Episode 27: Cloud Delivery Models: SaaS, PaaS, and IaaS
Cloud services are organized into delivery models based on the level of responsibility retained by the customer versus the provider. These delivery models determine which aspects of infrastructure, software, and maintenance are handled by the cloud vendor and which are managed by the customer. The three primary models are Infrastructure as a Service, Platform as a Service, and Software as a Service. For the exam, you may be asked to recognize these models by their defining characteristics or match them to user requirements in given scenarios.
Infrastructure as a Service is the delivery of virtualized computing resources such as servers, networking, and storage over the internet. In this model, the customer is responsible for managing the operating systems, applications, and data, while the provider maintains the underlying physical infrastructure. Common uses for Infrastructure as a Service include running test environments, hosting websites, and providing scalable storage solutions. Well-known examples are Amazon Web Services E C Two, Microsoft Azure Virtual Machines, and Google Compute Engine.
Infrastructure as a Service offers flexibility to design custom environments suited for any workload, making it possible to specify resources exactly as needed. It provides scalable allocations of virtual central processing units, memory, and storage to match workload demand. Costs are controlled through pay-as-you-go billing that charges only for consumed resources. This model is most effective for organizations with IT staff who can manage systems internally and require full control over configurations.
Platform as a Service is a delivery model that provides a complete, preconfigured environment for developing, testing, and deploying applications. It removes the need for developers to manage server hardware or operating system patches. This approach focuses on speeding up the application lifecycle, from writing code to making it available for end users. Examples include Google App Engine, Heroku, and Microsoft Azure App Services.
The primary advantages of Platform as a Service include accelerated development through integrated tools and application programming interfaces, automatic scaling of applications based on demand, and built-in handling of load balancing and security updates. By removing the operational burden of maintaining servers and network configurations, it shortens time-to-market for new products or updates. This model is best suited for software developers and DevOps teams who need to focus on coding and testing rather than infrastructure maintenance.
Software as a Service delivers fully functional applications over the internet that are accessed through a standard web browser. In this model, users interact with the application without the need to install, update, or maintain it locally. Software as a Service is the most visible cloud model to non-technical end users because it delivers ready-to-use functionality without infrastructure complexity. Examples include Google Workspace, Microsoft Three Sixty Five, Dropbox, and Salesforce.
The benefits of Software as a Service include the ability to access applications from any device with an internet connection, the elimination of local software installation and updates, and the facilitation of collaboration and file sharing across geographic locations. It is particularly effective for teams and organizations that need reliable productivity tools without requiring advanced technical skills for setup or management. This makes it the preferred choice for most business productivity applications.
Comparing the three models reveals that Infrastructure as a Service offers the greatest flexibility and control but requires the highest level of technical expertise. Platform as a Service offers a balance between control and operational simplicity, optimized for development teams. Software as a Service is the easiest for end users to adopt and scale but offers the least customization. Each model is designed for different organizational roles, technical capabilities, and operational goals.
The shared responsibility model defines the boundary between what the cloud provider manages and what the customer is accountable for. In Infrastructure as a Service, the customer manages everything above the hypervisor layer, including the operating system and applications. In Platform as a Service, the provider handles infrastructure and operating system maintenance while the customer focuses solely on application logic and data. In Software as a Service, the provider is responsible for nearly all operational aspects, with the customer mainly managing user accounts, permissions, and data policies. Understanding these boundaries is critical for compliance and risk management in cloud environments.
For more cyber related content and books, please check out cyber author dot me. Also, there are other prepcasts on Cybersecurity and more at Bare Metal Cyber dot com.
A real-world example of Infrastructure as a Service is a technology startup that needs to deploy scalable servers for a new application while maintaining the ability to configure every aspect of the system. By selecting Infrastructure as a Service, they can choose the operating system, firewall rules, and complete software stack while avoiding the need to purchase or maintain physical hardware. As user demand increases, they can expand processing power, memory, and storage instantly. IT administrators retain full control over updates, security policies, and the architectural design of the hosted environment.
