Cloud Possible: Platform as a Service (PaaS)



We discuss the benefits of Platform as a Service (PaaS) operating model in our fourth installment of the Cloud Possible Series.


The PaaS Cloud Service Model is an excellent platform for creating software – for companies with dynamic cloud-based application development and deployment. Custom customer self-service portals are a great example of a solution that fits well with this model. Developers can focus on developing code and new applications without the burden of selecting or maintaining the operating system, database, and middleware tools. PaaS users do not have to understand or provision the underlying cloud infrastructure. Applications are developed on a standardized set of operating systems, databases, and middleware/runtime tools and services – all maintained by the Cloud provider. The model also creates a consistent, scalable platform for geographically diverse development teams. Please note that using a standardized platform and tool set may be a significant change for your developers depending on your current environment, architecture, and culture. But by not worrying about infrastructure, the Utilities IT team can focus on development and the evolution of the solution functionality. Pricing for PaaS services are often consumption based (e.g., by transaction, data usage, simultaneous users) rather than by infrastructure component; it may be difficult to forecast actual costs based on your ability to project the consumption variables.


The PaaS model can also be extended to include a standardized operating system and database to run applications popular with Utilities like SAP and Oracle. In this case, the Utility will have some influence in choosing from the various platforms offered by the Cloud Service Provider (CSP), but the sizing, optimization, and maintenance becomes the responsibility of the CSP rather than the Utility. In this case, it becomes increasingly important that a strong partnership and event and incident management process is documented with the CSP, to ensure a seamless end user experience for service requests and issues that may arise.

Operating Model:

The PaaS Operating Model contains all of the features and attributes of an IaaS cloud: a scalable infrastructure, ability to grow resources as needed and the cost efficiencies of a shared multi-tenant infrastructure. In addition, PaaS providers monitor, manage and maintain a consistent set of scalable and reliable cloud-based operating systems, databases, middleware and runtime tools. This provides a platform for developers to create and customize applications, and then to simply and cost effectively test and deploy applications very quickly. Monitoring the applications and their performance is the responsibility of the Utility but requires a strong partnership and well executed commercial/contract terms with CSPs.


PaaS Providers:

Amazon Web Services, Microsoft Azure, Heroku, Google App engine, Apache Stratos, OpenShift, Oracle Cloud, SAP HEC.


We are seeing many Service Providers or Managed Service Providers (MSP) emerging with their own PaaS+ Application Managed Services offerings, differentiating themselves with packaged pricing and a larger stack of services to offer and to provide to a utility. Many will inherit more refined SLA’s that could mitigate tremendous risk for Utilities.


End-User Support:

End-to-end support plans should be simpler than the IaaS model because more of the operating layers are supported by the Cloud or managed service provider. Help desk and application support teams and procedures still need to be integrated with those of the PaaS provider and WAN. As the cloud provider takes on a larger portion of the operating responsibilities, the Utility should plan on redirecting some of their previous operating costs to governance roles overseeing the PaaS Cloud provider performance and even establishing a Vendor Management Office (VMO). One consideration is the added complexity of multiple partners – perhaps a CSP along with a MSP. In this case, the Utility can benefit from either assigning an internal resource who has the responsibility to align and hold accountable all 3rd parties to a common goal, or to hire a firm that brings specialized cloud service skills to manage this function on their behalf. This role is often a fractional FTE, so engaging a 3rd party provider is often the most cost-effective solution for the Utility. This also brings the added value of having a broad scope of expertise across multiple providers and solutions, to ensure the Utility’s interests are best represented in every scenario.


Security Compliance: All Cloud Operating Models require an overall security plan with negotiated shared responsibilities. Under the PaaS Operating Model, the Utility is responsible for application security: access control, user credential and password management, vulnerability management, and personnel training. PaaS platforms are often accessed via the internet, so this may require your security policies and access controls to be updated.


The same certifications - ISO 27001, SSEA 16, SOC2, and PCI-DSS, are valid and applicable to PaaS Cloud deployments. From a high-level security standpoint, the PaaS Cloud provider should be responsible for executing and auditing the following (the Utility will inherit these audited controls):

  • Operating system, database and middleware: access control, vulnerability management, credential and password management, and audit trails

  • Vulnerability management for cloud infrastructure and management systems

  • Access control, credential management, and training for all personnel accessing cloud components

  • Isolation of client data and systems (e.g., firewalls, encryption, access)

  • Physical equipment and data center controls

  • NOTE: Important to perform the necessary due diligence on the security controls and data protection associated with any APIs that are utilized to access the PaaS application/data

Again, depending on the requirements of the overall security plan, network providers may be responsible for encryption, internet VPNs, and DDoS security services.


Next Steps:

Understanding the operating model benefits and the responsibilities of each party is critical in deploying a successful cloud solution. As with any technology decision the utility must assess its current and future resources to choose the best solution for the business. PaaS operating model allows Utilities to still maintain some control while also outsourcing more mundane tasks of an IT department so they can focus more on the development of the solution.

In the next installment we discuss the details of a Software as a Service (SaaS) model. If you like this post or would like to be notified about the next installment, follow us at https://www.likedin.com/company/validos/.

©2019 by Validos, LLC. United States