SaaS, PaaS and IaaS: three cloud models; three very different risks

Summary:Software as a Service has password issues. Platform as a Service has encryption issues. Infrastructure as a Service has rogue user issues.

Many see cloud computing as one huge monolithic wave sweeping through the business world. However, there are many different types of clouds, and the risks -- and methodologies needed to address them -- varies as much as the cloud models themselves. Vordel's Mark O'Neill, writing in Computing Technology Review, dissects the differing security issues in Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (Iaas):

Software as a Service (SaaS): Issue #1 here is password management. Since SaaS delivers applications from the cloud, the main risk is likely to stem from multiple passwords accessing applications, O'Neill says. "An organization can solve these issues by opting for a single sign-on option between on-premise systems and cloud. By leveraging a single sign-on option, users are able to access both their own desktops and any cloud services via a single password.... This approach also reduces the incidences of dangling accounts – which are vulnerable to unauthorized usage – after users leave organizations."

Platform as a Service (PaaS): Issue #1 here is data encryption. PaaS can be inherently secure, but the risk is slow system performance. That's because data encryption is recommended before data is sent to PaaS cloud providers, O'Neill says. The risk is that encrypting every piece of data will also eat up consumer organizations' CPU cycles and slow things down. Still, any solution implemented should broker the connection to the cloud service and automatically encrypt "confidential user data such as home addresses, social security numbers or even medical records."

Infrastructure as a Service (IaaS): Issue #1 here is rogue users. IaaS focuses on managing virtual machines, and the risks are little different than with other cloud types -- here, the main risk is rogue or unwarranted commandeering of services. IaaS requires governance and usage monitoring, and O'Neill recommends that enterprises establish cloud service governance frameworks that help prevent employees accessing information or services they are not permitted to use. "It also prevents them from running up costs on virtual machines or setting up their own accounts to access services paid for by the organization," he says.

.

Topics: Data Centers, Apps, Cloud, Emerging Tech, Software Development

About

Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe is co-author, along with 16 leading industry leaders and thinkers, of the SOA Manifesto, which outlines the values and guiding principles of service orientation. He speaks frequently on cloud, SOA, data, and... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.