SaaS, IaaS, and PaaS are the three most important delivery models. Building on these three many other service models have become available to the market. Popular Anything as a Service models include:
- IaaS — Infrastructure as a Service is a cloud model where businesses outsource their IT infrastructure to a managing provider. The most basic form of IaaS is bare-metal service which allows a single tenant access to a server housed at a cloud provider. This form often does not utilize a hypervisor or containers for virtualization, and essentially emulates on-premise infrastructure. Today, however, most IaaS providers use virtualization to achieve greater efficiencies with their underlying server infrastructures. Beneficial for businesses, IaaS allows them to offload the management, updates, networking, and security to the cloud provider.
- PaaS — Platform as a Service is a step beyond IaaS in that it provides an environment for cloud consumers to access via the web. Like IaaS, PaaS delegates the lower functions, like servers, operating systems, and storage to the cloud provider, allowing the consumer to focus on their necessary work. PaaS is made functional through application programming interfaces (API), and a variety of dev tools and databases whereby developers can develop and deploy applications, even control the application hosting environment.
- SaaS — Software as a Service is a cloud model that provides on-demand software applications typically via a web browser and internet. SaaS is a modernized terminology for application service provider (ASP) software which has existed before “the cloud” came into common usage. SaaS is highly beneficial for businesses who have limited budgets to manage their own IT systems. SaaS provides a quick service model for key applications such as customer relationship management (CRM), enterprise resource planning (ERP), human resources (HR), and payroll applications.
- CaaS — Communication as a Service offers businesses enterprise level communication services. Services can include voice over IP (VoIP), virtual private network (VPNs), private branch exchange (PBX) without the infrastructure costs. CaaS benefits business the same as other XaaS, with the service provider assuming the management responsibilities of the underlying software and infrastructure.
- DBaaS — Database as a Service is a specialized software delivery model for database operations. CSPs offer self-service database provisioning, monitoring of quality of service levels, and measurement of database usage for charging back individual cloud customers.
- BPaaS — Business Process as a Service combines business process management (BPM) with other XaaS service models (SaaS, IaaS, PaaS). BPaaS makes company workflows more efficient, and the agility of these systems to adapt to changing business requirements helps future-proof these workflows.
Anything as a service combines the advantages of cloud service models with pooled expertise. Because, in many cases, XaaS companies service multiple clients, they have a wider range of opportunities to discover and improve upon software flaws, as well as introduce innovative features that a single company may not envision or be able to afford. It's this collective benefit that winds up adding more value in the longer run than the more immediate benefits, like cost controls, that the cloud provides. The following is a list of the significant benefits XaaS models provide.
- Anytime, Anywhere Access — Immediately, cloud service providers provide access to cloud resources anywhere, anytime via the internet. In some enterprise cases, direct cloud connection can be used to enhance performance between systems while providing anywhere access.
- Reduced IT Management Burden — CSPs assume the responsibility for cloud assets, which frees companies from the burden of managing and maintaining their own IT resources.
- Speeds Development and Go to Market — For start-ups, XaaS contributes to boot-strap development, hastening the dev process, and speeding go to market. By eliminating costly, and time consuming infrastructure, this has the effect of reducing a company's footprint by essentially outsourcing the IT department.
- Cost Controls — Because cloud companies are able to accurately monitor system usage, costs can be set to a pay as you go model. This gives companies the ability to also accurately forecast their expenses, and therefore control costs by understanding their cloud usage. If more bandwidth is required, the price is known. Likewise, IT issues are not typically a cost concern because it is the responsibility of the CSP to manage the cloud resources.
- Collective Improvements — Because of the general nature of serving multiple cloud customers, cloud providers are in a more opportune situation to be able to innovate features and discover programming errors. By choosing the right CSP, companies can future-proof their IT needs against risk of obsolescence.
There are potential disadvantages of using an XaaS service, and stemming from the reliance on an outside provider for the X service.
The most critical drawback is downtime. If the provider’s service goes down, making the service unreachable, all business operations that rely on that service will be disrupted. This can be mitigated by relying on a competent, reliable, industry-leading provider, or in some configurations multiple providers. To a lesser degree, performance is a second drawback. While not as potentially devastating as a critical system outage, poorly performing services can still cause disruptions, and loss of revenues.
The last disadvantage varies depending on the XaaS model service type. By employing a service model, companies effectively outsource those IT functions, and likewise part of that responsibility. Illustrated in the Accountability and Share Responsibility Model is a framework for how providers and consumers should share partnership of the data and services within their respective domains.
As the cloud service model moves from a general Infrastructure as a Service (IaaS) model to a specific Software as a Service (SaaS) model, the share of responsibility falls more heavily on the cloud service provider. Imagine renting server racks, the provider’s responsibility amounts to keeping the servers running and their connectivity strong. Beyond that, covering application-level controls and above is the responsibility of the cloud user. Whereas, providers of financial SaaS will be required to have strong identification and access controls. Data security and protection is subject to regulations, and the shared burden of the cloud provider and consumer.
XaaS raises security concerns and begs the question who is responsible.
In the cloud, providers and consumers act more like partners rather than vendors and buyers, in this way, they share responsibility for security. Because it is fair that a CSP should give their best effort to secure their client’s data, they are responsible for data inside their domain and potentially how it is encrypted leaving its domain. But that effort does have a limit, which typically begins where the client’s systems start. This is the premise of shared responsibility.
Shared responsibility encompasses both management and security. For each cloud service, a certain level of responsibility falls on the vendor, and a certain amount falls on the consumer. The Center for Internet Security models such a shared responsibility agreement.
Source: Center for Internet Security, Shared Responsibility for Cloud Security: What You Need to Know