SaaS vs Self-hosted – How to Choose the Right Deployment Option

This post is more than a year old. The contents and recommendations in this blog could be outdated.

At ZITADEL every customer is granted their own virtual instance with unlimited identities, that allows them to fully configure their instance policies. This includes choosing a deployment option which is most suitable for the unique needs, security requirements, budget, and resources of each individual organization.

In this article, we will discuss our Software as a Service (SaaS) deployment option, alongside our self-hosted alternative to help you find the right solution for your project or business.

We are currently working on version 2 of ZITADEL, as described in our last Blog “A Serverless Future”. With this new version of our cloud service, customers will get their own virtual instance of ZITADEL. In the meantime we are more than welcome to provide you with a dedicated installation manually. Get in touch with us.

Software as Service (SaaS) – For the need for convenience

Our public cloud option is ideal for any user who is intrigued by the idea of a hosted deployment model that is ready-to-use the moment you obtain it: Unlike the self-hosted alternative, SaaS is pre-configured and automated, thus sparing you the time and money spent on implementing, managing, and maintaining your platform. Accordingly, a virtual instance will automatically upgrade with new product improvements, and security fixes without your intervention.

You also do not have to worry about expanding your infrastructure when your service gains new customers or sees usage spikes. Thanks to the SaaS model of ZITADEL both scaling and resource allocation are being handled by us. Another notable benefit lies in the possibility of global or regional deployment: An infrastructure built to manage traffic from a global audience or constrain data to only a certain location, depending on your needs. Both scenarios are possible through our SaaS service, while we optimize and guarantee low latencies and high availability.

With the cloud service you benefit from the operational security aspects, such as DDoS and DNS protection. ZITADEL itself is an open source platform and the same open source releases are deployed to our cloud service. With that you are able to analyze and validate the code of our application. We even go beyond that and publish the results of our penetration tests done by external auditors, as soon as we have mitigated any issues.

Despite it excelling in terms of security and convenience, the pay-as-you-go subscription method of SaaS allows for a relatively low total cost of ownership.

There are certain weaknesses relying on a SaaS deployment, which are easily outweighed by the convenience of a pay-as-you-go subscription for most customers. While most customers are satisfied with our infrastructure in terms of cloud provider and data location options, some want to choose their own infrastructure providers or data location. In this case self-hosting is a good option or a dedicated instance of ZITADEL, which is operated by us with respect to the custom terms and conditions of the client. Both options are also viable in case a customer requires more flexibility of upgrade cycles or backup frequencies.

A newly arose weak point in today's software is supply chain risk, where our OpenSaaS model provides extraordinary transparency of code, dependencies, and processes, yet a customer still relies on the quality of our technical and organizational measures to manage information security. We are continuously improving our information security and working towards a ISO27001 certification by the end of this year. In case you want to have more control over the technical and organizational measures, you should choose to self-host ZITADEL and get technical support through us.

Lastly, a further weak point in the SaaS deployment method lies in its limited customization options. While companies mostly offer a wide variety of templates to choose from, their number can't compete with the infinite customization possibilities that come with building your own platform. We do not recommend building your own identity management system, rather we promote the platform approach of ZITADEL, where customers can easily extend functionality of the platform by loosely coupling new components. This is supported by ZITADEL's API-first approach, SDK's in various languages, and programmatic extensibility through ZITADEL Actions.

The summed-up benefits of SaaS include:

  • Receive a pre-configured and implemented platform – no need to bother with updates, backups, maintenance, and troubleshooting
  • Operational security provided
  • Availability guarantees and automatic scaling
  • “Pay as you go” model with low total cost of ownership (TCO)
  • Global and region specific deployment options
  • Technical support - we are here to help

Self-hosted – For the need for full control

As the name suggests, unlike the SaaS solutions which are operated by a third-party provider, self-hosted deployment is hosted by you on your infrastructure. In the case of ZITADEL, companies or individuals can deploy our software on their preferred cloud provider or install it as an on-premise solution; Both of these options allow them to take full control over all aspects of their software, instead of having to rely on our infrastructure and our technical and organizational processes. ZITADEL is based on cloud-native principles and is designed to be deployed as containers, which makes it straightforward to run and operate on almost any platform.

Self-hosting is an excellent choice if you have the resources to set up and host your own instances of ZITADEL on custom infrastructure with your company's needs in mind. If implemented correctly, the features of a self-hosted platform even have the potential to surpass the security possibilities of SaaS, making it an ideal alternative for firms working with sensitive data. However, since the responsibility of adequately hosting the platform lies solely in the hands of the company, a lot more effort and risk-taking is required for the implementation and operation of the platform. To lift some of this weight off your shoulders, ZITADEL offers self-hosters commercial technical support with an SLA.

Since the setup cost and maintenance are the most obvious downsides of self-hosting, we recommend choosing this solution if your company already possesses internal resources to handle the hosting and is ready to pay the investment and upkeep. Should your firm struggle with some technical aspects of self-hosting, our community or our team, respectively, is happy to aid regarding any of these issues.

With this said, we strongly discourage self-hosting your identity platform without in-depth IT-knowledge; since the security measures must be manually installed and maintained, mistakes in the implementation can potentially lead to inadequate protection from intruders.

The summed-up benefits of self-hosting include:

  • Manage your platform with full control in your own cloud or hardware
  • Be in control of your technical and organizational measures
  • Fully customizable platform
  • Self-hosters can get commercial technical support with an SLA
  • Highest possible security, if implemented accordingly

Which option to choose?

In conclusion, while both deployment options have their respective advantages, the self-hosted alternative will most likely only benefit companies that aim to fulfill some very specific requirements. Should your organization lack an internal staff with in-depth IT knowledge, the serious dangers of faulty implementation are most likely not worth risking. Accordingly, the advantages of SaaS outweigh those of self-hosted options for most organizations and are therefore generally the recommended path to take. Should you be on the fence regarding your choice, we created this chart as a guide:

The Takeaway

Whether SaaS or self-hosting is the better choice for your organization, ZITADEL ensures the best possible deployment experience with its flexible pricing options, generous range of features, guaranteed high security and unlimited identities for all options.

Should you have questions regarding SaaS, self-hosting or any other related (or unrelated) topics, feel free to contact us anytime on our ZITADEL Discord Server. Alternatively, you can reach us on our Twitter, Linkedin or Github pages or on our Website.

If you like the project, don't forget to give us a star over on GitHub. Thanks for the support.

Liked it? Share it!