In my last blog, I gave you some insight into some of the starting steps for adjusting your security strategies for a SaaS-enabled world. Here, I explore some of the additional adaptions to consider with PaaS.

Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) solutions. In this blog post, the second in a series looking at the ways to adapt your security operations to reflect the new technologies of cloud solutions, we’re going to look at what you should consider when implementing your security controls for a PaaS environment.  As you’ll see, many of the strategies from SaaS will remain pertinent for PaaS, so make sure that you read the first part of you haven’t done so already.

Platform as a Service

PaaS shares a lot of core functionalities with SaaS, taking a similar approach to managing the vast majority of the underlying architecture. But instead of a final software product, PaaS offers a toolset for others to build products upon.

There are many big players in this market area who provide a myriad of different services including AWS Elastic Beanstalk, Google App Engine, Force.com and Microsoft Azure, but your choice of PaaS vendor may be restricted by the technology platform you wish to implement with. A lot of purchasing decisions might put security as a “lesser” concern, but that doesn’t mean it should be classed as unimportant or that you can’t build a robust security model for these services.

Adapting for PaaS

Since most PaaS products are geared toward software development, getting your development teams involved with developing your security approach is an important element of your PaaS planning. For many organizations, this may mean a change in approach as security teams have traditionally been involved primarily with post-development (Read more...)