Professional Documents
Culture Documents
Session 6
6.1 Aim
To familiarise students with the basic concept of the Importance in PAAS, IAAS, SAAS
At the end of this session, student should be able to know the Importance in PAAS, IAAS, SAAS.
In this session, the student will able to learn the Importance of security in the cloud by PAAS, IAAS
and SAAS.
Security is paramount in the cloud due to the unique challenges and risks associated with cloud
computing. Cloud services offer numerous benefits, such as scalability, flexibility, and cost-
effectiveness, but they also introduce new security considerations. Here are some key reasons why
security is crucial in the cloud:
Data Protection: Cloud providers host vast amounts of data, including sensitive information from
individuals and organisations. Ensuring the confidentiality, integrity, and availability of this data is
vital to prevent breaches and data loss.
Compliance: Many industries and regions have specific regulatory requirements for data protection,
privacy, and security. Cloud users must comply with these regulations, making it essential to
implement security measures that meet these standards.
Shared Responsibility: In a cloud environment, security is a shared responsibility between the cloud
service provider (CSP) and the customer. The CSP is responsible for the security of the cloud
infrastructure, while customers are responsible for securing their data and applications. Failing to
understand this shared responsibility can lead to vulnerabilities.
Data Breaches: Cloud data breaches can be catastrophic, resulting in financial losses, reputational
damage, and legal consequences. Securing data in the cloud is critical to prevent unauthorized
access, data theft, and exposure of sensitive information.
Access Control: Cloud environments are accessible from anywhere with an internet connection,
which increases the risk of unauthorized access. Implementing robust access controls,
authentication, and authorization mechanisms is essential to prevent unauthorized users from
accessing resources.
Multitenancy: Cloud services are often multitenant, meaning multiple customers share the same
physical infrastructure. This shared environment can introduce security risks, such as the potential
for data leakage or cross-tenant attacks, which need to be addressed.
Distributed Nature: Cloud services are distributed across various geographical locations. This
complexity can make it challenging to maintain a consistent and effective security posture, making
centralized security controls and monitoring crucial.
Evolving Threat Landscape: Cyber threats and attack techniques are constantly evolving. Cloud
security measures must adapt to these changes, requiring ongoing monitoring, threat detection, and
incident response capabilities.
Data Backup and Recovery: Cloud users often rely on the provider for data backup and recovery.
Ensuring that data can be reliably restored and is protected against data loss or corruption is
essential for business continuity.
Scalability and Elasticity: The cloud's scalability and elasticity enable resources to be easily
provisioned or de-provisioned. While this flexibility is an advantage, it also means that security
measures need to scale dynamically to meet changing demands.
Identity and Access Management (IAM): Effective IAM policies and practices are crucial in the cloud
to control and audit user access to resources. Misconfigured IAM settings can lead to data exposure
and unauthorized activity.
Security Monitoring and Response: Continuous monitoring, intrusion detection, and incident
response are essential to identify and mitigate security threats and vulnerabilities in a timely manner.
In summary, security in the cloud is indispensable because of the unique challenges and risks
associated with cloud computing. Organizations must prioritize security to protect their data,
maintain regulatory compliance, and safeguard against evolving threats in this dynamic and
distributed computing environment.
PaaS includes infrastructure (servers, storage, and networking) and platform (middleware,
development tools, database management systems, business intelligence, and more) to
support the web application life cycle.
Deployment and scaling: PaaS platforms handle the deployment and scaling of applications
automatically, providing an efficient and scalable infrastructure.
Google App Engine: A fully managed serverless platform for developing and hosting web
applications.
Microsoft Azure App Service: A PaaS offering that enables developers to build and deploy
web, mobile, and API applications
Heroku: A cloud platform that allows developers to build, deploy, and manage applications
easily.
Salesforce App Cloud: A platform that provides tools for building and deploying enterprise
cloud applications.
IBM Cloud Foundry: An open-source PaaS that allows developers to deploy and scale
applications across multiple cloud providers.
Oracle Cloud Platform: It provides a set of services for developing, deploying, and managing
applications in the cloud. It includes Oracle Cloud Application Container Service and Oracle
Cloud Developer Services, offering tools for building, testing, and deploying applications.
c) PAAS providers
(i)Programming languages
PaaS providers provide various programming languages for the developers to develop the
applications. Some popular programming languages provided by PaaS providers are Java,
PHP, Ruby, Perl, and Go.
