Security Experts:

The Three Categories of Cloud Computing: What's Your Flavor?

Cloud Computing is made Feasible Through the Deployment and Interoperability of Three Platform Types: IaaS, PaaS, and SaaS.

We often hear the term “Cloud Computing.” It’s the pet rock of 2011. The very mention of it gets marketing departments excited, vendors offering all sorts of “cloud doo-dads” and IT departments ramping up for the next best thing. But, let’s break down the parameters of the Cloud in order to identify what is and isn’t cloud. To do this, we’ll talk about the NIST definition of “cloud,” and then tackle the stack.

IaaS, PaaS, SaaSCloud computing, if done correctly, delivers unprecedented cost efficiency, scalability, flexibility, elasticity, interoperability, reliability and security. But take a step back. “Cloud Computing” is actually a general classification of three services. It’s the broad term for the stack that NIST breaks down as follows:

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

In other words, it’s the ability for end users to quickly and easily acquire and utilize bulk resources. Period. And those resources are pooled across multiple customers. Also included in the NIST definition are a number of characteristics such as “on demand self-service.” This defines the end users’ ability to receive services without any of the usual long delays from IT departments.

The NIST definition also highlights rapid elasticity, which allows the service to scale quickly when necessary, based on high demand peaks. Cloud computing is a metered service much like other service utilities (gas, electric, water).

End users should have the ability to access the services provided via standard platforms such as mobile devices, desktops and laptops.

Tons of information has been written about the benefits of cloud computing in the areas of cost, scalability and security. All of these points are valid. But let’s break down what the different pieces of the cloud stack are, in order to identify how your organization can capitalize on its many benefits.

First we’ll go high level. Cloud is made feasible through the deployment and interoperability of three platform types. These three layers are:

IaaS - Infrastructure as a Service

PaaS - Platform as a Service

SaaS - Software as a Service

Now this stack is easily broken down as follows: Think of the “Infrastructure-as-a-Service” as the road. It’s the basis for communication. It’s the bottom layer that you build your platform on. The platform are the cars traveling on the infrastructure. PaaS rides on IaaS. But on the top of that, the goods and passengers inside the cars are the SaaS. It’s the end user experience. It’s the end result. Let’s take that a step further.

Infrastructure-as-a-Service (IaaS)

Cloud Providers offering Infrastructure as a Service tout data-center space, and servers; as well as network equipment such as routers/switches and software for businesses. These data-centers are fully outsourced, you need not lift a finger, upgrade an IOS or re-route data. Although this is the base layer, it allows for scalability and reliability; as well as better security than an organization may have in a local co-lo or local datacenter. In addition, these services are charged as utilities, so you pay for what you use, like your water, electric and gas. Depending on your capacity or usage, your payment is a variable.

Because the IaaS vendors purchase equipment in such bulk, you, Mr. Customer, get the best gear for the lowest price. Hence, the financial benefits of IaaS are cheaper access to infrastructure.

With the pay-as-you-go model, instead of investing in a fixed capacity infrastructure, which will either fall short or exceed the organizational need, customers are able to save quite a bit of coin. Buying hardware that’s barely used is a waste of hardware, air conditioning, space and power.

Operational expenses versus Capital expenses: Cloud is better. Because these computing resources are basically used and paid for like a utility they can be paid via the operating expenditures budget versus being paid for via capital investments. In other words, instead of depreciating the gear over three years, you’re able to expense the monthly charge this year. And the next year. And the year after that. It’s an elastic service.

Platform-as-a-Service (Paas)

Provisioning a full hardware architecture and software framework to allow applications to run is the essence of Platform-as-a-Service. There’s a huge market for customers who require flexible, robust web-based applications. But, in order for these applications to run, there needs to be platform supporting it that is just as robust and flexible. Cloud providers offer this environment and framework as a service. Their developers can write their code regardless of the OS behind it. So instead of software being written for Apple, Linux or Windows, it’s being written for a development environment provided by Cloud Providers such as Amazon, Microsoft and Google.

Software-as-a-Service (SaaS)

Software-as-a-Service (which I’ll refer to simply as SaaS) is the process of provisioning commercially available software but giving access over the net. The customer doesn’t have to worry about software licenses, since they are handled by the service provider. The provider also handles upgrades, patches, or bug fixes. Some examples of this software might be office productivity software, which you may access online, like Google Docs. You can also essentially rent contact management software, content management software, email software (Google mail?), project management software, and scheduling software. It’s all online. All easily available on the internet. Why is this a big deal? Well, you no longer have to pay for expensive hardware to host the software, or get to the software (VPNs, dedicated links, etc.), you don’t need the employees (and their associated salaries, benefits, office costs, etc.) to install, configure or maintain the software. The application is handled on the back end by the SaaS provider. That’s sort of a big deal regardless the size of your business. Money is money. Your IT staff is then able to use its time and resources to work on other projects or you can simply eliminate unnecessary IT staff.

Just think about how many unnecessary resources can be eliminated when users no longer need all sorts of local applications on their local computers and the associated troubleshooting frustrations. And now, because it’s cloud based, there’s a Service Level Agreement for problems.

The other thing to think about is that by moving your infrastructure (IaaS) to the cloud, you no longer have the headache of building out and maintaining that infrastructure. It scales when you scale. By pushing the development platform out to the cloud (PaaS), development of software on a stable, secure, reliable environment allows resources to work on just that--development. And by putting software in the cloud and accessing the software through a web browser, applications are no longer bound by an operating system. The operating system platform becomes nothing more than a stage for a web browser to access the software to do the work. Work becomes device-agnostic. So, users who want to be on Linux workstations can do just that. Prefer a Mac? No problem. PC is your game? We can do that, too.

With the cloud, there are many ways to save money, as well as increase reliability and security. Understanding the options will help you do just that.

Subscribe to the SecurityWeek Email Briefing
view counter
Dimitri McKay is a Security Architect and technology evangelist at Splunk. He has over 13 years experience working with Fortune 500 companies on network and systems engineering and security administration. McKay is a regular speaker at security events and frequent contributor to industry blogs and trade magazines on topics related to network and cloud security, compliance, SIEM and big data. He studied computer science and information technology at NYU and Harvard University. You can follow him on Twitter via @dimitrimckay.
view counter