Differences Among InfoSec Cloud Delivery Models (IaaS, SaaS, and PaaS) – and How to Choose
When it comes to cloud models, there are a lot to choose from: SaaS, PaaS, and IaaS. What's the difference? How do you choose? Discover the benefits and features of all three in this breakdown.
In the days before cloud computing, businesses would hire an IT expert or a team of IT professionals to take care of their IT resources: hardware, software, and network. The IT staff would be tasked not only with maintaining the current systems but also forecasting the organization's IT needs for the next five to ten years. However, forecasting can lead to a lot of room for errors due to increased demand, additional users, and business growth. Before you know it, the business might need more storage and it may not be in the budget.
With cloud computing, businesses no longer have to worry about running out of server capacity or storage. You can easily scale without needing to worry about the capital costs associated with such an upgrade. In fact, most businesses would find that cloud computing is the more cost-effective way to increase server and storage resources, especially when compared to on-site resources. What's more, you can hire less IT staff with cloud computing. Most cloud providers have their own experts to help businesses run servers, use software, and perform other support functions. Organizations would just need to outsource these extraneous activities to the cloud provider.
Today, just about everything may be accessed via cloud computing. Cloud providers deliver storage, computing resources, and software, and businesses are taking advantage of the many benefits offered by the cloud. These products and services are delivered “as a service.”
There are three major as a service models right now and there is some confusion on which one is best to deliver cloud services according to your needs. And the truth is, the answer may be different depending on what functionality you’re looking to deliver (or obtain) via the cloud. So how do you choose, particularly when it comes to information security? First, let’s take a look at the three primary cloud delivery models to understand the underlying framework and potential uses for each.
(Screenshot via Webspecia)
Infrastructure as a Service (IaaS)
Infrastructure as a Service pertains to the lowest level of the technology stack, delivering hardware or infrastructure over the cloud. You get pre-configured hardware either physically or virtually. The IaaS vendor gives businesses access to networking, server, and storage resources, while the organization is responsible for the applications and platforms.
(Screenshot via service-architecture.com)
Think about a pizza. Decades ago, if you wanted to eat pizza, you would need to grow the grains needed for the flour to make the crust. Today, you can buy flour from the supermarket. You no longer have to worry about growing the grains you need for the flour you use to make your crust; you just pay for what you need at the quantity and quality of flour you want.
With Infrastructure as a Service, you get the server or computer you need. It could be a physical unit, a server box that you can lease, or it could be a virtualized machine. You would still need to add your own middleware, operating system, and data.
Some of the best-known IaaS providers include Joyent, Amazon Web Services (AWS), Microsoft Azure, and Google Compute Engine. These providers can help you get the additional storage you need when you need it. It can also give you compute resources that you might not be able to obtain on your own or are too expensive for you to access.
Example Use Cases for IaaS
- IaaS is very beneficial for companies who have temporary workloads, such as the expected spikes in visits to your e-commerce Web sites or seasonal spikes in the number of visitors to your website during the Christmas season. This way, businesses do not have to spend too much money on infrastructure. The result? Enterprises would not be losing customers by not being able to handle the additional demand, thanks to infrastructure that can scale up or down with demand.
- Businesses that require a lot of compute resources, reliability, and storage. Instead of having to spend a lot of money on capital expenditures buying everything, you can save money when you get an IaaS provider.
Key Benefits and Features of IaaS
1. You pay based on your demand, instead of buying hardware outright. This means that you also save from hardware maintenance costs.
2. You can get the storage and processing resources you need.
3. Your data lives on the cloud.
4. You can virtualize tasks related to administration, giving you more time to focus on more important things.
Platform as a service (PaaS)
Platform as a Service allows you to get a framework, which you can then use to build something on. You use these cloud-delivered platforms to make developing, initializing, and managing applications easier and faster.
(Screenshot via Dzone)
Going back to the pizza crust example, you can view PaaS as buying the crust from the supermarket. With IaaS, you do not have to worry about the quality of flour you use to make the crust, but you still would need to make the crust yourself. With PaaS, you simply choose if you want a thick crust or a thin crust. You can then use this ready-made pizza crust to create and cook your own pizza.
PaaS usually includes the operating system and a suite of tools and applications that can be used for the development. Businesses would no longer need to invest in or maintain an infrastructure that they can use to create their own applications. With PaaS, you no longer have to worry about the tools you need to create and then deploy applications that run on the cloud.
As such, you have a faster time to market, drastically reducing the time you need to get the software or application to production. You can start small and then scale up or down depending on the demand, and your costs are lower. If you are developing many applications, PaaS is able to help you manage these easier with load balancing, tenant management, application management, and security – now being managed by the vendor. Another perk is that PaaS uses best practices for managing applications.
Example Use Cases for PaaS
The most prevalent use case for PaaS is when you have a mobile app, web application, or API that you want to get to the market fast. PaaS will be able to give you the programming language and development environment you want so that you can hit the ground running and start coding as soon as possible.
PaaS is also great for companies that have legacy applications that they are now finding costly to maintain. There are organizations that allow their employees to see the codes of their projects, so that they can better understand the apps, and to encourage innovation. PaaS can give everyone in your company the same tools that will allow them to see the codes. PaaS also facilitates reuse of your codes or pieces of code.
Key Benefits and Features of PaaS
1. You get a platform that allows you to develop, create, test, and even host applications and software. This comes with all the tools you need to make every step a whole lot easier and faster.
2. You focus on developing and coding your application, instead of worrying about the underlying platform.
3. You do not have to worry about the operating system, server, backups, and security.
4. You can easily collaborate with others, even when you have development teams and programmers who do not work in the same location.
