Back to course

Introduction to Cloud Security Models (IaaS, PaaS, SaaS)

Cyber Security Mastery: From Zero to Hero

Deepening Cloud Understanding

Reviewing the Shared Responsibility Model (Lesson 54), let's look at the three main service models in detail:

1. IaaS (Infrastructure as a Service)

  • What it is: Provides fundamental computing resources (virtual machines, storage, networks).
  • Customer Controls: Everything from the operating system up (OS hardening, patches, application configuration).
  • Example: Running a custom Windows server in AWS EC2.

2. PaaS (Platform as a Service)

  • What it is: Provides a platform for developing, running, and managing applications without the complexity of infrastructure management (OS, patches, and runtime are managed by the provider).
  • Customer Controls: Code security, access to the application, and data.
  • Example: Using AWS Elastic Beanstalk or Azure App Service.

3. SaaS (Software as a Service)

  • What it is: Software delivered over the internet, typically subscription-based (the entire stack is managed by the provider).
  • Customer Controls: User access management, data classification, and configuration of built-in security features.
  • Example: Salesforce, Microsoft 365, Google Workspace.