The Three Pillars for SaaS Applications

A couple of decades ago all enterprise-grade services were hosted on-premise.  Deployment, maintenance and administration of the services was done mostly in-house by system administrators. The end-users deployed the desktop software applications and needed extensive training to run and use the service. These days it is more common to get an app or a website that provide the same functionality as a SaaS program. Software as a service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over the internet. In this model, an independent software vendor (ISV) may contract a third-party cloud provider to host the application

There are 15000+ companies providing SaaS software services offered as part offor enterprise-grade B2B or B2C offerings/products. However, companies still do not build their services with the essential pillars that would make management of their product, operations and support much easier.

There are three pillars that are needed to build a scalable product hosted on the cloud – Administration, Security and Analytics. I plan to illustrate this with examples from my own business MobileArq that is a fundraising and communication platform for school districts

In my journey as a SAAS product manager, I find that software teams are always focused on the core product and offering.  Everything else that needs to be developed gets thrown into a backlog for their next release after the launch. In the name of an MVP, these essential pillars are not built in the initial launch. Even in larger companies, I find that these features get delayed for months and the damage is done – eventually the product fails under its own weight.  However, not having these essential pillars from Day One causes a lot of churn and huge support issues. In addition, this can lead to a small team getting burned out simply fielding the requests to maintain the customer day-to-day requests.


Administration activities for an app are onboarding end-users, adding/deleting/updating privileges for new roles, CRUD (create/update/delete) operations in the service for the customer as well as managing content. In MobileArq, school districts adopt the service for all of their parents. However, a school parent can decide whether they want to subscribe to the service. 

MobileArq provides the separation of duties through various roles – super administrators, administrators for the entire school/organization, functional administrators for a specific function (e.g., newsletter administrators).  The super administrator can assign a specific parent in the parent organization or school through a simple admin interface.  District wide administrators can check the activities in all of the schools whereas school administrators have access only to the activities in their school.

MobileArq has several modules one of which is the e-commerce portal. Through the administration interface, the school/PTA organization can setup stores, products and all of their attributes so that a parent can participate in the sale from the user app. When the user makes a purchase, the administrator can check the order and export all of the orders made over a time period to an excel spreadsheet.


 Security of the product cannot be built in as an after-thought.  There are bots that are scouting the internet 24X7 for new domains to attack and it takes only minutes to identify the security vulnerabilities. With the outsourcing of infrastructure services, software teams depend on the IAAS (Infrastructure as a Service) team to provide the security for their servers. However, as a software provider you need to take complete responsibility for their product-level security. Some questions to ask:

Are you implementing security and privacy in your development, deployment and releases?

Are you carrying out the necessary security scans (static and dynamic) of their software, penetration testing of their web-based services and keeping their product up-to-date with the latest software packages?

The OWASP web security checklist is a good one to implement your c


Analytics (also called metrics) is an essential pillar of software products to analyze usage and issues in the product.  From day One, this is an essential component that needs to be built into the product through instrumentation APIs.  It is not enough to use an external provider like Google analytics to get usage of your site.

Every product has its own unique metrics beyond generic metrics page views or app downloads. For MobileArq, it could be how many students in the school participated in the lunch program or how many schools are taking advantage of our advertising platform and how much funds have they raised using advertising partners.

The key is to design the metrics you need for your product from day one to analyze all aspects of operations, usage, popular features and user experience. For example, if you have product support that allows text messages and email, with metrics on usage of each method, the usage of each will inform you on which mode of communication users prefer to get customer support. This will also inform your operations on where they need to focus their support personnel and where future enhancements need to be made.

There are off the shelf reporting and analytics you can use for smaller operations as long as you are able to integrate it into your platform. As a must-have, you should at the minimum install Google Analytics for your marketing website.