Software as a service (SaaS)
Software as a Service is a cloud delivery model that gives you the opportunity to use a complete and fully functional software, which you can use immediately or on demand. These software products and services are made accessible to you over the web. Some SaaS company services and products are accessible via any web browser. It is also charged based on how much you have consumed, or even by way of a monthly subscription or flat fee.
(Screenshot via Mazik Global)
SaaS is probably what most people see, access, and use. In fact, some of the examples of SaaS are used by millions of people. For instance, you have Gmail and Yahoo Mail where you can enjoy being able to receive and send e-mail without having to worry about mail servers, SMTP settings, and storage. You just log on to the service on your computer using a browser, and then start reading, writing, and sending e-mails. In the same manner, Salesforce gives enterprises a fully functional customer relationship management software that they can use without having to worry about setting it up or managing it.
Other popular SaaS providers include Zoho, Microsoft Office 365, Box, Google G Suite, Slack, Zendesk, Dropbox, and Confluence. As one can surmise, these providers offer a variety of SaaS products and services relating to different business areas. Some of these offer their services for free (or free trials for a number of days or a certain amount of data), while others have paid options.
Again, going back to the pizza example, you can go to any place that sells pizza and just order a pizza there. You do not have to worry about growing grains for the flour used for the crust, you don't even have to worry about the brand of the crust or adding anything to create your pizza. You just order the pizza you want, wait for it to be cooked, and enjoy eating it. Software as a service is very much like ordering pizza, you get the pizza – crust and all – and all you have to do is consume it. With SaaS, the software is already coded, built, and deployed on a platform. You only pay for the software as you use it.
Example Use Cases for SaaS
SaaS solutions are ideal for organizations that want a fully functional software or application that they can use without having to worry about anything. All miscellaneous tasks are taken care of with SaaS programs. Anything from file storage, file sharing, e-mail, content management, accounting, security, and even disaster recovery has its SaaS counterpart, allowing enterprises to get the tools they need while also being able to fully focus on what needs to be done to make their businesses prosper.
Key Benefits and Features of SaaS
1. You get applications and software using a subscription model.
2. You do not have to install, manage, or upgrade the software (the SaaS vendor will take care of it).
3. Your data is secure. Even if your computer breaks down, you will not lose any of your data (your data are not stored onsite).
4. You can get the computing, processing, and storage resources you need and any demand is accommodated.
5. You can access your applications from anywhere in the world with an Internet connection and a browser.
The Bird’s-Eye View
Another way to look at these three delivery models is the level of involvement you want. In the old days, you’d get a packaged software or service and manage all of the following:
- Operating system
Not so with the cloud delivery models. With cloud computing, you will not be managing all of these components. For instance, with IaaS, you will only be managing applications, data, runtime, middleware, and operating system. On the other hand, with PaaS, you will only manage the applications and the data, while with SaaS, all of these are managed by the vendor. The table below illustrates the various components handled by the customer and those handled by the vendor for each cloud delivery model:
One could also look at it in another way: what you get and what you control.
- With SaaS, businesses are able to get an application. They, however, do not have control of the hardware, operating system, and even the network infrastructure that hosts the application.
- With PaaS, businesses get a hosting environment that they can use for their API. They control the applications and the data being run on these environments, but they would have no say in the operating system, network infrastructure, or hardware that the environment is on.
- With IaaS, businesses get the basic computing resources they need. This could be anything: networking components, middleware, storage, and / or processing power. Businesses would still be able to control the storage, operating system, networking components (load balancers and firewalls), and applications.
* * *
SaaS, it would seem, is the most practical cloud delivery model there is. With software as a service, you no longer have to worry about anything other than using the software to suite your company needs. Everything else would be handled by the SaaS provider. However, because its offerings are one-size-fits-all, some business requirements may not be met by an existing SaaS solution. That’s becoming increasingly rare as SaaS providers are offering greater flexibility and customization options.
If you were in need of a custom application, you might consider either PaaS or IaaS offerings. IaaS can simplify your app’s development and deployment. It also gives your developers more freedom. PaaS, however, frees you from administrative tasks and cuts the time needed to bring your applications to the market. Another consideration is regulatory rules – all for your industry, federal, and local regulations.
When it comes to information security, a SaaS delivery model eliminates the need to acquire, build, and maintain the infrastructure necessary to adequately protect your company’s sensitive data, meaning your team can devote more resources to identifying and mitigating threats. And in today’s sophisticated threat landscape, companies are faced with devoting more resources to data protection than ever before. SaaS InfoSec delivery models are putting that goal within reach for modern organizations.
Additional Resources on InfoSec Cloud Delivery Models
For more information on the various cloud delivery models and the benefits and potential use cases for each, visit the following resources:
- Top 5 use cases for Infrastructure as a Service (IaaS)
- IaaS, PaaS, SaaS and Cloud Deployment Models – Example Use Cases
- Cloud 101: How to Choose the Right Cloud Infrastructure for Your Company
- SaaS, PaaS, and IaaS: Understand the differences
- IaaS vs. PaaS vs. SaaS: Here's What You Need to Know About Each
- PaaS Examples: Options to Consider
- What is SaaS, PaaS and IaaS? With examples
- Choosing the Right Cloud Service: IaaS, PaaS, or SaaS
- Types of Cloud Computing
- What are Cloud Computing Services [IaaS, CaaS, PaaS, FaaS, SaaS]
- IaaS vs PaaS vs SaaS: Which Should You Choose?
- Delivering Security From The Cloud: Turning a Risk into a Weapon
- Why cloud-delivered security provides the best protection for business