The adoption of cloud computing has become a mainstream strategy in IT today. Both product-based and service-based industries benefit greatly from the cloud model because of its ability to reduce an enterprise's Capex and allow focus on the growth of core business lines. However, before jumping onto the cloud bandwagon, evaluating the advantage and suitability of cloud technology for an enterprise is important. This chapter focuses on platform-as-a-service (PaaS) cloud computing offerings. The objective with this chapter is to understand the utility of PaaS and analyze and evaluate its risks, vulnerabilities, and impacts. The authors have carried out our investigation from an auditor's lens by studying the risks associated with the PaaS cloud service offering, understanding the methods to thoroughly assess these risks, and identifying controls that must be used to effectively mitigate them. They have aligned this research with the COBIT control framework as we recommend the formulation of cloud governance and business strategies in alignment with enterprise objectives and goals.
TopIntroduction
The advancement of technology and encompassing networks, storage, and processing power has led to the epitome of computing, known as cloud computing. Since it’s impossible to explain PaaS without explaining cloud computing as they are intertwined terms, we will first look at cloud computing. Cloud Computing is a paradigm that allows on-demand distributed network access to shared computing resources virtually (Lewis, 2010). A model for managing, storing, and processing data online via the internet. Clouds are essentially data centers or multiple data centers comprised of compute and storage resources linked by a network, but what distinguishes a data center as a cloud is that all of those resources have been virtualized into one large, shared pool of resources that can be intelligently and automatically orchestrated. This means it can adapt to meet the ever-changing needs of your applications and the ever-changing utilization and availability of each resource (Goyal, 2014). Today’s clouds are smart, automated, and adaptive. Applications can be deployed far more quickly without custom provisioning boxes and once deployed those apps can dynamically scale on demand. Resources used like congestion or failure can be resolved automatically. Cloud computing can, in fact, be more efficient and cost-effective than traditional data centers. Consumers who utilize cloud services as required, use shared resources as a service that can quickly and elastically scale up or down as needed, pay only for what is consumed, and access services across a networked infrastructure are characteristics of cloud computing (Carroll et al., 2011). Cloud computing is one of the most popular technologies these days due to the following benefits (Carroll et al., 2011): (a) On-Demand Services, which means utilize the service when you need it. This ensures that the services are used effectively; (b) Network Access, which means it uses the Internet as the medium; (c) Shared Resources, which means resources are shared for usage by numerous consumers; (d) Scalability, which allows resources to elastically move up or down.
Figure 1.
Features of cloud computing
One common misconception about cloud technologies and cloud services is that people talk about the cloud as if it is a single, homogeneous entity, whereas the cloud is made up of many different technologies, architectures, and approaches to accomplishing tasks and building solutions (Kim, 2009). This architecture that the cloud is comprised of is segregated based on the services that they provide, PaaS being one of them. Platform as a Service abbreviated as PaaS provides a platform allowing customers to develop run and manage web applications. Customers can do all this without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
So, when you buy a platform as a service essentially you get a base-level platform that you can then dump your code into, and your code will run. One example of the simplest form of the platform as a service is the good old-fashioned shared hosting plan from a web service provider such as GoDaddy. You don’t have to worry about the RAM, the processor, php.ini file, and updates to the server. All you have to worry about is you get one folder where you can dump all of your codes and that code uses the services that are provided to run. So, if you want WordPress to run, you basically need to find a shared hosting plan that provides MySQL, the database, and provide PHP, the scripting engine, you don’t have to worry about installing PHP or MySQL, you just get a folder where you can run your code and that’s all you have to manage.
So, this was the simplest form of the platform as a service. As we move towards a more sophisticated platform, things start getting more complicated and the PaaS concept becomes more advanced. So now instead of simply having a shared hosted plan, you can have something like Amazon Web Services. AWS can give you more sophisticated platforms for you to work on. They have a storage platform, payment gateways, security, network management, etc. that you can use without having to worry about the servers that are running, hardware, operating system, antivirus, and malware (Kewate et al., 2022).