Your browser does not allow storing cookies. We recommend enabling them.

PaaS & Security - Platform as a Service

Platform-as-a-Service (Paas) is a cloud computing model where the service provider offers a platform that enables customers to develop, run, and manage applications. The service provider maintains the infrastructure for developing and running the applications.

Typically, the customer develops the application for a sandbox having limited supported languages and configuration options. The service provider offers the computing infrastructure, operating systems, middleware, and preinstalled software packages to facilitate running the applications.

PaaS is commonly used for web server hosting, as well as for services like Google App Engine, which allow users to develop their own code to be run in a limited sandbox.

Security Issues

For performance reasons, applications from multiple customers are typically run in the same operating system instance. The applications may be isolated from each other using containers or some language-specific sandbox mechanism (e.g., the Java virtual machine).

A major security risk, beyond those for IaaS, is an application breaking out from its sandbox. Containers were not originally designed to be secure against breakout (particularly if the user is able to utilize some vulnerability to obtain root privileges). Programming language sandboxes have been found to be even more fragile; for example, new vulnerabilities are typically found and patched in the Java virtual machine every month.

For more information, see the page on cloud security.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now