| SaaS solutions (Software as a Service) are business applications delivered over the internet on a subscription basis, rather than installed and maintained on local servers. Common examples include Microsoft 365, Xero, Salesforce, HubSpot, and Slack. SaaS has become the default model for new business software because it removes maintenance overhead, scales easily, and updates continuously. |
Almost every NZ business now runs on SaaS solutions, often without realising how many subscriptions are quietly accumulating month by month. The shift has been remarkable: the typical NZ SME today uses between 20 and 80 different SaaS apps across the business. Most started with a single Microsoft or Google account and the rest grew over time as different teams found tools that solved their problems.
That growth is both the opportunity and the problem. The opportunity is that the right set of SaaS solutions lets a small business operate with capabilities that used to require enterprise-scale IT spending. The problem is that without active management, SaaS solutions spend grows faster than value, security gaps emerge in places nobody is watching, and the business ends up paying for tools half the team forgot existed.
This blog covers what SaaS solutions actually are, the real benefits and trade-offs, how to pick the right apps, how to manage them once they are in place, the security considerations that matter, and the common mistakes to avoid. It is written for owners and managers making the strategic decisions, not for IT teams running the implementation.
What Are SaaS Solutions and How Do They Work?
SaaS solutions are business applications delivered over the internet on a subscription basis. You sign in through a browser or an app, the software runs in the vendor’s cloud, and you pay a monthly or annual fee per user. The vendor handles all hosting, updates, backups of the application itself, and ongoing maintenance. The business gets working software without owning any infrastructure.
The model has reshaped business software because it removes most of the work that used to come with running applications. You no longer install, patch, upgrade, or capacity-plan the way you did with on-premises software. You subscribe, configure, train staff, and get on with using it.
How does SaaS differ from traditional software?
Traditional software was bought as a one-off licence, installed on local servers or desktops, and maintained by the business or an IT partner. Upgrades were occasional, expensive events. SaaS reverses every part of that: ongoing subscription instead of one-off cost, vendor-hosted instead of locally installed, continuous updates instead of periodic upgrades, and per-user pricing instead of perpetual seat licences. The trade-off is that you depend on the vendor staying available and trustworthy.
What are common examples of SaaS solutions for NZ businesses?
Most NZ businesses already use several without thinking about it. Microsoft 365 and Google Workspace cover productivity. Xero and MYOB cover accounting. HubSpot, Salesforce, and Zoho cover sales and marketing. Slack and Teams cover communication. Shopify covers ecommerce. Industry-specific options exist for trades, healthcare, hospitality, professional services, and almost every other sector. The shift is now so complete that finding genuinely new business software still sold on the old model is unusual.
The Real Benefits and Trade-offs of SaaS
SaaS solutions deliver genuine benefits that have made them the default for new business software, but it is not free of trade-offs. Understanding both sides honestly leads to better purchasing decisions and avoids the worst forms of post-purchase regret.
The real benefits
Speed to value is the headline benefit. A new SaaS tool can be signed up for, configured, and used within hours, where on-premises software might have taken weeks. Costs are predictable and scale with usage rather than requiring upfront capital. Updates and security patches arrive continuously without effort on your part. The software you use today gets better tomorrow, automatically.
Smaller benefits add up: no servers to maintain, no licence keys to track, no end-of-life forced upgrades, and a much smaller IT operational burden overall.
The real trade-offs
Data lives in the vendor’s cloud, so confidentiality, sovereignty, and exit strategy all depend on that vendor. Integration between different SaaS solutions can be patchy, with each vendor offering different APIs at different maturity levels. Vendor lock-in is real because moving five years of data out of one CRM and into another is a significant project. And SaaS costs that look small per-user can quietly compound into surprising line items once 30 or 40 tools are in the mix.
How to Pick the Right SaaS Solutions
Choosing well comes down to four disciplines: starting from a specific business need, evaluating against consistent criteria, running a proof of concept before committing, and checking the vendor itself before signing the contract. Most bad SaaS solutions purchases skip at least one of these steps.
Start with the business problem, not the tool
The most common purchasing mistake is starting from a tool that looked interesting at a conference or in an email. Tools that arrive looking for a problem usually find one that does not match what the business actually needs. Reverse the order: identify a real, measurable problem first, then evaluate two or three tools that genuinely fit, then choose.
Evaluate against four consistent criteria
The four criteria worth applying every time are cost (true total over three years, not the headline per-user price), security (how the vendor handles data, access, and incidents), integration (how it fits with existing systems), and adoption (how easily the team will actually use it). Score every candidate on all four. The winner often is not the tool with the strongest sales process.
