Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. IaaS is one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless. Show
Migrating your organization's infrastructure to an IaaS solution helps you reduce maintenance of on-premises data centers, save money on hardware costs, and gain real-time business insights. IaaS solutions give you the flexibility to scale your IT resources up and down with demand. They also help you quickly provision new applications and increase the reliability of your underlying infrastructure. IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. A cloud computing service provider like Azure manages the infrastructure, while you purchase, install, configure, and manage your own software—including operating systems, middleware, and applications. When an organization runs its own on-premise data centers, control over security is pretty straightforward: it falls solely on the shoulders of internal teams. They are the ones responsible for keeping servers secure, as well as the data stored within them. In a hybrid or cloud environment, the conversation around security inevitably shifts as a cloud service provider (CSP) enters the picture. While the CSP is responsible for some aspects of security, there is a tendency for customers to "over trust" cloud providers when it comes to securing their data. Per a recent McAfee report, 69% of CISOs trust their cloud providers to keep their data secure, and 12% believe cloud service providers are solely responsible for securing data. The truth of the matter is that cloud security is a shared responsibility. In an effort to educate cloud customers on what's required of them, CSPs like Amazon Web Services (AWS) and Microsoft Azure have created the cloud shared responsibility model (SRM). In its simplest terms, the cloud shared responsibility model denotes that CSPs are responsible for the security of the cloud and customers are responsible for securing the data they put in the cloud. Depending on the type of deployment—IaaS, PaaS, or SaaS—customer responsibilities will be determined. Container Security Best Practices: Learn More Infrastructure-as-a-Service (IaaS)Designed to provide the highest degree of flexibility and management control to customers, IaaS services also place more security responsibilities on customers. Let's use Amazon Elastic Compute Cloud (Amazon EC2) as an example. When customers deploy an instance of Amazon EC2, the customer is the one who manages the guest operating system, any applications they install on these instances and the configuration of provided firewalls on these instances. They are also responsible for overseeing data, classifying assets, and implementing the proper permissions for identity and access management. While IaaS customers retain a lot of control, they can lean on CSPs to manage security from a physical, infrastructure, network, and virtualization standpoint. Platform-as-a-Service (PaaS)In PaaS, more of the heavy lifting is passed over to CSPs. While customers focus on deploying and managing applications (as well as managing data, assets, and permissions), CSPs take control of operating the underlying infrastructure, including guest operating systems. From an efficiency standpoint, PaaS offers clear benefits. Without having to worry about patching or other updates to operating systems, security and IT teams recoup time that can be allocated to other pressing matters. Software-as-a-Service (SaaS)Of the three deployment options, SaaS places the most responsibility on the CSP. With the CSP managing the entire infrastructure as well as the applications, customers are only responsible for managing data, as well as user access/identity permissions. In other words, the service provider will manage and maintain the piece of software—customers just need to decide how they want to use it. How to Uphold Your End of the Shared Responsibility ModelThrough 2022, it's estimated that at least 95% of cloud security failures will be caused by missteps on the part of customers. That's why it's more important than ever before to clear up confusion around the cloud shared responsibility model and set customers up for success. While there are clear differences in responsibilities based on deployment types, a common thread remains: it's imperative that businesses can visualize conversations between devices, detect potential security threats in real-time and easily investigate and remediate issues. No dark space and faster response times mean greater security in your cloud investment. Defend Critical Cloud Assets: ExtraHop Reveal(x) 360 for AWS
 Stop Breaches 84% FasterInvestigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows. Who is responsible for security in the guest OS of an IaaS model?With an IaaS model, the vendor is responsible for security of the physical data centers and other hardware that power the infrastructure -- including VMs, disks and networks. Users must secure their own data, operating systems and software stacks that run their applications.
What is the user responsible for in IaaS?IaaS users, are generally responsible for the security of the operating system and software stack required to run their applications, as well as their data. Users' responsibilities generally increase as they move from SaaS to PaaS to IaaS.
Is operating system IaaS or PaaS?IaaS is where you can deploy your own choice of operating systems to run on. If the cloud service gives you OS then it is a PaaS. Look at figure 1 in the attached publication. It depends on what you mean by server.
When using IaaS who is responsible for authentication?With IaaS, the cloud user is responsible for network security and, if necessary, communication encryption.
|
