ProtectedIT Chairman and CEO Damian Ehrlicher recently took some time out of his hectic schedule to sit down for a nice chat. With a sharp mind for strategy and an impressive business record, he offers keen insights on a hot topic circulating in today’s cyber security market.

When someone mentions a ‘cloud,’ chances are they may be referring to something other than the fluffy white ones in the sky. Whilst the degrees of understanding vary widely, it is safe to say that most people are familiar with the basic concept of a cloud relating to computing and storage.

In addition, when someone mentions an ‘app,’ chances are that they may be referring to something besides the fried pickles on the starter menu (although, those are always good, too). In the last decade, the word ‘app’ has evolved and is now ubiquitously known as a reference to applications, both on mobile devices and computers.

Today, at ProtectedIT, we commence our long-forecasted discussion and focus on an important concept that bridges both cloud and app technology, and which often flies under the public radar:

Platform as a Service (PaaS)

Platform as a Service is simultaneously a structure, tool, and technological environment. Being so, this kind of an electronic platform is abstract and can be a difficult concept to grasp.

As defined by Gartner, Platform as a Service (PaaS) is a type of cloud offering that delivers application infrastructure (middleware) capabilities as a service.

It’s important for a number of the functional services the cloud-based platform is able to provide, but probably most notably so because of the structured support and ‘jumping-off’ point it provides to people who are creating technology for consumer use. This includes technology such as business networks, cybersecurity and testing, mobile and desktop applications, reporting and analytic features, DevOps tools, etc.

TIPs [Threat Intelligence Platforms] integrated with SOARs [Security Orchestration, Automation, & Response] which are automation tools means multiple people reporting there is a vulnerability and then building an automation around it. Identifying the problem and solving the problem all in one fell swoop.

              -Damian Ehrlicher, ProtectedIT Chairman & CEO

There are some alternatives to PaaS. A few examples:

•     Software as a Service (SaaS) is managed and owned by an external provider and uses the internet 100% to deliver applications and support to its users.

•     Infrastructure as a Service (IaaS) is an option that offers more control of the technology base infrastructure to the client (i.e. runtime, middleware, operating systems, applications, etc), but may require more time and money to train the workforce on the deeper complexities. This can also open a vector of vulnerability because those folks may be more prone to error or causing an internal breach because they aren’t as familiar with the processes.

So why highlight Platform as a Service over the other options?

According to Damian, there is a massive skills gap in the global market for senior analysts that understand the inner technical side and cybersecurity surrounding the management of these types of cloud-based infrastructures. Additionally, there are bad actors on the other side (threat groups, hackers, etc) looking to exploit data. These actors are always evolving their own tech and methods of infiltration and extraction, and thus oversight of the whole process and security mechanisms must also constantly evolve to keep up. This can be a huge headache for CISOs to manage, not to mention very costly in time and training.

The nature of PaaS delegates the management of minutiae and low-level 1 and 2 alarms to a trusted third party that specializes in this management, is on the front end of it and has the cutting edge tools in their toolbox to mitigate risk, anticipate vulnerabilities, configure automation, and act immediately and effectively when a breach has occurred. That way, you can “outsource smaller tasks and minutiae to a third party of experts on this particular topics while keeping control of what matters most to your business operation,” says Damian. This specialized team can better field, screen, and identify false positives that may overwhelm or confuse an internal team not familiar with differentiating characteristics in false positives and actual threats.

IaaS + SaaS = PaaS

End Takeaway: If done right, the true value of a PaaS is that it is the sum of IaaS and SaaS for the best possible balance of internal management and external outsourcing.

PaaS is about building a solution stack that customers can leverage. You build your solution stack over what your infrastructure, SIMs, and networks are. It’s a not a wrong answer or right answer - you want to build your IT stack to be able to support your business, and your business is unique!

              -Damian Ehrlicher, Protected IT Chairman and CEO

Platform as a Service gives you everything available for SaaS and IaaS while walking the fine line of balance of control - that is why it is highly needed in the dynamic cyber market of today.

ProtectedIT looks forward to sharing more on the efficiencies and value-add of PaaS, for more information contract us here.