A practical example of Platform as a Service is a software development team building both a mobile application backend and a web-based front end. By using Platform as a Service, the team gains access to pre-built tools, integrated version control, and automated deployment pipelines without managing the physical or virtual servers themselves. This allows developers to concentrate on writing and refining application code while the platform manages automatic scaling, load balancing, and performance monitoring. The result is reduced operational workload and faster release cycles.
A common example of Software as a Service is a small business adopting an integrated productivity suite for email, document creation, and virtual meetings. Services such as Microsoft Three Sixty Five or Google Workspace deliver all these functions through the browser, removing the need for local installation or patching. Employees can securely access documents and collaborate in real time from any device with internet connectivity. This approach minimizes technical overhead while maintaining consistent access to core business tools across all locations.
When planning cloud adoption, organizations often start with Software as a Service to quickly address productivity needs, then expand to Platform as a Service or Infrastructure as a Service for more customized solutions. Moving to cloud services requires planning for data migration, adjusting access controls, and training staff on new tools. Security policies must be updated to address data handling in cloud environments, and integration with existing systems may require the use of application programming interfaces or specialized middleware.
Billing models differ across service types and can influence budgeting decisions. Infrastructure as a Service costs are typically based on usage of compute time, storage capacity, and network bandwidth. Platform as a Service is often billed according to the number of active application instances or developer accounts. Software as a Service uses subscription pricing, which may be per user or per feature tier. Understanding how each model scales with usage is critical for forecasting long-term operational costs.
Security responsibilities also vary. In Infrastructure as a Service, customers must secure their operating systems, applications, and data, including implementing patches and access controls. In Platform as a Service, the provider manages patching and platform-level security, but application code and user data remain the customer’s responsibility. In Software as a Service, the provider secures the application and infrastructure, while customers focus on configuring access rights and data policies. Regardless of the model, misconfigured access, weak encryption, or inadequate monitoring can create vulnerabilities.
Compliance requirements and the risk of vendor lock-in should be considered before selecting a cloud model. Certain regulations may require that data remain in specific geographic regions or that encryption meet defined standards. Some Software as a Service providers limit data export options, while Platform as a Service or Infrastructure as a Service customers may rely on proprietary tools that make migration difficult. Evaluating portability and compliance alignment during the selection process helps avoid costly transitions later.
Each delivery model has strengths and trade-offs. Infrastructure as a Service offers maximum control and customization but also brings greater complexity and management requirements. Platform as a Service accelerates development and simplifies scaling but may limit flexibility due to platform constraints. Software as a Service is the simplest to adopt and manage, though it provides the least customization and can present challenges in data ownership. Selecting the appropriate model depends on technical expertise, business objectives, and compliance requirements.
Key glossary terms for this topic include Infrastructure as a Service, Platform as a Service, Software as a Service, subscription, virtual machine, container, hypervisor, and Service Level Agreement. Reviewing these terms with flashcards or by mapping them to real-world examples strengthens recall for the exam. Visual diagrams comparing the layers of responsibility between the models are also useful for reinforcing understanding of where customer and provider duties begin and end.
For the exam, be ready to identify the most appropriate model for given scenarios and to explain the reasoning behind the choice. Questions may ask you to compare responsibility levels, user roles, and service limitations. Understanding how each model aligns with different operational needs will increase accuracy in both direct and scenario-based questions. Proficiency with the shared responsibility concept will also help you interpret compliance and security questions accurately.
In modern IT environments, professionals often work across multiple cloud models simultaneously. Organizations use Software as a Service for productivity tools, Platform as a Service for application development, and Infrastructure as a Service for specialized workloads. Knowledge of these models is increasingly a baseline expectation for IT roles, making cloud literacy an essential career skill. Selecting, integrating, and managing these services effectively is part of delivering secure, efficient, and scalable technology solutions.
In the next episode, we will cover cloud deployment models, including public, private, and hybrid configurations, and explore how these options affect control, cost, scalability, and compliance. You will learn how to evaluate deployment choices based on business requirements, operational priorities, and regulatory considerations. Join us for Episode twenty eight, Deployment Models — On Premises, Cloud, and Hybrid Compared.
