Favorite Quote

"..the market seems to have come to the conclusion that cloud computing has a lot in common with obscenity-- you may not be able to to define it, but you'll know it when you see it." James Urquant

Thursday, December 17, 2009

Understanding Cloud Taxonomies and Security

OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing.  The three taxonomies that have become part of our vernacular are:
  1. Infrastructure as a Service (IaaS):  Set of virtualized components that can be assembled to build a application.  Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services.  If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance.
  2. Platform as a Service (PaaS): A runtime environment for application developer to deploy their applications in their desired programming environments with production issues such as scalability, security and reliability already addressed by the Platform.  Google App Engine, the support Java and Python is a good example of PaaS. Using PaaS developers can code applications locally on developer machines and push them to the cloud.  The developed applications can automatically scale to millions of invocations and thousands of users.  The developers do not have to concern themselves with managing threading, concurrency and load balancing issues for such almost unbound scalability.
  3. Software as a Service (SaaS): Fully functional application with potentially and API for external application integration.  SugrarCRM, Netsuite and Salesforce.com are classic examples of SaaS in the CRM space.  SugarCRM can be used as an fully functional enterprise CRM systems and can also be accessed through Web services APIs for integrating on-premise application.  See for example:  Web services Testing SugarCRM.
For more details on Cloud Taxonomies and Security, see Understanding Implication of Clouds on Application Security.


  1. Thanks for the blog which contains such a valuable information's of Cloud Computing. Thanks for sharing it here. By the way have you heard about Cloudslam 2010 conference which is a upcoming event covering latest trends and innovations of Cloud Computing and its technologies. This a good chance to gather more knowledge on Cloud computing from the World's leading experts of Cloud Computing.

  2. This comment has been removed by the author.