« Home
posted on 09.17.2015 posted by Mark Pietrasanta

IaaS, PaaS and SaaS: What’s Really the Difference?

Moving to a cloud environment can offer enhanced efficiency, increased flexibility and significant cost savings. Yet the level to which you realize these benefits can differ dramatically based on the type of implementation.

The term “cloud” has become a universal term applied to a broad range of services, but depending on who you ask, they may describe it very differently. Not understanding the differences between each level of cloud computing can put your agency at risk of not procuring the solution you really need. For example, many agencies today are only implementing Software-as-a-Service (SaaS) and still expecting to realize the full value of an Infrastructure-as-a-Service (IaaS) implementation.

Understanding the Differences

There are three main cloud service types: SaaS, Platform-as-a-Service (PaaS) and IaaS. Each one is very distinct, and you need to make sure your choice aligns with your agency’s expectations for the cloud implementation. Here’s a breakdown of what you really get with each:

Software-as-a-Service

SaaS is really a software delivery and licensing method that provides access to a particular software application and all associated functionality, typically as a web-based service. Services like Salesforce.com and outsourced email, sometimes called Email-as-a-Service, are two frequently cited examples of SaaS. Instead of buying and installing software on in-house servers, you pay for a SaaS model and allow the service provider to run and manage the software and infrastructure.

SaaS is more of a pay-as-you-go/pay-for-what-you-use licensing model than anything specifically related to cloud architecture or technologies. The National Institute of Standards and Technology (NIST) defines SaaS in part as running on a cloud infrastructure, but most SaaS providers’ architecture is not made public, and many are still hosted using traditional models. So while you aren’t getting some of the more common benefits associated with the cloud – on-demand provisioning, rapid elasticity or broad network access – you are getting cost savings due to the licensing model. One major risk with SaaS is that some providers do not have the necessary controls in place to handle federal policies and mandates such as FISMA and DIACAP. Navigating this can be a major challenge for federal agencies, which is why FedRAMP is required for all SaaS providers.

Platform-as-a-Service

PaaS, which falls between IaaS and SaaS, typically provides a way for your agency to access cloud infrastructure as a service, but in a transparent and abstract manner. In this case, the infrastructure is totally separate from your environment and fully managed by the provider – you only manage the application. PaaS providers are often very technology specific, such as .NET or Java-based, since you need to be able to deploy your application code to the PaaS. Once it’s deployed the PaaS provider automatically figures out the infrastructure needed, automatically scales up and down based on load, and may even provide cloud-based databases and other application platform tools.

While PaaS is still a maturing area, it has the potential to deliver the most impact because it can reduce or even eliminate the need for any labor to manage and architect the infrastructure. The challenge so far has been the ability to automatically and abstractly provide rapidly scaling infrastructure in a completely transparent manner. Additionally, many SaaS providers call themselves PaaS, further confusing the term and the benefits of using a true PaaS. For example, some content management system SaaS providers (e.g., Drupal) say they have a Drupal PaaS, when in fact it’s really more of a Drupal SaaS with some additional value-added software services. This can make procuring a PaaS solution very confusing and put your agency at risk of selecting a solution that really doesn’t provide the efficiencies PaaS has to offer.

Infrastructure-as-a-Service

IaaS is focused on the cloud infrastructure and providing every piece of the computing infrastructure as a service, from servers to storage devices to networking to security to databases. With an IaaS implementation the agency does not have a data center on site. Instead, everything that would normally be found within a data center is accessed online.

One major advantage of IaaS is that every piece of the infrastructure can be controlled and measured. There’s also a perception of “infinite capacity” compared to a typical data center, usually at a dramatically reduced cost – often 75-90% savings. Many of the tools and processes used for managing a physical data center can be applied to IaaS, making it an easy transition and ensuring governance and security can be directly applied to IaaS. It’s like having a data center with no limits, but entirely virtual, and paying only for what you use, when you need to use it.

It may sound pretty easy to just flip a switch, but without the expertise of a full-service cloud broker to help you navigate all of the cloud service providers (CSPs) and how they are able to meet your security and system requirements, you may find yourself overwhelmed and unsure if you’ve made the right choice – or worse, you might be exposing your agency to unintended risks.

FedRAMP

No matter what type of cloud or as-a-service solution you go with, it’s critical that the provider — not just the infrastructure — be FedRAMP authorized. This means SaaS and PaaS providers need to be FedRAMP authorized for their entire system and application. It’s not enough to be hosting (for example) SharePoint or Drupal in Amazon Web Services (AWS) and ride on the AWS FedRAMP authorization; the entire “as-a-service” application on top of AWS also has to be FedRAMP authorized. And the main areas where SaaS and PaaS providers have difficulty is around their infrastructure, security processes and staff, which is why this is so important. Alternatively, if you are managing your own application on top of an IaaS provider, you can use the IaaS FedRAMP package coupled with your agency security documentation for you application. The main difference is centered on whether it’s a shared service.

What’s right for your agency?

Before you can make that decision, you need to determine the exact benefits your agency is expecting to realize and how ready your agency is to make the jump to the cloud. And that doesn’t mean you have to jump right into all of them at once. Remember that you can continue to build your cloud solution and environment over time. For example, many agencies choose SaaS as the first, incremental step toward a full cloud implementation to help the IT team get comfortable with the idea of handing over some of the IT reins to someone else. On the other hand, if your agency is ready to start moving your legacy data centers or even your interim virtualized data centers to the cloud, and realize the significant benefits a cloud environment has to offer, IaaS is most likely the best option.

Moving to the cloud can provide a number of powerful benefits, but as mentioned earlier, there are still risks that can quickly derail your cloud implementation. Understanding the basic differences is a good start, but to ensure success your agency should work with a cloud broker and integrator that is knowledgeable in each level of the cloud and can outline all the risks and benefits as it relates to your agency’s specific needs. Having detailed expectations from all of your stakeholders and a fully mapped out cloud strategy will enable your agency to fully realize all the benefits the cloud has to offer.

Let Aquilent help you determine which cloud solution is right for you.

« Home
leave a reply_

Comments are closed.