Saas, Laas, and Paas security concerns

Here are the main security concerns in SaaS, IaaS, and PaaS.

SaaS Security Concerns

SaaS are the most popular services offered in public clouds.

Because anyone can use a public cloud via the internet, this brings a wide range of concerns and risks, mostly related to data and access. Some of the most important ones are:

• The lack of ability to comply with regulatory compliances. For instance, the regulations in certain countries allow them to store confidential data collected from hospitalised patients to a public cloud. (We should note that big cloud providers started to address this issue. For instance, Microsoft has set up a protected government cloud level of service in Australia as have AWS for the US government).
• Lack of control on the security management of the public clouds.
• Higher probability of cyberattacks because of the exposure of cloud resources to the public via the Internet
• Higher probability insider data breaches. Public cloud providers normally have more staff to manage a large number of resources in the cloud. The more people working inside the cloud provider, the higher the probability of information theft and breaches.
• Difficulty tracking data transfer to and from the cloud resources.
• Lack of visibility of users, data access, and applications in the cloud provider.

PaaS & IaaS Security Concerns

The main security concerns when using PaaS and IaaS are:

• The lack of monitoring ability on a loud workload system and its applications
• Difficulty maintaining consistent security control across multiple clouds and platforms
• Higher probability of insider data breaches.
• Lack of data visibility in the cloud
• Lack of control on the users and access grants to the cloud
• Bypassing authentication and encryption
• Hacking and attacks
• Abusing cloud services