April 18, 2012
Every business considering moving its infrastructure to the cloud has several serious decisions to make. Perhaps the most significant and basic question to answer is which cloud service type to pursue: software as a service (SaaS), platform as a service (PaaS) or integration as a service (IaaS). Recently, two experts weighed in on the advantages and disadvantages of each, and how to minimize the downsides.
Jeff Caruso of Network World states that SaaS is probably the easiest of the cloud types to initiate. The service provider is responsible for allocating resources to the user's application, including servers and other equipment. This means the user's organization can begin to use the cloud quickly.
As Computer Technology Review's Mark O'Neill recently pointed out, however, SaaS can create security issues regarding password management, particularly for a large enterprise. If a company has thousands or even tens of thousands of employees, and each has at least one password for each application, IT departments cannot hope to issue or keep track of them all. This raises the risk of an employee's password ending up in an unauthorized person's possession, which can potentially lead to a data breach.
To combat this problem, he recommended companies implement a single sign-on option. This, he claimed, reduces the number of passwords circulating, which reduces risk.
Caruso notes that PaaS offers significant customization options to users, making it appealing to any organization with unique needs. It can also be the most secure option available. However, O'Neill notes that this security can only be achieved by encrypting data before uploading it to the cloud, which can drain CPU resources.
Despite this drawback, he believes that implementing a system that automatically encrypts data is worth the computing power, as it is the best means of protecting a company's information.
Choosing IaaS allows an organization to control its own virtual machine, which, according to Caruso, it can then load with whatever applications the organization chooses.
O'Neill points out that this format has the risk of unwarranted commandeering of services, by employees or otherwise. To prevent misuse, he suggest companies pursuing this cloud type create a governing board to oversee usage.
-McAfee Cloud Security