Your browser does not allow storing cookies. We recommend enabling them.

PaaS & Security - Platform as a Service

Platform-as-a-Service (Paas) is a cloud computing model where the service provider offers a platform that enables customers to develop, run, and manage applications. The service provider maintains the infrastructure for developing and running the applications.

Typically, the customer develops the application for a sandbox having limited supported languages and configuration options. The service provider offers the computing infrastructure, operating systems, middleware, and preinstalled software packages to facilitate running the applications.

PaaS is commonly used for web server hosting, as well as for services like Google App Engine, which allow users to develop their own code to be run in a limited sandbox.

Security Issues

For performance reasons, applications from multiple customers are typically run in the same operating system instance. The applications may be isolated from each other using containers or some language-specific sandbox mechanism (e.g., the Java virtual machine).

A major security risk, beyond those for IaaS, is an application breaking out from its sandbox. Containers were not originally designed to be secure against breakout (particularly if the user is able to utilize some vulnerability to obtain root privileges). Programming language sandboxes have been found to be even more fragile; for example, new vulnerabilities are typically found and patched in the Java virtual machine every month.

For more information, see the page on cloud security.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more