CCSK

Expand all | Collapse all

Difference clarification between IaaS, PaaS, SaaS and is one more secure than the others?

Jump to Best Answer
  • 1.  Difference clarification between IaaS, PaaS, SaaS and is one more secure than the others?

    Posted Oct 23, 2020 11:14:00 AM

    Hello all!

    I am new to cloud security and have been going through the CCSK training to grow my knowledge. I ran into some problems in my understanding whilst going through Module 1, Unit 4, about the differences between IaaS, PaaS, and SaaS. More specifically, I would love some real world examples of where one sees these different cloud service models so that I could better understand their differences. 

    Also, in general is one of these more secure than the others?

    Below is the screenshot of the slide. I appreciate the help :)


    Thanks :)



    ------------------------------
    Jenna Morrison
    Training Intern
    CSA
    ------------------------------


  • 2.  RE: Difference clarification between IaaS, PaaS, SaaS and is one more secure than the others?
    Best Answer

    Posted Oct 23, 2020 04:15:00 PM
    Here is how I have explained it, with pictures.

    Slide 1: Cloud Reference Architecture

    Software as a Service (SaaS) describes full business applications for users, such as Office 365, Salesforce.com or ServiceNow. Infrastructure as a Service (IaaS) describes compute and storage services, which IT professionals and software developers turn into useful solutions. Amazon AWS and Google Cloud are a couple of examples. Platform as a Service (PaaS) provides a solution stack to enable rapid application development. Heroku would be an example, but actually IaaS providers like AWS, Google and Azure also have integrated PaaS capabilities as well. In the earliest days of cloud computing, nearly all providers were completely self sufficient. The forerunner to SaaS, the Application Service Providers (ASPs) owned and operated the entire technology stack. CSA recognized that this would change, and using the NIST cloud definition, developed a layered model for describing SaaS, PaaS and IaaS. We recognized that certain companies would be more efficient at delivering capital-intensive infrastructure and basic economics would dictate that IaaS would have a limited number of successful companies. SaaS companies would naturally migrate to IaaS providers and decommission their own infrastructure to enable the delivery of their applications on a more cost effective and agile basis. The CSA Cloud Reference Model articulates 10 layers that depict SaaS as inclusive of PaaS and IaaS. By freeing developers and businesses from managing the entire technology stack, innovation has greatly accelerated and compute orchestration and updates are highly dynamic.

    Slide 2: Understand the Cloud Security Focus

    Since the CSA Cloud Reference Model was developed in 2009, the cloud industry has rapidly grown to resemble this framework, with most SaaS applications existing as a layer on top of someone else's infrastructure. By understanding the layered model, one can reach the conclusion that IaaS provides the greatest flexibility and leaves the bulk of the security decisions to the discretion of the cloud tenant, while at the other extreme SaaS provides the least flexibility and leaves the bulk of the security decisions to the cloud provider. Because not all cloud applications will neatly fit into the SaaS/PaaS/IaaS definition, the CSA Cloud Reference model helps one to understand that a Shared Responsibility always exists between tenant and provider, and can be thought of in degrees according to the specific application. It is also useful to think of the CSA Cloud Reference model as an inverted pyramid. There are a small number of large IaaS providers, a somewhat larger number of PaaS tools and a massive number of SaaS applications – whether commercial or private, enterprise-built, which reside within these IaaS providers. For an enterprise cloud tenant, they are typically responsible for vetting the security of a large number of SaaS providers and providing extensive security implementation and hardening for a small number of IaaS providers.




     


    ------------------------------
    Jim Reavis CCSK
    Cloud Security Alliance
    Bellingham WA
    ------------------------------



  • 3.  RE: Difference clarification between IaaS, PaaS, SaaS and is one more secure than the others?

    Posted Oct 26, 2020 10:44:00 AM
    Thank you for this detailed explanation! I appreciate it :)

    ------------------------------
    Jenna Morrison
    Intern
    Cloud Security Alliance
    ------------------------------



  • 4.  RE: Difference clarification between IaaS, PaaS, SaaS and is one more secure than the others?

    Posted Oct 27, 2020 02:25:00 AM
    Hi,

    I would suggest going to the learning portal at Microsoft and spending a few hours on the Azure Fundamentals track. It will be helpful for your basis for understanding the Cloud in general to support your journey.

    Sincerely,

    Geoffrey Taylor