Run a proof of concept before committing
A free trial with a small group of real users on a real workflow tells you in two weeks what a year of sales meetings cannot. Run the proof of concept against the actual problem the business needs to solve, not against the vendor’s demo scenarios. Document what worked and what did not. The PoC is the cheapest insurance against a five-year commitment to the wrong tool.
Check the vendor before you sign
A SaaS solutions commitment is a relationship with a vendor that holds your data and runs part of your business operations. Check who owns the vendor, where the company is based, how long it has been operating, what its security certifications are, and whether NZ businesses can get sensible support hours. A great product from an unstable vendor is a risk that surfaces at the worst possible moment.
Managing SaaS Sprawl and Ongoing Cost
SaaS sprawl is what happens when nobody owns the full picture. Different teams sign up for different tools, free trials silently turn into paid subscriptions, departing staff keep their licences, and three apps quietly do the same job because nobody noticed the overlap. Managing this properly recovers significant spend and reduces operational risk at the same time.
Tracking what you actually have
The first step in managing SaaS solutions properly is knowing what you are paying for. Pull every credit card statement, finance line item, and Microsoft or Google admin centre for the past 12 months, and build a single list of every SaaS subscription the business is running. Most NZ businesses doing this for the first time find 20 to 50 percent more subscriptions than the leadership team expected.
Rationalising duplicate or overlapping tools
Once the list exists, look for tools doing the same job. Two CRMs in different teams, three project management tools, several shared inbox tools, and these duplications grow naturally and cost real money. Pick the strongest tool in each category, migrate the rest, and cancel the redundant subscriptions. This single exercise often saves more than the entire IT consulting fee that surfaced it.
Annual contract reviews
Most SaaS vendors auto-renew annually unless you cancel a fixed number of days in advance. Build a review cycle that catches every renewal at least 60 days before the date. Ask three questions for each: is the tool still being used, is the plan tier still right, and is the price still competitive? The answers reshape your renewal negotiations and prevent silent over-renewal of tools nobody opens.
SaaS Security and Access Management
Every new SaaS solutions subscription extends the attack surface of the business. Each new app is another set of credentials to manage, another vendor holding business data, and another potential entry point for an attacker. Three practices reduce SaaS solutions risk meaningfully: single sign-on across as many apps as possible, strong credential and account hygiene, and a clear view of what data lives where.
Single sign-on and identity management
Single sign-on (SSO) lets staff use one secure identity to access multiple apps, with MFA enforced once at the identity provider. This is dramatically more secure than 30 separate passwords and dramatically easier for staff to use. Most reputable SaaS solutions support SSO with Microsoft Entra or Google Workspace. Where they do not, the business should ask why and consider it a strike against the product.
Credentials that bypass SSO often end up exposed in third-party breaches and resurface on Dark Web Monitoring feeds. Watching for this kind of exposure across the full SaaS stack closes a gap that internal systems alone cannot see.
Credential and account hygiene
Where SSO is not available, basic hygiene matters disproportionately. Strong unique passwords stored in a business password manager, MFA enabled wherever the SaaS app supports it, and quarterly reviews of who has access to what catch the issues that automation cannot. Treat shared accounts as an active risk rather than a convenience.
Offboarding deserves special attention. Most Insider Threats incidents in SaaS solutions environments are not malicious; they are simply accounts that should have been disabled months ago and were not.
Knowing where the data sits
Different SaaS solutions host data in different regions, hold it under different contracts, and offer different export options. For NZ businesses with NZ Privacy Act obligations or sector-specific requirements, this matters. Document where each tool stores its data, who has access on the vendor side, and what export capability you have if you ever need to leave. Doing this annually is enough.
Common SaaS Mistakes and How to Avoid Them
A handful of patterns cause most of the pain in SaaS solutions portfolios. Recognising them early prevents the slow build-up of unused subscriptions, security gaps, and operational complexity that takes years to unwind.
Buying without governance
SaaS purchasing without any oversight produces shadow IT, which is tools the business uses but the leadership team has never seen. A simple governance step (any new SaaS subscription needs approval and goes onto the central register) prevents this without slowing down legitimate purchases.
Ignoring offboarding
When staff leave, their SaaS access often quietly persists for months. This is both a cost issue (you keep paying for the licence) and a security issue (a former employee or attacker who got their credentials still has access). Build SaaS offboarding into the standard staff departure checklist, not as a separate manual task.