(ii)Application frameworks
(iii)Databases
PaaS providers provide various databases such as ClearDB, PostgreSQL, MongoDB, and Redis
to communicate with the applications.
(iv)Other tools
PaaS providers provide various other tools that are required to develop, test, and deploy the
applications.
Advantages of Paas
Simplified Development
Lower risk
Prebuilt business functionality
Instant community
Scalability
Disadvantages of PaaS
a) Vendor lock-in
One has to write the applications according to the platform provided by the PaaS
vendor, so the migration of an application to another PaaS vendor would be a
problem.
It may happen that some applications are local, and some are in the cloud. So there
will be chances of increased complexity when we want to use data which in the
cloud with the local data.
Iaas is also known as Hardware as a Service (HaaS). It is one of the layers of the cloud
computing platform. It allows customers to outsource their IT infrastructures such as
servers, networking, processing, storage, virtual machines, and other resources. Customers
access these resources on the Internet using a pay-as-per use model.
IaaS offers virtualised computing resources over the internet, including virtual machines,
storage, and networking capabilities. It provides users with the flexibility to create and
manage their own virtualised infrastructure without the need to invest in physical hardware.
The significance of IaaS lies in its scalability, cost-efficiency, and resource management
capabilities. Users can rapidly provision and scale resources based on their requirements,
paying only for their consumed resources. IaaS enables businesses to avoid upfront
infrastructure costs, easily handle spikes in demand, and have greater control over their
infrastructure configuration.
Storage and backup: IaaS provides scalable storage solutions, allowing users to store and
retrieve data efficiently. It may also include backup and disaster recovery options.
Network management: IaaS offers networking capabilities, such as load balancing, firewalls,
and virtual private networks (VPNs).
Server management: Users have control over the operating systems, applications, and
configurations of virtual machines.
Billing and Cost Management: IaaS services are typically billed on a pay-as-you-go
basis, allowing users to pay only for the resources they use. Some providers offer flexible
pricing models and reserved instances for cost optimization.
Amazon Web Services (AWS): A comprehensive cloud platform offering a wide range of
computing, storage, and networking services.
Microsoft Azure: A cloud computing platform that provides virtual machines, storage, and
networking capabilities.
Google Cloud Platform: A suite of cloud computing services, including virtual machines,
storage, and data analytics.
Digital Ocean: A cloud infrastructure provider that offers scalable virtual machines and
storage options.
Oracle Cloud Infrastructure: A cloud platform that provides infrastructure services such as
computing, storage, and networking.
c)Advantages of IaaS
Shared infrastructure
Web access to the resources
Pay-as-per use model
Focus on the core business
On-demand Scalability
d) Disadvantages of IaaS
Security
Security is one of the biggest issues in IaaS. Most of the IaaS providers are not able to
provide 100% security.
Although IaaS service providers maintain the software, but they do not upgrade the
software for some organizations.
Interoperability issues
It is difficult to migrate VM from one IaaS provider to the other, so the customers might face
problem related to vendor lock-in.
SaaS delivers software applications over the internet on a subscription basis, eliminating the
need for users to install, maintain, and update the software locally. SaaS applications are
centrally hosted and managed by the service provider.
The importance of SaaS lies in its accessibility, ease of use, and cost-effectiveness. Using
various devices, users can access SaaS applications from anywhere with an internet
connection. SaaS eliminates the need for software installation and maintenance, reducing
upfront costs and IT overhead. It also ensures that users always have access to the latest
version of the software, as the provider applies updates and patches centrally.
Application access: SaaS allows users to access and use software applications hosted in the
cloud from any device with an internet connection.
User management: SaaS platforms typically include user authentication, access control, and
user administration features.
Data storage and retrieval: SaaS providers manage the storage and retrieval of user data,
often offering data backup and recovery options.
Dropbox: A cloud storage and file synchronisation service that allows users to store and
share files.
c)Advantages of SaaS
Software as a service removes the need for installation, set-up, and daily maintenance for
the organizations. The initial set-up cost for SaaS is typically less than the enterprise
software.
