According to Joe McKendrick the SaaS, PaaS and IaaS (the three cloud models) have very different kinds of risks… “Software as a Service has password issues. Platform as a Service has encryption issues. Infrastructure as a Service has rogue user issues”.
The biggest issue in the SaaS model of Cloud Computing is the password management, since SaaS delivers applications from the cloud, the main risk is likely to stem from multiple passwords accessing applications. However other risks that must be consider are:
In the PaaS the number one issue is the data encryption, PaaS can be inherently secure, but the risk is slow system performance. That’s because data encryption is recommended before data is sent to PaaS cloud providers. However other risks that must be consider are:
In this case the most important issue will be the rogue users. IaaS focuses on managing virtual machines, and the risks are little different than with other cloud types — here, the main risk is rogue or unwarranted commandeering of services. IaaS requires governance and usage monitoring; enterprises should establish cloud service governance frameworks that help prevent employees accessing information or services they are not permitted to use. However other risks that must be consider are:
- Camilo Ferran