Share Responsibility Model
The cloud services industry is divided into five market segments by Gartner’s reports. As of 2019, ranking these from largest to smallest in revenue, these segments include: software as a service ($94.8B), business process as a service ($49.3B), infrastructure as a service ($38.9B), platform as a service ($19.0B), and lastly, cloud security services ($12.2B) (“Gartner Forecasts”, 2019). The same survey also outlined that greater than one-third of businesses have migrating to the cloud as a top-three core IT priority. This deployment model discusses the level of responsibility that is held by the client or the service provider (See Diagram 1).
Diagram 1: Shared Responsibility Model
Software as a service (SaaS) essentially puts all responsibility on the vendor who is supplying the solution (Knorr, 2018). From the user interface, user identity, to the underlying infrastructure, the entire experience is managed by the vendor or service provider. The client is not responsible for any of the cloud components in this model. Software as a service solutions are experiencing incredible growth due to the ease of use and integration. A few SaaS examples include Salesforce, Microsoft Office, Google Apps, Concur, or Dropbox. However, a major negative of these solutions can be the gap in features SaaS provider actually provides from what the business using it actually requires in order to operate as efficiently as possible. Additionally, IT might not have visibility into exactly which users are using these SaaS offerings since users and departments can directly agree to consume these resources at either free, developer or production level tiers without having IT to approve the workflow.
Business Process as a Service, or BPaaS, is the delivery of business process outsourcing (BPO) (“Gartner Forecasts”, 2019). These services allow organizations to shift internal processes onto the cloud – such as tasks that need to be automated or revolve around processes, such as HR, payroll, or manufacturing. An organization would elect to migrate to a BPaaS offering in order to be up and running on a new platform within a short amount of time. The trade-off would represent a higher cost for the services, but the features and functionalities would prove to be more than valuable for the client. Another limitation would be the inability to customize the solution. However, since the company has invested significant research and development in the BPaaS product, it most likely would be user-friendly and highly capable to manage the business process in the cloud. The high cost though generally should be a red flag for organizations who are first exploring cloud as an initial step.
IaaS, or Infrastructure as a service, provides the ability for organizations to stand-up servers and IT components that can be used for their product or service delivery needs (Knorr, 2018). The cloud provider hosts the hardware and software components, as well as the virtualization or hypervisor layer. Additionally, these services come with features that further allow an organization to save costs – these features include integrated billing, monitoring, security, and identity access management. In essence, the cloud provider is responsible for virtualization, networking, storage, and servers. The client is responsible for the application, the data, the runtime servers, the middleware, and the operating software required to run the applications.
Platform as a service means that the platform is managed by the service provider – updates, patches, security actions, and hardware maintenance are just a part of the list of responsibility measures the provider must manage. The business is responsible for managing any software on the cloud resources. With the PaaS model, the client is responsible for only the application and the data – all other components are handled by the cloud provider.
Lastly, cloud security management, while the smartest of the market segments, is not by any means irrelevant. The concepts that are relevant in this domain help to authenticate and authorize user identities and secure personal and private data. As of 2019, most of the cloud providers are capable of meeting the rigorous compliance regulations due mostly to the services offered in this market segment.
Comments