Skip main navigation

Understanding Cloud Management (Continued)

In this video, you will learn about the various NIST-published cloud service models.
9.4
NIST also specify different cloud service models. We have three defined within the special publication. There are two more that we’ll mention as well, though. So we have Software as a Service. The Software as a Service is where we are delivering a software solution. The consumer has no influence, no visibility, usually, of the operating system, of the hardware platform. What they see is the application. And that application should continue to work. The consumer can draw down increasing numbers of accounts or increasing services from that SaaS offer. Very little administration for the consumer to do. Usually, we’re talking about account provisioning or hooking the SaaS solution up to our single sign on or Federation services. So this is a very light touch.
60.8
The software as a service model covers things like email clients, web based email. And so outlook.com, any of these email services, are managed. You have no visibility with Gmail or outlook.com of how it works from a technical perspective. You just draw down the service. Platform as a Service is where we are granted something similar to an operating system. So here we can spin up a machine, and we manage the machine. So here we have great insight. We also have great control. So with Software as a Service, if we want to change the features of the application, we are limited to what is offered within that Software as a Service solution.
103.4
With platform as a service, we can install our own applications onto the platform. And usually we have a choice of platforms. We can even install our operating system sometimes with this paradigm. And Platform as a Service, then, we can allocate resources between different applications on the platform. We can control the functionality within that platform. And again, because of that, we have a greater responsibility for administration. So with Software as a Service, we have no visibility. We have no ability to control many aspects of the service. But we have no responsibility, either. So again, there’s advantages and disadvantages to both of those models. With Platform as a Service, we gain the control.
149.7
But we have to be responsible for things like vulnerability management for patching for the ongoing maintenance of those services. Infrastructure services, Infrastructure as a Service, IAS, is again a further level of reduction in the abstraction of service provision. So Software as a Service, all we see is the service. Very abstracted. Platform, the obstruction is reduced, we have control over the platform. Infrastructure as a Service, here, we may be gaining access to disc space. So we might be buying something like a virtualized storage platform. And we are responsible for everything beyond that point. So here, we have the most administrative responsibility. We have the most need for technical skills on site.
199.2
But we also have the greatest level of flexibility and the ability to influence the solution as we see fit, including the security aspects of that solution. With Software as a Service, how can we manage our identity and access management? Well, we’re restricted to what is offered by the Software as a Service solution provider. With Infrastructure as a Service and Platform as a Service, to a lesser extent, IAS, we can define whatever we want with regards to our integrations and our security. Platforms as a Service are somewhere between the two. Not defined within the original NIST document, but becoming increasingly popular, is Identity as a Service.
239.9
And Identity as a Service as a model is where we are drawing down identity from a third party. So this can be something like a single sign on service, and we’ll take a look at some examples in the next couple of slides. But this Identity as a Service model is increasingly popular, still very new, still relatively new. And this can integrate with some of our on premise services. It can provide identity, it can provide the single repository for identity management that influences our on premise and other cloud based solutions. Or we can have a cloud based IDP that takes, that consumes our on prem directory service and provides integration services more widely. So different ways to do this.
286.1
This requires huge amounts of trust, if we’re handing over our identity management to a third party, we need to know exactly to whom we’re handing it over and how that identity management is going to take place. So this is complex. We also have, we’ll look at this more closely later in this section, we have Backend as a Service, BaaS. Again, this is not defined within the NIST documents. But Backend as a Service is a service like Google Firebase. This is where we’re drawing down direct access to something like database services. So Google Firebase offer direct access to a NoSQL database. And this is completely serverless.
325.2
So this is an aspect of an infrastructure being commoditized and offered almost in the same way as Software as a Service. You have limited ability to control, but again, far less requirement to actively manage the solution. So lots of different cloud service models.

In this video, you will learn about the various NIST-published cloud service models.

These include the following:

  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
  • Identity as a Service (IDaaS), a newer model increasing in use

Reflect and share: What are you currently using and what are some of the obstacles you have encountered? Share below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education