Hosted (SaaS) versus on-premises deployment
When you consider deploying Contrast Security solutions, you have two primary options: a hosted solution (cloud installation) or an on-premises instance. Each approach has its benefits and drawbacks, influenced by cost, control, customization, security, and scalability.
Benefits and drawbacks of hosted solutions
Benefits
Immediate access to updates and advanced new features: Updates are readily available without delay, promoting the latest security posture. New features are always supported for hosted solutions.
Reduced IT overhead: Contrast manages infrastructure and maintenance and thus, streamlines operations. Also, freedom from system-wide management tasks.
Scalability: Easier to scale resources as your needs increase.
Cost: Pricing for SaaS deployments are subscription-based, allowing flexibility and scalability
Drawbacks
Data management: Data is stored on Contrast servers, instead of locally.
However, Contrast complies with these data protection policies:
General Data Protection Regulation (GDPR)
General Data Protection Regulation-UK (UK-GDPR)
California Consumer Privacy Act (CCPA)
Protection of Personal Information (APPI)
System and Organizational Control Type II Audit (SOC II)
Benefits and drawbacks of on-premises solutions
Benefits:
Complete control: More control over system-wide settings.
Data privacy: Data is stored locally - For deployments that require specific security compliance, sensitive data never leave your company.
Drawbacks
Resource intensive: Requires significant investment in IT, networking, and infrastructure along with coordination, planning and maintenance.
Delayed updates: Updates for product enhancements are often delayed after Contrast releases while for hosted solutions receive them immediately.
No support for new features: Advanced new features are often not supported for on-premises solutions. For example, Contrast Scan, static SCA. GitHub App for SCA , and Contrast Serverless are not supported for on-premises instances.
Contrast feature comparison
Feature | Hosted | On-premises |
|---|---|---|
Installation and updates | Contrast installs, configures, and updates the software. | Hosted customers are responsible for installing, configuring, and updating the software. |
Management at a system level | Contrast takes care of all system management tasks. With the correct permissions, a user can control a variety of configuration settings and access control entities | A SuperAdmin is responsible for all settings and configuration at a system-wide level. |
Single Sign On (SSO) | Contrast Support configures authentication; however, you may be granted permissions to set up SSO for your organization. | System Administrators can configure SSO at a system-wide level. |
TLS connections and certificates | For Contrast agents, Contrast uses strong TLSv1.2 connections and certificates signed by industry standard certificate authorities (CAs). | On-premises customers may need to configure Contrast agents to use enterprise CAs. They may want the agents to send client certificates in the TLS handshake. |
Licenses | Hosted customers can allocate Assess and Protect licenses for their organization. | SuperAdmin or ServerAdmin role can allocate Assess and Protect licenses to a particular organization. |
Impersonation | Contrast support manages impersonation when needed for troubleshooting. | SuperAdmins manage impersonation when needed for troubleshooting. |
Code scanning (SAST) | Hosted customers can use the Contrast scan engines from the Contrast web interface or a local scan engine. The local scan engine does not require uploading your source files to Contrast. | Not available |
Static scanning of libraries | Hosted customers can automatically scan, in close to real-time, relevant static code and configuration assessments to discover new vulnerabilities. | Not available |
Organization management | Users with administrator permissions can manage their organization. | SuperAdmins and System Administrators can manage all organizations at a system-wide level. |
Runtime security testing (IAST) | Available | Available |
Serverless | Hosted customers can use Contrast Serverless for dynamic scanning, static scanning, graph visualization, and resource observability for AWS functions. | Not available |
Software bill of materials (SBOM) | Contrast Support enables this feature for the organization. Users can generate an SBOM from the Applications tab. | A SuperAdmin can enable users to generate an SBOM from the Applications tab. |
Software composition analysis (SCA) | Contrast Support enables this feature for the organization. | A SuperAdmin can enable SCA. |
Attack protection (RASP) | Contrast Security grants permissions that let users access Protect data. | SuperAdmins can grant permissions that let all or some user roles in one or more organizations access Protect data. |
Enhanced role-based access control (RBAC') | Available on request. If not enabled, hosted customers use the legacy access control. | Not available. On-premises customers use the legacy access control. On-premises customers can add multiple users at one time. |
Diagnostics | Contrast Support enables this option of diagnostic information is needed for troubleshooting. | A SuperAdmin, ServerAdmin or System Administrator can enable this option at a system-wide level. |
Users with administrator permissions can set default settings for Contrast notifications at an organization level. Individual users can adjust their own settings. | System Administrators can enable, disable, and configure Contrast to communicate with an appropriate SMTP system to receive these notifications. |