SaaS pricing is based on a monthly fee or annual fee subscription, so it allows organizations
to access business functionality at a low cost, which is less than licensed applications.
One to many
SaaS services are offered as a one-to-many model means a single instance of the application
is shared by multiple users.
d)Disadvantages of SaaS
Security
Actually, data is stored in the cloud, so security may be an issue for some users. However,
cloud computing is not more secure than in-house deployment.
Latency issue
Since data and applications are stored in the cloud at a variable distance from the end-user,
there is a possibility that there may be greater latency when interacting with the application
compared to local deployment. Therefore, the SaaS model is not suitable for applications
whose demand response time is in milliseconds.
Total Dependency on Internet
Switching SaaS vendors involves the difficult and slow task of transferring the very large data
files over the internet and then converting and importing them into another SaaS also.
Access Control: Implementing proper access controls is crucial to this Session is designed to
Describe Security Concepts: Confidentiality, privacy, integrity and prevent unauthorised
access to cloud resources. This involves employing strong authentication mechanisms, such
as multi-factor authentication (MFA), and enforcing role-based access control (RBAC) to limit
privileges based on user roles and responsibilities.
Data Encryption: Encrypting data both in transit and at rest is essential for maintaining data
confidentiality. Encryption ensures that even if unauthorised individuals gain access to the
data, they cannot decipher it without the encryption keys.
Identity and Access Management (IAM): Implementing robust IAM practices helps manage
user identities, control access permissions, and enforce security policies. This involves
creating and managing user accounts, defining roles and permissions, and regularly
reviewing and revoking access as needed.
Threat
6.8 Examples and contemporary extracts of articles or practices to convey the idea of the session:
Google Docs, Microsoft 365. Users can access Google Docs and Microsoft 365 through the
internet. ...
Zoom. ...
AWS Lambda.
6.9Table Numbering
NA
NA
1. Which of the following service providers provides the least amount of built-in security?
a) SaaS
b) PaaS
c) IaaS
d) All of the mentioned
2. Point out the correct statement.
a) Different types of cloud computing service models provide different levels of security services
b) Adapting your on-premises systems to a cloud model requires that you determine what security
mechanisms are required and mapping those to controls that exist in your chosen cloud service
provider
c) Data should be transferred and stored in an encrypted format for security purpose
d) All of the mentioned
a) Infrastructure
b) OS
c) Application stack
d) Access controls
b) Mission-critical workloads
c) Sensitive data
7. Which of the following is the most refined and restrictive cloud service model?
a) PaaS
b) IaaS
c) SaaS
d) CaaS
8.In which environment do admins have the most control over cloud app security?
a) PaaS
b) SaaS
c) IaaS
d) SECaaS
b) Cross-platform APIs
c) IaaS APIs
d) Apache APIs
6.12 Summary
Cloud security is a collection of procedures and technology designed to address external and internal
threats to business security. Organisations need cloud security as they move toward their digital
transformation strategy and incorporate cloud-based tools and services as part of their
infrastructure.
Answer -1: c
Answer -2: d
Answer -3: d
Answer -4 : d
Answer -5 : d
Answer 6 : c
Answer 7 : c
Answer 8 : a
Answer 9 : b
Answer 10 : a
6.16 Glossary:
Cloud security, also known as cloud computing security, is a collection of security measures designed
to protect cloud-based infrastructure, applications, and data. These measures ensure user and device
authentication, data and resource access control, and data privacy protection.
6.17 References of books, sites, links:
Text Books :
1. Tim Mather, Subra Kumaraswamy, Shahed Latif, "Cloud Security and Privacy: An
2. EnterprisePerspective on Risks and Compliance", O'Reilly Media Inc, 200
Reference Books :
Web Links
1. https://www.youtube.com/watch?v=fqMOX6JJhGo
2. https://www.youtube.com/watch?v=8OC0lj53KKI
3. https://www.youtube.com/watch?v=lEvKQR1E8IE
MOOC Course
1. https://www.coursera.org/learn/introduction-to-cybersecurity-foundations
2. https://www.coursera.org/specializations/cybersecurity-cloud
3. https://www.netacad.com/courses/cybersecurity/cloud-security
4. https://www.udemy.com/course/complete-ccskv4/
6.18 Keywords: