Your glossary for risk and compliance
Helpful definitions of all of the terms you need to know to better manage risk and compliance.
TermsAFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Communication and consultation Compliance Automation Software Compliance Risk Management Consequence Context control Cybersecurity Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST How many controls are there in ISO 27001? Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 ISO 27001 certified ISO/IEC 27000 ISO/IEC 27004 ISO/IEC 27005 ISO/IEC 27017 ISO/IEC 27018 Level of risk Likelihood Notifiable Data Breach OAIC Policy Management Risk Risk analysis Risk identification Risk management Risk management framework Risk management plan Risk management policy Risk management process Risk owner Risk profile Risk review Risk source Risk treatment SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Stakeholder Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management What are the ISO 27001 controls? What is an ISO 27001 internal audit? What is an ISO 27001 risk treatment plan? What is an IT security policy? What is Hacking? What is ISO 27002? What is PaaS (Platform-as-a-Service)? What is the ASD Essential 8? What is the ISO 27001 management review? What is the ISO 27001 Stage 1 Audit? What is the ISO 27001 stage 2 audit?
What is PaaS (Platform-as-a-Service)?
PaaS (Platform-as-a-Service) Definition
Platform-as-a-Service (PaaS) is a method of delivery in which an organization's developers can access software and tools via the web rather than on their local machines or computing environment. Because the platform is delivered via the internet and stored in the cloud, PaaS frees software development teams from having to worry about software updates, storage, or infrastructure.
How Does PaaS Work?
What is PaaS? A Platform-as-a-Service (PaaS) solution works by combining three principle components: cloud infrastructure, software, and a graphic user interface (GUI).
In the context of this PaaS meaning, your cloud infrastructure includes operating system software, virtual machines, firewalls, storage, and networking. In all examples of PaaS, these serve as the technological foundation of your system—a safe, interconnected computing environment where work can be done.
The software component is used for the development of applications, including building, deploying, and managing them. In a PaaS setup, it is the software that enables the creation of products.
The GUI is where your dev teams do all their work. This forms the connection between the PaaS system and the people that use it. Therefore, the GUI has to link developers with the tools they need to design solutions.
To get the most out of PaaS, the members of your dev team connect to the GUI by logging in to the system from an office, their homes, a coworking space, or somewhere else. Here, they combine efforts to create products, test applications, or deploy complete solutions.
Middleware, which enables data management and communication between apps and an operating system, enables your dev team to do all of their design and development in the PaaS ecosystem. As a result, multiple dev teams can collaborate on the same project at the same time within the PaaS architecture.
Your PaaS service provider ensures you have the cloud computing resources you need to do your work, and you, as the customer, are responsible for managing your data and applications.
What Is the Cloud and the Key Cloud Service Models?
The cloud generally refers to software, data, and services that are stored and accessed via the internet rather than on the user's device. There are three main cloud service models.
Used by an organization's software development team, PaaS allows teams of engineers to write, test, deploy, update, and manage software in the cloud. PaaS includes a variety of built-in services that help development teams write code more quickly. It can be used to create the smallest of applications or those that will be deployed enterprise wide.
Infrastructure-as-a-Service (IaaS) delivers to organizations a complete cloud computing infrastructure, including servers, networks, operating systems, and storage. Enterprises that choose IaaS do not need to buy any additional hardware or equipment. Everything is delivered virtually through the cloud, and there is nothing physical to maintain.
Perhaps the most utilized of the three, Software-as-a-Service (SaaS) is a cloud service model in which a company delivers its software to users via the internet. The user does not need to download, manage, or keep updating software locally in a hard drive in order to use it. All a user needs is a web browser and an internet connection.
Security-as-a-Service (SECaaS) refers to a subscription model organizations use to outsource their security. It provides users with tools such as data protection, database security, Voice over Internet Protocol (VoIP) security, and general network security to fight threats.
Firewall-as-a-Service (FWaaS) is a cloud-based offering that provides users with next-generation firewall (NGFW) capabilities, such as advanced threat protection (ATP), web filtering, Domain Name System (DNS) security, and intrusion prevention systems (IPS).
FWaaS is able to hyperscale, meaning it can scale with demand, adding as many servers as needed.
SOC-as-a-Service involves threat detection and response systems available on a subscription basis to customers. It manages and monitors cloud environments, devices, logs, and network assets for your internal IT and security teams. SOC stands for security operations center.
What Are the Common Scenarios of PaaS?
