cloud, cloud apps, Cloud Infrastructure Design, Cloud Security, Cloud Strategy, development, PaaS, Platform as a Service, security, Simple Cloud, virtual applications, virtualization, Virtualization Design, Virtualization Security, Web App Firewall, Web Application Firewall
Continuing from Monday’s post, today we look into Platform as a Service, or PaaS. This is one of the lesser known service models as it is sometimes hard to picture the difference between PaaS and Infrastructure as a Service (IaaS). The key difference is really the type of users that typically work on creating the environment within PaaS, this is truly the developer’s domain.
So why do developers love PaaS? Quite simply the tools that have been developed for cloud environments lets developers create applications in ways that they previously have not been able to. A great example of this is the OS-less application (I wrote a post about this topic that you can find here. PaaS is a great option for organizations who want to develop applications on infrastructure that they don’t want to have to host or deal with on any level. But like any service, there are things to be aware of before you dive in with both feet.
PaaS is essentially a service in which the cloud provider offers a development environment for organizations to create applications and host information. In an in-house environment this would require the purchase of servers, installing the OS and development environment to create applications that run on the server. With PaaS, you automatically skip to the application creation stage.
The paragraph above hints at one of the key problems with PaaS, vendor lock-in. When you standardize on an application development platform, you run the risk of being limited to vendors that offer the same platform. For example, if you create an application that runs only in Microsoft Azure environments, should you need to move to another provider you will be limited by providers offering Azure environments. So this is one thing that you must keep in mind when choosing a PaaS service, making sure that you pick a widely adopted platform, or build an application that can be launched on any platform. The best thing to do is to avoid signing any long-term contracts before you have decided which platform you will standardize on, and avoid providers who use proprietary services.
There are a few vendors who are making strides in creating a layer of abstraction between the application and the platform to help allow for movement between platform types and reduce the costs and headaches associated with vendor lock-in. Organizations including Simple Cloud are working with vendors to create an open cloud standardized platform to PHP in cloud environments. Their main objective is to create a common interface for document and file storage and queue services. This means that you could write applications that would work in any cloud environment regardless of platform.
From a security standpoint, the same controls exist that would apply to an IaaS model, but since PaaS is concerned heavily with the security of proprietary (owned by the customer) applications, there is an increased focus on protecting those applications. This layer is where you would need to ensure that you use a next-generation firewalls and IPS to ensure that the applications are protected from internet and network vulnerabilities. In addition, a web application firewall is heavily recommended if you are accessing these applications through a web portal, such as in an e-commerce application. These methods of protection will help identify security vulnerabilities that might exist within the environment and applications, as well as providing a virtual patch to buy the organization time to complete remediation.
Tomorrow, we move on to Software as a Service, or SaaS.