Treating SaaS as set-and-forget
The vendor updates the software, so people assume the business does not need to do anything. That is partly true and partly dangerous. Configuration drift, role and permission creep, integration breakages, and pricing changes all need active attention. Quarterly health checks on each significant SaaS solutions tool catch issues before they become incidents.
When something does go wrong despite best efforts, having appropriate Cyber Insurance cover that explicitly includes SaaS-related incidents makes a meaningful difference to the recovery cost and timeline.
Get Your SaaS Stack Working for the Business
A well-managed SaaS stack is one of the highest-leverage advantages a small NZ business can have. A neglected one is a quiet drain on budget, attention, and security posture. Exodesk works with businesses across Christchurch, Dunedin, and the South Island to audit existing SaaS portfolios, design the right stack, embed governance and security, and run the ongoing review cycles that keep the spend producing real value. Our Cloud Solutions team covers everything from initial assessment through ongoing optimisation.
Contact us today to discuss how we can help your business or connect with us on LinkedIn to stay updated with more insights.
Frequently Asked Questions
What are SaaS solutions in simple terms?
SaaS solutions are business applications delivered over the internet on a subscription basis. You sign in through a browser or an app, the software runs in the vendor’s cloud, and you pay a monthly or annual fee per user. The vendor handles all hosting, updates, and maintenance. SaaS has become the default model for new business software in NZ.
What is the difference between SaaS and traditional software?
Traditional software was bought as a one-off licence and installed on local servers or desktops. SaaS reverses this with an ongoing subscription, vendor hosting, continuous updates, and per-user pricing. The trade-off is that data and operations depend on the vendor, where traditional software depended on your own infrastructure.
What are common examples of SaaS solutions used by businesses?
Common examples include Microsoft 365 and Google Workspace for productivity, Xero and MYOB for accounting, Salesforce and HubSpot for CRM, Slack and Teams for communication, and Shopify for ecommerce. Most NZ businesses use a mix of horizontal tools and industry-specific options. The shift is so widespread now that finding new business software still sold on the old model is unusual.
How much do SaaS solutions cost?
SaaS pricing varies enormously by tool and tier, and is set by the vendor with periodic changes. Per-user monthly subscriptions are the most common model. Meaningful current figures should come from the vendor’s own pricing page or your IT partner, not from older sources. The bigger cost question is usually the cumulative total across the whole portfolio rather than the price of any single tool.
Are SaaS solutions secure?
Reputable SaaS vendors are typically very secure, with stronger security than most NZ SMEs could build in-house. The risk shifts from infrastructure to configuration, access management, and vendor selection. Using SSO with MFA, enforcing good credential hygiene, choosing vendors with proper certifications, and reviewing access quarterly addresses the majority of SaaS security risk.
What is SaaS vendor lock-in?
SaaS vendor lock-in is the difficulty of switching from one vendor to another once you have years of data, integrations, and trained users on a specific platform. It is rarely impossible to switch, but the cost and disruption are real. Reducing lock-in starts with choosing vendors that offer clear data export options, supporting standards-based integration, and avoiding unnecessary platform-specific customisation.
What is SaaS sprawl and why does it matter?
SaaS sprawl is the uncontrolled growth of SaaS subscriptions across a business, often with different teams using different tools for the same job. It matters because it inflates cost, creates security gaps in places nobody is watching, complicates compliance, and produces operational friction when tools do not integrate. Active management with a central register and quarterly review prevents most sprawl problems.
Are SaaS solutions better than on-premises software?
For most NZ SMEs today, SaaS is the better default because it removes infrastructure overhead, scales flexibly, and updates continuously. On-premises still has a place where regulatory, latency, or specific application reasons demand it. The right answer depends on the specific workload rather than on the model itself.
Are SaaS solutions suitable for small NZ businesses?
Yes. SaaS is particularly well-suited to small NZ businesses because it removes the need to maintain servers, scales with growth, and gives access to enterprise-grade capabilities at small-business cost. The main risk is signing up for too many tools without governance, which is solved with light-touch oversight rather than by avoiding SaaS in the first place.
How do we start using SaaS solutions strategically?
Start with an audit of what SaaS the business already runs, then rationalise overlapping tools and document who owns each subscription. Build a simple governance process for new purchases, set up quarterly review cycles, and put SSO and MFA in place across the apps that support them. From there, future purchases follow consistent criteria rather than one-off decisions.
