Application Security Testing: An Integral Part of DevOps
Before we get into when does the cloud make sense, we probably should start with defining what cloud we are talking about. After all cloud computing has been a topic thrown around and used in various contexts over the last 10+ years. In this article, we will primarily look at when the following make sense:
- Software as a Service (SaaS)
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
Software as a Service (SaaS)
SaaS is one you hear about quite often as it tends to come up in business discussions as an inexpensive turnkey method for getting into a particular application or service. There are many SaaS providers and a wide range of available applications. Microsoft includes a number of SaaS applications including Dynamics CRM Online application. As is the case with the Dynamics CRM application, quite often the online version is a hosted version of a customer installable on premise application. This is not always true, but many providers have started creating online versions of their on premise apps to lower the barrier of entry for customers.
SaaS services are often priced on a per user basis with varying levels of options such as Free, Basic and Pro. Some of the services may include options for additional storage, feature packs, etc.
Advantages of SaaS
- Low barrier to entry, ready to use almost instantly
- Scale up the number of users as needed
- No need to manage servers
- Support Included
Disadvantages of SaaS
- Reliant on the provider for issue resolution
- Unable to optimize servers for your needs
- (Generally speaking) no direct access to the database
Infrastructure as a Service (IaaS)
One of the primary services provided by IaaS providers are Dedicated or more commonly Virtual Machines. IaaS providers make it very easy to purchase virtual machines of just about any size running various Linux distributions or Windows Servers. The pricing is most often charged on a per hour basis and cost as little as $0.10 to $0.15 per hour. Thus you can purchase as many servers as needed to scale your application. In addition to Virtual Machines, IaaS providers include other basic infrastructure such as IP addresses, network traffic, storage, firewall, load balancing, virtual networks, etc. Like Virtual Machines, each of these services is charged on an as used basis such as per GB/month, per hour, etc.
In recent years, IaaS providers have begun to grow both in number and size. This method of providing cloud services was mostly pioneered by Amazon with their Amazon Web Services (AWS) products, which are used today to support many of the top web sites. Since the initial launch, Microsoft, Google, and many others have entered the marketplace to compete with AWS.
Advantages of IaaS
- Used properly, IaaS can be used to support even the largest websites
- Inexpensive, Low Maintenance
- Makes it possible to outsource almost your entire IT infrastructure
Disadvantages of IaaS
- Reliant on a 3rd party for critical application uptime.
Platform as a Service (PaaS)
PaaS services are often built upon underlying IaaS services with a few differences. Instead of dealing with installing your application on a server, you deploy your application through the provider's tools. In order for your application to run you may need to utilize provider specific libraries and/or use with avoid specific libraries not allowed by the provider. Most traditional websites are able to run on PaaS providers with little or no changes; however, you may need to make changes to support specific provider capabilities.
Why go through the process of supporting PaaS? The answer is simple, simple scalability. Unlike IaaS where you would need to provision additional servers for your application, PaaS allows you to scale your application without the need to deal with individual servers.
Advantages of PaaS
- Simplified Scalability
Disadvantages of PaaS
- May be tied to a single provider
So when does the cloud make sense? While a simple question, the answer is not. Overall, the cloud does make sense (which is why it's become so popular); however, there are many cases where the cloud does not fit. Here are a couple of the possible issues, which may prevent you from using cloud services.
- General Comfort Level
- Security, Privacy Concerns and/or Corporate IT Policies.
- Standards Compliance, for instance PCI (Payment Card Industry) or HIPAA (The Health Insurance Portability and Accountability Act).
While there are other minor concerns, which arise from time to time, the main issue is the overall comfort level with trusting an outside organization with your IT Infrastructure. Yes, there are legit items, which prevent you from being able to use the cloud; quite often it makes much more sense from a cost and reliability perspective. For those cases where comfort level is the main concern, start with a smaller project and slowly build up confidence before attempting to use it for critical business functions.