Let's take two typical business scenarios to discuss the adoption of a security assurance program. One concerns services built on top of a third-party cloud service provider, and the other concerns building your own, complete cloud services, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS):
- Scenario 1: Joyce, e-commerce services on a public cloud service: Joyce is a security leader at an e-commerce company. The company has an in-house software development, IT, and security team. They deploy an e-commerce service based on a third-party cloud service ...