Pixabay Cloud Computer

Exploring advantages and disadvantages of Cloud: IAAS PAAS SAAS

Cloud service providers are in the news every day.  Whether it be that Disney or the NFL is “moving to the cloud”, or that a vendor is forcing Cloud adoption with their offerings, Cloud is newsworthy. And for providers, whether it be Microsoft’s Office365, Amazon Web Services (AWS), or a vertical market solution, Cloud Computing is here to stay.

But the first step to adoption is getting rid of the “fear factor” associated with change. And we all understand, cloud computing is a gigantic change. Cloud is changing the boardroom cost and revenue profiles, it is changing the management staffing profiles, and it is changing the individual contributor’s job profile. Just like every industrial change, Cloud requires a changed mindset. And this article is intended to help reduce those fears!

Rainbow in the clouds - Cloud Technology Services
Think cloud!

This article focuses on understanding how “as a service” can help your business. First, we’ll define the continuum of primary “as a service” technologies. Next, we’ll explore some of the many cloud computing advantages and disadvantages – for there are many! Finally, we’ll apply Cloud Computing architecture and describe how real, live businesses use “the cloud”.

Bespoke data centers

It is important to understand that “cloud” is a data center solution. Fundamentally, the change is how the data center is owned and operated. And Cloud is not just for online businesses. To emphasize, cloud is a data center solution, much like any data center.

Before going into the “as a service” offerings, consider the requirements and capital involved with building and operating a company’s data center.

  • Long term capital costs include the land, and a building including the raised floor.
  • Shorter term recurring capital and maintenance costs include servers and networking infrastructure such as firewalls, routers, switches, along with the building infrastructure such as the air conditioning units.
  • Likewise, operational costs include taxes, permits, power (air conditioning, lights), insurance, physical security, human capital (including the cost of hiring and retaining staff), and a Managed Services Security Provider to monitor the data center.

But wait, there is more — the cost of business continuity. Business continuity and disaster recovery in bespoke data centers is handled by duplicating the data center — often at a large cost.

With the data center in mind, let’s understand the “as a service” opportunities.

1. The cloud “as a service” continuum

xAAS models are best understood as concentric circles
xAAS models are best understood as concentric circles in a continuum of options

As you explore xAAS solutions for your environment you’ll noticed there are many marketing descriptions for Cloud Services. 

The marketing hype will tend to make this all sound very confusing. However, consider that cloud services all lay in a continuum of “As-A-Service” models.

The Cloud continuum is most easily visualized as laying within a set of concentric circles. The innermost of the models is the Infrastructure as a service (or IAAS) and allows the customer to control most of the solution, while the outermost of the models is the Software as a service (SAAS) and levies most of the technology infrastructure and platform maintenance on the vendor so the customer focuses on their business instead of the technology.

As you read through each of the definitions, consider the necessary functions of the solution. In most cases, the further outbound of the concentric circles (that is, the Software as a service solution) is going to be the least “hands on”, and the least configurable.

Infrastructure as a Service (IaaS)

The innermost Infrastructure as a Service model is the most basic “as a service” model.  IaaS is a solution where the customer is responsible for provisioning storage, networking, processing, and other basic computing components.   The consumer does not control the underlying physical infrastructure, but does control the technology infrastructure. 

Specifically, the Hosting company controls the data center including physical access to the infrastructure, heating and cooling, insurance, and other infrastructure costs. In this case, the customer may have control over the internet bandwidth, the CPU cores, and the available memory — artifacts normally associated with “technology infrastructure”.

[In Infrastructure as a Service delivery models,] the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

NIST Special Publication 800-145, “The NIST Definition of Cloud Computing”

In yesterday’s model of hosted computing, the IaaS model would be where the customer has direct control of the hardware that is in a “private cage” in the service provider’s data center. While the “private cage” model is still available, IaaS is based on a Virtual Machine world, where the “Infrastructure” is a provisioned virtual machine.

Platform as a Service (PaaS)

Platform as a Service is a solution where the Customer is controlling the platform from the point of view of the Operating System.  In PaaS solutions, the Hosting company often provides Platform Deployment Templates.   For example, a PaaS hosting company will manage the operating system, while the customer will deploy their own software for the solution.  The Customer has full control over, and full responsibility for, maintaining the software and any associated applications.

PaaS are useful for custom software companies who then resell their custom software as a SaaS solution to their customers.

[In Platform as a Service delivery models,] the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

NIST Special Publication 800-145, “The NIST Definition of Cloud Computing”

Software as a Service (SaaS)

We find Software as a Service (or SAAS) as we approach the outermost of the concentric circles. Software as a Service is the most vendor controlled of the “As a Service” solutions. In this environment, the Customer purchases access to a hosted software package.  In this case, the hosting company controls the platform and infrastructure — in most cases, the customer doesn’t know and doesn’t care what infrastructure and platform on which the service is installed.  Typically, Web browsers provide access to SaaS solutions and restrict configuration to options within the web interface. The application service provider tightly controls the application configuration. 

[In Software as a Service delivery models,] the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from
various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.

NIST Special Publication 800-145, “The NIST Definition of Cloud Computing”

Capacity planning in SaaS is normally based on transaction counts, or number of users, or other volumetric measures, and is not based on infrastructure centric “number of CPUs” or “amount of RAM”, nor platform centric “version of the Operating System”. Simple examples for SAAS that most of us understand include email providers such as Google’s gmail, Microsoft’s web based email, and WordPress.com hosted web sites.

2. Advantages of Cloud

Cloud connects everyone
Cloud computing is already working

As with all technologies, there a Advantages and Disadvantages to Cloud Compute models. When exploring each artifact, try to better understand whether the artifact affects you, if it does then how the artifact affects you, and if it is a negative situation whether the particular deployment can either accept or otherwise manage the situatio


Cloud Compute services are “on demand”.  This means that instead of having to rent a physical location, apply for permits, purchase physical servers, standing up those servers in a physical data center, and hiring engineers and staff to run the data center, the Customer can focus on speed to market and stand up the cloud on demand.  This reduces the large capital outlays and even reduces the risks with associated with long-term leases.

Rapid elasticity

Rapidly expanding and rapidly retiring services is straightforward in Cloud Compute models.  This reduces the concerns for oversizing or undersizing equipment purchases.

For example, if a business experiences a recession or other cut backs, the cloud expenses can quickly be reduced.  Due to rapid elasticity, the business is not at risk of purchasing and maintaining large unused data centers.

Controlling capital expenditures through resource pooling

Employing cloud services reduces the costs, risks, and unknowns of building out a full data center.  In this way, the business owners can focus on the business instead of managing a data center and the staff to maintain it.

Business Continuity Planning and disaster recovery

Cloud compute offers location abstraction, where the Customer does not have need to control the geographic deployment area.  In fact, if properly deployed, Cloud Computing models supply most of the computing infrastructure required to solve business continuity (BCP) and disaster recovery — all built into the deployment. That is, disaster recovery and business continuity are “built-in” by deploying multiple geographically distributed compute solutions — all without standing up independent physical locations.  Although this does not solve the entire Business Continuity plan (click here for a more comprehensive discussion of BCP), it goes a long way in the right direction.


The Host company provides the physical security to the servers and data center.  Depending on the solution, the Customer is responsible for various levels of data security.

Software update management

The business does not have to be concerned with regular software updates in SAAS & PAAS environments.  Instead, the CSP host will maintain the SaaS environment, and the business can focus on the business needs.  Security risks are also reduced since the most recent software package is regularly deployed.

Improved mobility

All forms of cloud computing offer improved mobility for the workforce by centralizing the compute stack into a remote addressable solution.  Consequently, there is no longer a need to create and protect a DMZ – if your employees have an internet connection, they’ll have access to the CSP.

3. Disadvantages of Cloud

Broken Internet connection always requires a plan!  Cloud Computing requires Business Continuity Planning
Broken Internet connection always requires a plan! Cloud Computing requires Business Continuity Planning

The cloud compute model is highly effective, highly cost effective, highly resilient, and there are many reasonable advantages when moving to a Cloud Service Provider (CSP).  That said, there are disadvantages to any solution, and CSP is no different.  As with any solution, it is important to consider how CSP changes your business dynamics before fully embracing the architecture. This is especially true for the Business Continuity Plan. Here we’ll explore some of the disadvantages.

Service provider outages

Unfortunately, like all cloud stacks, cloud providers also suffer outages. When outages occur, the Customer may feel helpless in relying on the CSP in bringing the system back online.  That said, overcoming Outage risks is easily structured by building multiple cloud stacks with multiple CSP’s providing distributed geographic deployment.

