SaaS Security Essentials for Legal

Topics: Contract Management, SpringCM Product

There was a time when almost all computer software was delivered to customers or licensees on disks or some other type of portable media, and then installed on individual computers at the customer’s location.

Under this traditional software licensing model, software licenses and usage rights were generally measured and limited by readily identifiable physical parameters (for example, a specified number of sites, servers, workstations, or “seats” ), generally making it relatively easy for the customer (or for the software licensor) to monitor or verify compliance with the license and rights that the customer had purchased to the

Software without Physical Barriers

In this increasingly interconnected world, software products are now ever-more-frequently being made available in a software-as-a-service (SaaS) model over the Internet, removing physical barriers and making the software potentially available to anyone, anywhere in the world. And through application programming interfaces (APIs), software can be accessed directly by other programs, rather than only by human beings. These changes not only increase the accessibility of software, they also greatly expand the potential use cases for software.

For example, rather than a particular software solution only being used by a company’s employees performing a particular function, within a particular department, or at a particular location of the company, the solution (or specific functionality within it) now can potentially be accessed and used, and content provided, submitted, or reviewed, by other individuals in other roles, at other locations, or belonging to other organizations, or even by other systems.

Functionality within a software solution can be made available not only to a company’s employees but also to the company’s suppliers and customers, as well as, in certain cases, the company’s other systems or even third-party systems, making it possible to more easily implement an enterprise-wide business process in a consistent manner.

The Risks Associated with Today’s SaaS Model

Unfortunately, removing some of the physical barriers and limitations regarding software usage can also make it more challenging to measure and verify software usage. And while surprises can be a source of great pleasure and excitement in certain aspects of life, surprise generally isn’t a good thing in business, especially when adverse financial consequences may result.

Customers therefore need to make sure to obtain all of the rights that they need to use SaaS applications in the ways that they intend to use them and actually are using them. Don’t wait for a software audit by the vendor to learn you don’t have the rights you need.

Many SaaS platforms offer different applications and different types of users, each with their own pricing . Fees may also depend upon other parameters, such as the amount of storage the customer is permitted to use, or the usage of an API to access a SaaS application.

>Without the Rights, No One Benefits 

Generally speaking, neither the customer nor the SaaS provider benefits from the customer not obtaining the rights it needs (or obtaining rights that don’t fit its needs). SaaS providers may also be able to work with a customer, to find creative (and sometimes more economical) ways to fulfill the customer’s needs and implement the customer’s desired use cases in a more efficient or complete way.

So, in order to avoid unwanted and unpleasant surprises, be sure to discuss your needs with your SaaS providers, and make sure you obtain the rights you need to use SaaS solutions in the ways your business requires.

Milton L. Petersen is an attorney whose practice focuses exclusively on information technology-related transactions and issues.  He is a partner in the Information Technology and Outsourcing Practice Group at HunterMaclean and can be reached at 912-238-2629 or


Image source: geralt via Pixabay


Subscribe to Our Blog