Working with Cloud Computing – CompTIA Security+ Lesson 11

Cloud Computing is becoming more and more popular this days. To guarantee security you should know what you’re working with here.

Cloud Computing is specified by the NIST in different categories. They differentiate between three kinds of services and four delivery model. I shortly mentioned the services in the first post of the series here. The services are known as SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service). The services are delivered private, public, in a community or a hybrid model.

Let’s take a closer look:



In this service the consumer can use an application provided by a provider. The provider hosts, manages and controls the application and everything beneath it. From App to Hardware and Network. The consumer doesn’t control anything here.

Famous examples for this services are Office 365, Google Apps and even Netflix!.

So just remember SaaS = Netflix: You can watch the shows they provide, but can’t control what series are available there. I wish I could just add Game Of Thrones to it.


Here a consumer can deploy own software, the provider manages the machine the software is deployed to. This means the applications are managed by the consumer, while everything beneath it is managed by the provider.

An example is microsoft azure cloud. You can deploy your software, but can’t control the underlying infrastructure.


This service allows a consumer to provision, deploy & run software, while the provider manages the infrastructure beneath it. In short this means that if you are a consumer of this service you get pratically your own workstation/ server in the cloud on which you can install everything from the OS upwards to Apps and manage users on it, etc…

Pratically a PC in the cloud.


Also known as Anything as a Service is a hybrid of two or more services explained above.

Delivery Models


If the organization using the cloud also hosts it, it is called a private cloud. Which leads to the situation that the consumer is also the provider.


The cloud is owned by an other organization and possibly used by multiple users. Like dropbox or, again, netflix. It’s mostly “hosted in the internet”.


A community cloud is a cloud used by a group of interest. A few examples and more explanation can be found here.


A mix of private and public.

Additional info