This content is part of the Essential Guide: A CIO guide to the service cloud
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Assessing PaaS uses, the future of PaaS and PaaS security

Read one expert's view on the future of PaaS, its current uses and relevant security considerations. With different versions of PaaS making names for themselves, some IT professionals are left wondering if there is still value in the parent model.

Platform as a service, or PaaS, has been around long enough to be an established, effective method for developing and deploying applications in a cloud-based system using a provided set of tools. PaaS has also spawned integration PaaS, among other technologies.

PaaS is a cloud computing platform that includes the tools needed to develop, test and deploy applications without the complication of buying and managing the underlying hardware and software. Service providers continue to increase flexibility in configuration and lifecycle management while making improvements in PaaS security. However, with the popularity of iPaaS services, is PaaS really necessary?

PaaS vs. iPaaS: Is there a future for PaaS?

PaaS and iPaaS appear to be the same thing, except iPaaS includes integration tools to connect disparate applications. Both service structures provide development capabilities, a lifecycle management tool, deployment capabilities and an operations console to manage applications and produce use metrics.

PaaS allows companies to focus on the applications they are building and delivering rather than managing and maintaining the full platform system.

However, there are differences between PaaS and iPaaS. IPaaS is the solution for larger enterprise companies that have been around for a while and have significant integration needs between newly developed and legacy applications. PaaS provides its features for startups, smaller companies or those not hampered by application investments prior to the cloud. For these types of businesses, PaaS services offer a rapid development method where they can test applications prior to investing large capital in them. It also allows companies to get up and running quickly with DevOps staff but without the need to manage and maintain complex hardware and software systems.

PaaS vendors are starting to offer more flexibility by adding a run-time engine that is tailored to the client's cloud infrastructure, while still providing a consistent application programming interface to ease application migration between environments. The deployment or DevOps portion of PaaS creates agility and the ability to quickly get applications into testing, staging, sales and production environments.

PaaS uses

If an organization is under pressure to deliver application software to the Web or mobile devices, PaaS offers distinct advantages. The time to market is faster, which leaves no time for a lengthy, drawn-out release. The product has to be of high quality, and it must be provided quickly. PaaS allows companies to focus on the applications they are building and delivering rather than managing and maintaining the full platform system.

PaaS is useful to smaller and startup type businesses that don't have an extensive, dependent set of legacy applications to migrate. PaaS with multi-tenancy allows maximum sharing of application and data resources, again allowing development efforts to remain focused on delivering applications and connecting them rather than building and supporting database resources. The future of PaaS appears secure in the small business and startup space where applications are built within the cloud and are not reliant on integrated legacy applications.

PaaS security

Data encryption is a necessary step IT teams should take before sending data to a PaaS service, and that takes time away from application performance.

The biggest PaaS security issue still appears to be data encryption requirements and their effect on application performance. Data encryption is a necessary step IT teams should take before sending data to a PaaS service, and that takes time away from application performance. There are options to encrypt only confidential data like medical records, ID numbers and addresses. How much performance an application gains from that, however, depends on the data it is using.

A second issue is disaster recovery. What happens if a PaaS service goes down for any length of time? Are the PaaS customers' organizations able to continue conducting business? What happens to the messages still in queues or in process; can they be recovered? These are questions customers should ask themselves and vendors when considering PaaS. Verifying that both the application and the data remain secure are critical security elements.

Third, verify the PaaS vendor uses updated security protocols. Security is a rapidly changing field, and keeping up with changes and updates is essential. Data breaches and other loss of personally identifiable data carry steep penalties and may result in significant business loss or failure. Federated security support is desirable for dealing with increasingly complex authentication scenarios, including two-factor authentication and single sign-on. The PaaS system is the first line of security defense, but applications need to be designed to handle authentication concepts to protect the business and its customers.

It may seem that iPaaS replaces PaaS, but that is not yet the case. PaaS systems still provide value by enabling enterprises to build applications that solve business problems quickly and securely without the need to manage the entire platform system. In the future, iPaaS and PaaS will likely merge or evolve to include all the options in one system where users can choose the portions of the service they wish to pay for and configure. In that way, there would be only one PaaS with feature options for mobile, integration, database and whatever else comes along. After all, PaaS is a computing platform that includes all the tools needed to create applications and deploy them in the cloud. It is logical to assume it would include all the possible features in one platform service. Perhaps that is what the near future holds -- one computing platform service with a diverse menu of features.

Next Steps

Gartner: PaaS revenue to touch $2.9bn in 2016

Moving toward PaaS cloud computing development

Q&A: Past, present and future of iPaaS

Dig Deeper on PaaS and other cloud development platforms

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Do you think iPaaS (or others) is making PaaS irrelevant?