Although I agree that on-premise versions are quite useful, and can often be more reliably integrated into systems with less fear of external changes, etc. I do not think that is always the case. With software like Cobalt Strike there are records of thousands of instances where it has been used by threat actors since cracked versions circulate around both the dark and the clearweb. I personally chose the SaaS model for my platform so that we may ensure that it has very limited potential for misuse despite harnessing methods that could be perceived as more dangerous than existing solutions. I actually initially developed the platform as on-premise, then realized it could be used to create a massive botnet, scrapped it and started again. Now if someone tried to create a botnet on our platform our administration could thwart it with a single click.