In a purely Public Cloud model, infrastructure security is provided by the CSP (Cloud Service Provider). To be successful, the CSP must have robust security and be transparent regarding security processes, procedures and capabilities, as a single security breach has the potential to destroy the CSP's reputation.
This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Reference Architecture for Private Cloud documentation is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this article, please include your name and any contact information you wish to share at the bottom of this page.
However, your organization cannot ignore security, even when the CSP appears to control the entire stack. You must ensure that a number of factors are considered:
There are Public Cloud offerings for software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), all of which can be instantiated in a Public Cloud. With PaaS the organization must take responsibility for securing their applications and for IaaS the organization must secure the software platforms (operating systems) and development platforms, as well as applications that run in the operating system and development platform contexts.
SaaS, PaaS, and IaaS: A security checklist for cloud models
If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]
Return to Previous Page
Return to Cloud Computing Security Architecture
Return to Reference Architecture for Private Cloud