Cloud service models are different types of cloud computing services that are provided by CSPs to customers or users. There are three main types of cloud service models:
- Infrastructure-as-a-Service (IaaS): In this service model, the CSP provides the infrastructure or computing resources such as servers, storage, and networking, which can be used by customers to build and manage their applications or services. The customer has control over the operating system, applications, and security, while the CSP is responsible for the underlying infrastructure.
- Platform-as-a-Service (PaaS): In this service model, the CSP provides a platform for customers to develop, run, and manage their applications without the need to manage the underlying infrastructure. The customer can focus on building and deploying their applications while the CSP takes care of the infrastructure, operating system, and middleware.
- Software-as-a-Service (SaaS): In this service model, the CSP provides a complete software application or service that can be accessed and used by customers over the internet. The customer does not need to install or manage the software as it is provided by the CSP as a service. Examples of SaaS include email, online storage, and customer relationship management (CRM) software.
In simple terms, cloud service models are different types of cloud computing services that are provided by CSPs to customers. These services can range from providing infrastructure resources to complete software applications, with varying degrees of control and management by the customer.
Next, let us talk about cloud security.
What is cloud security?
Cloud security refers to the set of practices, technologies, policies, and measures designed to safeguard data, applications, and infrastructure in cloud environments. Security in clouds is crucial because it addresses the unique security challenges and risks associated with cloud computing, which includes services such as IaaS, PaaS, and SaaS.
Important note
Gartner reports (https://www.gartner.com/en/newsroom/press-releases/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences) that 99% of cloud breaches are traced back to preventable misconfigurations or mistakes by cloud customers.
It is evident that cloud computing services bring some overriding concerns too, and most of them can be prevented if they are configured correctly. This includes network and system misconfigurations, IAM misconfigurations, and accidental exposure of resources. We will read more about major configuration risks in Chapter 11, but some of them are explained in the following subsection.