Chapter 38. Cloud Insecurity?
One of the biggest buzzwords in technology these days is “cloud computing.” The basic idea behind the cloud is that stuff that could be done on the client side gets moved to some unseen cluster of resources on the Internet.
There are three major categories of cloud systems today:
- Software-as-a-Service (SaaS)
In SaaS, you buy a subscription to some software product, but some or all of the data and code lives remotely. For instance, Google Docs is an alternative to Microsoft Office that stores your documents on Google’s servers, and you don’t keep any code on your machine. As it turns out, though, some of the code may run on your machine. For instance, Google Docs relies on JavaScript that runs in your web browser. The application is not hosted on the server side.
- Platform-as-a-Service (PaaS)
From the consumer’s point of view, the software is probably SaaS, but instead of the software developer building the program to run on her own web infrastructure, she builds it to run on someone else’s platform. For example, Google offers a service called Google App Engine, which allows development organizations to write programs to run specifically on Google’s infrastructure.
- Infrastructure-as-a-Service (IaaS)
This is very similar to PaaS, except that the development organization gets to define its own software environment. It basically provides virtual machine images to the IaaS provider, instead of programs, and the machines can contain whatever the developers want them ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
