In the software industry, entrepreneurs have to go through 4 phases of innovation to build a product:

Idea: What change are they trying to make?

Design: How will their users interface with their product and services?

App: Build the core software using LLMs, and other building blocks

Product: Build the distribution engine to distribute their App to rest of the world

For the last mile to go from (Agentic) App to Product, organizations have to build multiple distribution engines. The Control Plane is nothing but an Operating system for those distribution models.

Now in Part 3, we turn to the solution: What if you didn’t have to abandon your existing stack, but could augment it with a purpose-built control plane, one that handled tenant lifecycle, deployment orchestration, and multi-cloud complexity out of the box?

Imagine a data analytics SaaS startup, “DataCo”, that wants to build Redis SaaS as an example. They use Argo CD to deploy their analytics application (a set of microservices + some Spark jobs) onto the EKS cluster.

Modern platform engineering teams often assemble “DIY” control planes for their Products using open-source building blocks: Kubernetes for the runtime, Terraform for infrastructure provisioning, and Argo CD for continuous deployment. This stack promises cloud-agnostic flexibility and full control. But as many CTOs and platform VPs have learned, stitching these tools together into a robust control plane is hard.

“Security startups don’t have time or resources to reinvent cloud infrastructure. Omnistrate allowed us to run a scalable SaaS in weeks—not years—without experienced DevOps personnel on staff, so we could focus on what matters: securing our customers.” — Vinay Mamidi, CEO and Founder at Whiteswan Security"

In our previous post on BYOA/BYOC, we discussed different approaches to SaaS distribution and specifically discussed BYOA/BYOC model in detail.

However, many of our BYOA/BYOC customers have the need to distribute their software on-premises, who are looking to retain full control and get assistance on an as-needed basis. Introducing OnPrem CoPilot, a way for your support team to automate their OnPrem operations.

Like BYOA/BYOC, you deploy your application in the customers' account. Unlike BYOA though, your customers will retain the full control and whenever they need help — whether it’s for initial installation, software upgrades, security patches, infrastructure updates, troubleshooting support, etc.— they can connect securely and get help for specific operation(s). Once done, they can continue to have full control and continue to operate independently.

Applications are only as good as the data that powers them, and companies are putting more and more restrictions on where their proprietary data is accessible from. In 2025 we see these issues accelerating even faster, as companies will find even more reasons to not allow their proprietary data outside of their realm of control.

This means that new applications must be designed with data access in mind, and all new applications must have the ability to be deployed next to their customer’s data, in both physical location (data center) as well as realm of security control (cloud account ownership).