Hosted and on-premises comparison
You can deploy Contrast as a hosted solution (cloud installation) or an on-premises instance.
Benefits and drawbacks of hosted solutions
Benefits
Access to all updates and enhancements.
Freedom from system-wide management tasks.
Contrast provides the infrastructure for the solution.
Easier to scale resources as your needs increase.
Drawbacks
Data is stored on Contrast servers, instead of locally.
However, Contrast is careful to ensure your data is kept secure.
Cost (is EOP more expensive than SaaS?).
Benefits and drawbacks of on-premises solutions
Benefits:
More control over system-wide settings.
Your data is stored locally - sensitive data never leaves your company.
Cost (is SaaS less expensive than EOP?).
Drawbacks
You must manage all aspects of your on-premises instance, including requires IT, networking, Infrastructure coordination, and planning.
Updates for product enhancements are often delayed after Contrast releases them for hosted solutions. In some cases, enhancements are not supported for the on-premises solution.
You must invest in the hardware and software resources required to use Contrast.
Contrast feature comparison
Feature | Hosted | On-premises |
|---|---|---|
Installation and updates | Contrast installs, configures, and updates the software. | Hosted customers are responsible for installing, configuring, and updating the software. |
Management at a system level | Contrast takes care of all system management tasks. With the correct permissions, a user can control a variety of configuration settings and access control entities | A SuperAdmin is responsible for all settings and configuration at a system-wide level. |
Single Sign On (SSO) | Contrast Support configures authentication; however, you may be granted permissions to set up SSO for your organization. | System Administrators can configure SSO at a system-wide level. |
TLS connections and certificates | For Contrast agents, Contrast uses strong TLSv1.2 connections and certificates signed by industry standard certificate authorities (CAs). | On-premises customers may need to configure Contrast agents to use enterprise CAs. They may want the agents to send client certificates in the TLS handshake. |
Licenses | Hosted customers can allocate Assess and Protect licenses for their organization. | SuperAdmin or ServerAdmin role can allocate Assess and Protect licenses to a particular organization. |
Impersonation | Contrast support manages impersonation when needed for troubleshooting. | Contrast support manages impersonation when needed for troubleshooting. |
Code scanning (SAST) | Hosted customers can use the Contrast scan engines from the Contrast web interface or a local scan engine. The local scan engine does not require uploading your source files to Contrast. | Not available |
Organization management | Users with administrator permissions can manage their organization. | SuperAdmins and System Administrators can manage all organizations at a system-wide level. |
Runtime security testing (IAST) | Available | Available |
Software bill of materials (SBOM) | Contrast Support enables this feature for the organization. Users can generate an SBOM from the Applications tab. | A SuperAdmin can enable SCA that enables users to generate an SBOM from the Applications tab. |
Software composition analysis (SCA) | Contrast Support enables this feature for the organization. | A SuperAdmin can enable SCA/ |
Attack protection (RASP) | Hosted customers can allocate Assess and Protect licenses for their organization. Contrast Security grants permissions that let users access Protect data. | SuperAdmins can grant permissions that let all or some user roles in one or more organizations access Protect data. |
Enhanced role-based access control (RBAC') | Available on request. If not enabled, hosted customers use the legacy access control. | Not available. On-premises customers use the legacy access control. On-premises customers can add multiple users at one time. |
Diagnostics | Contrast Support enables this option of diagnostic information is needed for troubleshooting. | A SuperAdmin, ServerAdmin or System Administrator can enable this option at a system-wide level. |
Users with administrator permissions can set default settings for Contrast notifications at an organization level. ndividual users can adjust their own settings. | System Administrators can enable, disable, and configure Contrast to communicate with an appropriate SMTP system to receive these notifications. |