Network outages

Network outages do and will occur.  In a purely on site solution, Internet Service Provider (ISP) failures do not impact the business.  However, in a cloud solution, the ISP is a primary point of failure.  Managing these risks is straightforward by employing multiple ISPs.


While CSP’s offer tremendous Security value, there is a risk that policies are not followed.  Depending on the type of business you are running, contractual language can transfer some of those risks.  For example, in a healthcare environment Business Associates Agreements transfer some risks associated with breaches.

Vendor lock in

Vendor concerns exist with shrink wrapped software, and even more concerns exist for cloud services.  As you engage with a vendor, remain cognizant of vendor lock in risks.  For example, the customer should have mitigation plans in place if a vendor goes out of business, or if a contract ends unfavorably, or if the contract becomes unaffordable.  Test Vendor lock in plans regularly to confirm that all data is recoverable and the business is able to continue unabated.

4. Aligning business use cases with cloud technology

Bring your bright ideas! Light bulb on a chalk board with six idea bubbles around
All bright ideas start with at least one

We’ve covered Advantages and Disadvantages of Cloud Services versus owning your own bespoke data centers and platforms.  This section explores business cases where cloud services excel.

Email (high availability)

Email requires high availability for guaranteed delivery. Consequently, Email is a solution that is normally best handled by a cloud service provider. With the advent of Office 365, Google gsuite, and others, cloud email is normally both more secure and less expensive than hosting one’s own email.

Email leans towards the Software as a Service offering, where the customer is not responsible for the infrastructure nor the platform. Configuration is simple: Create an email address, secure it with a password, and then transact with emails. If running a personal domain, you’ll also need to configure the MX records appropriately.

Websites (resource pooling)

Most companies are not interested in managing the physical computers and data center for hosting a web site. Not only would the company have to maintain the web site, but also the infrastructure and network connections related to being online.

In most cases, hosting services such as a web site are better served by a cloud hosting provider. In general, web sites will be provided by cloud providers leaning towards the Platform or Software as a Service options, where the customer is going to be responsible for the content of the site and the service provider will be managing the infrastructure.

Surge capacity for online retail presence (rapid elasticity)

Another example of cloud computing benefits relates to surge capacity. For example, say a company regularly serves 100 customers per day. The company is expecting to run a promotion, and is unsure what kind of traffic to expect. Through a CSP model, the company can rapidly expand services to handle surge, then tear down the services after the surge.  No hardware purchase and deployment is necessary, just lease the potential CPU cycles while necessary to accommodate the potential surge.

5. Where to go from here

Pixabay whats next white board
What’s next white board

In many ways, Cloud is just “yet another” technology. More specifically, it is an evolution of the timeshare data center. Explore cloud as you would any technology. Start by enumerating your business requirements. Then, outline individual benefits and concerns related to cloud computing, especially those that relate to business and technology risk plans.

My recommendation? Cloud is an excellent risk reducer and cost saver if employed correctly. Embrace cloud! Cloud early and cloud often.

6. Key acronyms and technologies

  1. AWS – Amazon Web Services
  2. Bespoke data center – custom tailored data center
  3. CSP – Cloud Service Provider
  4. ISP – Internet Service Provider
  5. SaaS – Software as a Service
  6. PaaS – Platform as a Service
  7. IaaS – Infrastructure as a Service

7. References

  1. “The NIST Definition of Cloud Computing”, Special Publication 800-145, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
  2. “Final Version of NIST Cloud Computing Definition Published”,
  3. “Advantages and Disadvantages of Cloud Computing”,  http://www.levelcloud.net/why-levelcloud/cloud-education-center/advantages-and-disadvantages-of-cloud-computing/
  4. “Google Cloud Platform”, https://cloud.google.com/products/
  5. “Benefits of cloud computing”, https://www.ibm.com/cloud-computing/learn-more/benefits-of-cloud-computing/
  6. “11 Advantages of Cloud Computing and How Your Business Can Benefit From Them”, https://www.skyhighnetworks.com/cloud-security-blog/11-advantages-of-cloud-computing-and-how-your-business-can-benefit-from-them/
  7. “Cloud Computing and Is it Really All That Beneficial?”,  https://www.lifewire.com/cloud-computing-explained-2373125
  8. “Why Move To The Cloud? 10 Benefits Of Cloud Computing”,  https://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html