With PaaS, development teams can more easily write, review, share, test, and deploy code. PaaS includes several built-in development tools that facilitate and accelerate application development.
Analytics or Business Intelligence
Data analysts and data scientists can use PaaS to mine their organizations' data with greater fluency. The PaaS platform helps produce insights, patterns, and forecasts that allow organizations to unlock more meaning in their data.
Because the platform can handle and easily integrate several different web services and databases, PaaS can help various enterprise teams, including those involved in project management, human resources, and finance.
Types of PaaS
This is where an organization subscribes to the same PaaS service that other enterprises use. Though there are separate accounts, everyone uses the same cloud resources stored on the same servers. A public PaaS offers infinite computing capacity.
In a private PaaS, an organization uses a partitioned, isolated segment of the cloud rather than the public resources available to everyone else. As with a private cloud, an enterprise uses its own servers and infrastructure for added security.
As its name implies, organizations can use a blend of both public and private PaaS. The organization can decide which resources can be accessed via the public PaaS and which should be stored and secured in the private PaaS.
A communications PaaS allows developers to add voice, video, and messaging to their applications without having to build a real-time communications infrastructure. A communications PaaS includes sample code libraries, prebuilt applications, and application programming interfaces (APIs) to help developers incorporate communication elements into their applications.
A mobile PaaS offers developers a suite of additional services to help them build mobile applications. These may include software development kits (SDKs) for the major mobile operating systems, including iOS and Android.
Open PaaS is an open-source project with open standards built using popular free software. It is also a social and collaboration platform.
What Is Included in PaaS?
The most important components of a PaaS include the tools needed by software engineers to write, test, deploy, debug, and manage code.
Middleware is the "invisible" software that helps end-users interact with software. This includes software that enables applications to understand the keyboard or mouse clicks input by a user.
PaaS provides any and all operating systems that developers need to work on, without the developer needing to worry about using the latest version or updating it for security patches.
PaaS enables developers to create, query, and maintain the databases needed for successful applications.
By using PaaS, all infrastructure, including storage and servers, is taken care of. Development teams do not need to worry about infrastructure when building applications.
Advantages of PaaS
Cut Coding Time
PaaS includes several services, such as code libraries and debugging tools, that allow development teams to cut coding time.
Additional Development Capabilities Without Adding Staff
Development teams can do more with less with the additional services offered by PaaS. For example, a team may not need to hire an additional tester because PaaS includes a debugging tool.
Developing for Multiple Platforms
Many PaaS providers include SDKs so development teams can simultaneously build code for multiple browsers and operating systems, including those for mobile.
Affordable Use of Sophisticated Tools
The pay-as-you-go model enables development teams to use what they need as they go along, managing costs and resources efficiently.
Support Geographically Distributed Development Teams
As with any cloud-based services, PaaS can support teams that are located anywhere as long as they have internet access.
Efficiently Manage the Application Life Cycle
PaaS providers have built-in tools that help developers throughout the application development life cycle. PaaS enables teams to not just push code to production but also test, debug, modify, and manage all versions of an application.
Faster Time To Market
Because code can be developed faster, applications can be deployed to employees or customers faster, saving time and enabling faster revenue generation.
Development teams need not purchase separate code editors, virtual machines, deployment tools, or security software, as all the resources they need are hosted in the cloud via the PaaS platform.
Ease of Licensing
PaaS providers manage all the licenses for all the tools needed, freeing up the development team from this administrative burden.
Drawbacks of PaaS?
Because an application is built using the PaaS vendor's tools, it can be difficult to switch to another provider, especially for large, complex applications. If a development team intends to bring its development off a PaaS platform, they may need to rebuild portions of their application.
Security and Compliance Challenges
Not only do enterprises entrust their code and data to the PaaS vendor but they also expect the PaaS vendor to maintain the strictest of security standards. For companies in regulated industries that must continuously demonstrate the strength of their data security and privacy, such as healthcare and finance, this can be a challenge.
Even if a development team is pleased with its PaaS provider, any changes may have an impact on an application. For example, changes in infrastructure, such as server availability, may impact the performance of the application. Even small pricing changes can make the application much more expensive to deliver and maintain.
Good Examples of PaaS?
Some of the largest cloud computing companies have PaaS offerings. Amazon offers two: Amazon Web Services (AWS) Elastic Beanstalk and AWS Lambda. Google Cloud Platforms include PaaS platforms Google App Engine and Google Cloud Functions, while Microsoft offers Azure App Service and Azure Functions.
Back to glossary search