The Gaming Boardroom

Models of cloud computing (ITSAP.50.111) – Canadian Centre for Cyber Security

Steve Tyler Leave a comment

Models of cloud computing (ITSAP.50.111) – Canadian Centre for Cyber Security

Summary

This guidance explains the primary service and deployment models used in cloud computing to help organisations choose the most appropriate approach for their needs. It outlines the three core service models — Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) — and the four deployment models — public, private, community and hybrid clouds. The document highlights typical use cases, security responsibilities and where to look for further technical standards (notably NIST SP 800-145).

Key Points

  • There are three cloud service models: SaaS (applications delivered over the Internet), PaaS (managed platforms for developing and deploying apps) and IaaS (virtualised compute, storage and networking resources).
  • SaaS reduces local maintenance and enables access from any device with an Internet connection — examples include Google Workspace and Microsoft 365.
  • PaaS speeds application development by abstracting infrastructure management; providers often handle security updates, compliance checks and threat detection.
  • IaaS offers scalable infrastructure (e.g. AWS EC2, S3) where customers manage OS and applications while the CSP manages the underlying hardware.
  • Deployment models determine access, ownership and control: public, private, community and hybrid clouds each balance cost, control and security differently.
  • Private clouds provide exclusive control and stronger customisable security — suitable for strict compliance or sensitive data.
  • Hybrid clouds enable workload mobility across public/private/community models, combining flexibility with control but adding integration complexity.

Content summary

Service models
SaaS: Applications hosted by CSPs and accessed over the Internet. Fewer local management responsibilities and rapid user access.
PaaS: Managed platforms that let developers focus on application functionality rather than underlying infrastructure; providers often offer built-in security and compliance services.
IaaS: Provides virtual servers, storage and networking so organisations can run and manage their own OS and applications on CSP hardware.

Deployment models
Public cloud: Externally managed, shared infrastructure accessible over the Internet — cost-effective and scalable but less direct control.
Private cloud: Dedicated environment for a single organisation with greater control and customisable security; can be hosted onsite or by a CSP offsite.
Community cloud: Shared among organisations with similar regulatory or security needs, enabling a common infrastructure for those groups.
Hybrid cloud: A combination of two or more cloud types (public, private, community) connected to allow data and application mobility while maintaining each environment’s characteristics.

Context and relevance

This is a concise primer for anyone making cloud decisions or advising on cloud security. It ties directly to common compliance and risk considerations — particularly important as organisations adopt multi-cloud and hybrid strategies. The guidance points readers to NIST SP 800-145 for the formal definition of cloud computing and links to related Canadian Centre for Cyber Security publications on cloud introduction, data spillage and network zoning.

Why should I read this?

Short and sharp: if you need to pick a cloud approach or justify one to stakeholders, this guide gives you the essentials without the waffle. We’ve saved you time by pulling together what each model actually means for control, cost and security — useful whether you’re procuring services, designing architecture or writing policy.

Source

Source: https://cyber.gc.ca/en/guidance/models-cloud-computing-itsap50111

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.