The number of companies utilizing cloud service providers (CSPs) that provide Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) is on the rise and making it important for consumers to understand the services—including the benefits—of what they are purchasing in order to maximize their return on investment.
Wait, what exactly is cloud computing again?
According to the National Institute of Standards and Technology (NIST) (the government agency responsible for developing standards and guidelines), “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
In layman terms, cloud computing is a way to store and access information and applications over the internet—or the cloud—versus an individual computer hard drive or company environment.
What are cloud service providers and what services do they provide?
CSPs are companies that provide one of three services: IaaS, PaaS, and SaaS. The difference between these three services is the division of responsibility between the company and the client.
As shown in the previous image, the cloud provides companies with the ability to share responsibility with the vendor they purchase the service from.
The first row shows a traditional software package where the customer has 100% of the responsibility to implement and manage the software. The vendor simply sells the software to the customer to implement and manage as seen fit.
The next grouping in the stacks is Infrastructure as a Service or IaaS. Just as the name implies, IaaS provides its clients with the ability to utilize the infrastructure in the service provider’s environment. This type of service benefits those who do not want to worry about the infrastructure but want to be in control of the portions that distinguishes their company from others. Some major cloud service providers within this space include Amazon Web Services (AWS), Microsoft Azure, and Rackspace.
The next area within the stacks is Platform as a Service or PaaS. Here, the vendor-managed area increases. When utilizing a PaaS, the client is no longer required to run the day-to-day needs of the operating system or patch management. Using PaaS, the client is only responsible for how they organize their data and how the application interacts with that information. Some popular PaaS providers include AWS, Microsoft Azure, Salesforce, Oracle, and Google.
The last service capability is known as Software as a Service or SaaS. With SaaS, the customer has almost no responsibility in managing the software they have purchased. Customers who utilize a SaaS generally buy the license to subscribe to a service which is hosted by the CSP. Some major SaaS providers include Microsoft Office 365, Box, Jira, and Slack.
Do all service providers use the same cloud?
Simply put, the answer is no. Service providers use one of four deployment methods: private cloud, community cloud, public cloud, and hybrid cloud. This allows customers to search for a cloud service provider that is affordable and in line with their specific needs.
A private cloud is generally used by a bigger company that can afford to purchase, implement, and manage the resources needed to create a cloud environment that is used solely for their company.
A community cloud is similar to a private cloud but is shared by a group or community of companies that share similar cloud needs. The community of companies generally have similar security and regulatory requirements. By aligning their needs into a community cloud, scalability is increased.
Public cloud, which is the most popular, means that the service provided by a CSP can be purchased by the public. This, however, does not mean that the application, architecture, and information that is stored within the public cloud are also available to the public, unless configured in such a way.
Finally, the hybrid cloud is a combination of a public and private cloud. This method is used by companies who want to store private company or client information within a private cloud that does not traverse through the public internet. This method does utilize other services that are within a public cloud and can securely communicate with the private cloud for optimum cloud utilization.
Who are the major cloud service providers?
While there is no one source to find a list of major cloud service providers, one helpful website is Cloud Tango. Cloud Tango provides a directory of leading managed service providers along with validated cloud service provider reviews.
How does a company choose the best cloud service provider?
As the use of CSPs is becoming the norm, it is important to understand the different services and procurement options. Due to the variety of options available, companies should be able to determine which CSP best meets their security and business needs. The following steps can help in finding the right CSP:
- Outline the necessary business and security requirements when purchasing the best CSP. Understanding the unique needs of a company is the best way to navigate service options that will provide the best return on investment and ensure that end users receive a dependable product that meets their needs.
- Understand the type of service needed: IaaS, PaaS, or SaaS. Each type of service comes with different levels of flexibility, as well as pros and cons.
- Complete extensive research before purchasing a cloud service provider’s service. Preparing security questions such as, “How will the CSP interact with the network security already in place?” will help prepare customers in successfully purchasing and implementing a CSP solution.
- Determine procurement restraints. Procurement restraints will help direct companies in determining the type of deployment method that makes the most sense.
- Complete research on possible CSPs to ensure that security and business requirements align with the outline identified in step 1.
For more information on types of Cloud Service Providers, check out the following blogs:
- An Expert Guide to a FedRAMP Readiness Assessment
- An Introduction To The Federal Risk and Authorization Management Program (FedRAMP)
Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is a partner with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report.