WAF, 1 x LB, 2 x EC2, 1 RDS (cluster), Multiple EBSs, Backup Service from AWS, S3, Etc. To all that, include network traffic, storage costs, Etc. You are looking at least 250-300 EUR / Month. That alone is %100-%110 of our SaaS fee (bear in mind our fee includes 2500 EUR of software)

Note: If you run all that in a single EC2 exposed to Internet it will be cheaper. Of course. You can run eramba on a Playstation as well, but let’s compare apples to apples.

  • We do some 20-30 updates a year. This requires manual intervention, test an upgrade on dev, run it on prod. At 3 hours per upgrade you are looking at 60-90 hours a year (some two weeks dedicated to eramba, does your team has that bandwidth?). How much is the hour?

  • Your IT teams will need to upgrade the underlying infrastructure. That will require some 10-20 upgrades a year. Same as above.

  • Skills - now to run the setup above you need to understand Linux, AWS, Dockers, Backups, Etc. You also need to understand how eramba works. Those skills costs money and we know for a fact, many of our customers do not have them. Building a house without skills is possible but the result will be questionable.

  • Time to response. If your IT department will do this then you are competing for their time with god knows how many other tasks. No mean to disrespect here, considering availability constrains these people deal with critical systems, GRC is hardly going to be a priority for them.

  • Our proceses are tested frequently (by us, a third party and a certification authority) and are ISO 27001 certified. Can you tell the same about the ones run by your IT department?

For the reasons above, we (and the rest of the planet) offer SaaS services. Is a simple financial decision, a very obvious one to make. We will be contacting all our existing customers with a tempting offer to move to SaaS soon.