5. Cloud versus on-premises deployment Although the definition of software-as-a-service suggests a cloud-based service model, some SaaS providers offer the option of deploying their software on-premises as well. Different issues surface and different amounts of leverage are needed to address them depending on whether a service is hosted on cloud or on-premises. CLOUD Software deployed on-premises Software deployed on the cloud ON-PREMISES• SaaS services deployed on-premises • SaaS services deployed on the cloud offer less visibility into customer use. rather than on-premises are likely more • In on-premises deployments, the easily integrated with other services, customer is responsible for the manage- increasing the likelihood of risk. ment of the software, giving SaaS • While cloud solutions generally employ providers less leverage to address sophisticated encryption and data potential human rights impacts. protection measures, they also increase • On-premises deployment models typi- the number of actors with access to cally lack the data security capabilities sensitive data. Data localization require- that are available in the cloud, making ments around the world may put cloud- data breaches more likely and less fore- based SaaS providers into conflict with seeable. governments, especially in the case of privacy-violating information requests by authoritarian regimes. • Cloud deployment models offer greater visibility into customer use; therefore, risks related to end-use are arguably more foreseeable in cloud deploy- ments. This indicates that when soft- ware is deployed on the cloud, the provider is more closely connected to potential human rights impacts. • In cloud deployments, SaaS providers are responsible for the management of the software, giving them greater leverage to address potential human rights impacts. 48 Human Rights Assessment of the Software-as-a-Service Sector