Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It's easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Software as a Service

Access providers’ applications over the internet using Software as a Service (SaaS).

Definition — SaaS

SaaS allows government organisations to access providers’ services through either a:

thin-client interface — such as a web browser
program interface.

A thin-client interface is a light-weight application that performs minimal processing. It relies on a server component to process information.

People can use different types of devices to run the interfaces needed to access providers’ services.

Software as a Service (SaaS) — National Institute of Standards and Technology

Marketplace contracts available for SaaS

SaaS providers on Marketplace offer contracts in areas such as:

data analytics
shared working
digital publishing
project management
online marketing.

Public cloud services channel for Software as a Service (SaaS) — Marketplace

Shared responsibility for security in SaaS

In SaaS, government organisations and service providers share responsibility for security. Each is responsible for managing different areas of SaaS.

Government organisations

Government organisations have very limited control over security controls in SaaS. Generally, government organisations:

are responsible for managing their user accounts to make sure each is only assigned the permissions required for the user to get their work done
can make limited configuration changes to the application.

Service providers

Service providers are responsible for the implementation, management and maintenance of the security controls for the:

data centre
hardware
virtualisation hypervisor
platform — that is, the guest operating system
application services
data — including the applications they deploy in the SaaS.

A hypervisor is a specialised operating system that allows server hardware to run multiple guest operating systems at the same time.

Ownership of the information’s risk

Government organisations always own the risk of their information in a public cloud service, even though the management of certain security responsibilities are shared.

How to manage security ownership

Find out how government organisations handle their security ownership — making sure that risks are within their risk tolerance.

Security ownership in all service models

More information

New Zealand’s National Cyber Security Centre (NCSC) lists and explains how each service model operates and the differing levels of responsibility for managing security.

Cloud computing: shared responsibility security models — NCSC

JavaScript is currently turned off in your browser — this means you cannot submit the feedback form. It's easy to turn on JavaScript — Learn how to turn on JavaScript in your web browser.

If you're unable to turn on JavaScript — email your feedback to govt.nz@dia.govt.nz .

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Last updated 10 October 2022