IaaS, PaaS, SaaS: The Good, the Bad and the Ugly

IaaS, PaaS, SaaS: The Good, the Bad and the Ugly

Published on: Category: Oracle

A while ago I was asked to contribute my insights on the differences between IaaS, PaaS and SaaS for an article on the Stratoscale website*. The article contains the insights on the cloud from 32 different IT experts. Different experts with different backgrounds, using cloud products from various vendors. Reading this article provides a diverse overview on the current state of cloud products.

So how do these experts think about these cloud models? Guided by the main theme, “the good, the bad and the ugly on IaaS, PaaS and SaaS”, we discuss the different cloud models. What is good, what is bad, and how it can go terribly wrong? In this blog I will try to summarize and discuss these insights. We start with a brief cloud introduction, discuss the ‘good, bad and ugly’, and finally draw up our conclusion.

Cloud in a Nutshell

“The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.”

So basically, it is just someone else’s computer hosting and maintaining software.

Having companies host software for customers can be considered a service. But what makes it a true ‘Cloud Service’? There are many definitions to find online defining the true meaning of cloud. Some general properties are:

  • Self-service provisioning
  • Elasticity
  • Pay per use
  • Resource pooling [3]

Providing a software service online which implements these properties/features, can thus be labeled a 'cloud service'.  If one wants to determine the maturity of a cloud solution, one could measure these properties as criteria. How quick can we provision, how fast are services scaled up and down? Do we really pay less immediately when a service is scaled down? Is this happening automatically, based on usage?

Cloud flavors

Apart from the discussion about public, private or hybrid cloud, cloud services seem to be subdivided into flavors such as Infrastructure, Platform, and Software as a Service.

These cloud flavors are basically defined based on the software stack depth provided (see figure 1). From a user perspective each cloud flavor offers software services for different user types (see figure 2).

Figure 1: What does each cloud model offer? The deeper the provided stack, the more control you lose as a customer [1]
Figure 2: Where IaaS offers servers and VMs for an internal IT department, PaaS will offer your development staff some tools to work with. Finally SaaS is intended for end-users [2].

No matter how we subdivide cloud services, in a sense it’s all SaaS.

“IaaS is basically someone with a big server using software like VMware or Hyper-V to split up the server’s resources into software-based virtual servers. PaaS is basically someone with a big server using software like Azure to create software-based development environments. On these environments, people can write their own software – maybe even another SaaS solution – and present it to the world. SaaS is once more a big server using software so someone can have a virtual and shared service (for example, a CRM, accounts packages, and so on) so they do not need their own.” [4]

Having set some basic understanding of cloud, we now move on to ‘the good, bad, and ugly’ on the different cloud models.

The Good

The cloud lowers barriers for companies to quickly use any software. More specifically it enables companies to:

  • Focus more on their core business, instead of IT
  • Reduce cost on own infrastructure
  • Scale up infrastructure quickly using IaaS
  • Quickly try out and implement new technology platforms or applications, without a large IT infrastructure project overhead

Cloud especially works well for startups, who used to invest 1/5th in building infrastructure (CAPEX). Currently new startups use cloud solutions instead of building their own infrastructure. Cloud reduces the need for in initial large investment in IT infrastructure, and thus lowers the barriers for startups.

Small and midsize companies might normally not be able to implement large ERP applications on their own. For these companies, SaaS can provide a way to use these more advanced business applications. But also companies with a large existing IT infrastructures can benefit from cloud. Economies of scale are in favor of the cloud. Sharing resources with many other customer provides cost benefits compared to an on premise solution. Not just sharing compute resources, but also backup power supplies, cooling, cleaning and all other facilities needed in a datacenter.

Apart from costs savings from economies of scale, remember PaaS and SaaS solutions have to be maintained as well. Think of patching, upgrading, purging and configuring a platform or application. Instead of doing it yourself, this is all being performed by experts employed at the cloud provider. The need for having this expert knowledge in-house for each platform or application disappears when using cloud [4].

The Bad

So what can go wrong in the cloud? What do the experts say? Below we’ve summarized and categorized some of the potential issues.

“In some contexts, the present legislation does not allow external storage of data – that is, on the service providers’ servers, which could be anywhere in the world.” [4]

Especially for sensitive data, legislation can restrict the use of cloud solutions. Depending on whether the cloud provider has a local datacenter and can ensure the data stays within the country,  legal agreements can be drawn up to overcome these issues.

If your cloud provider goes down, your services will halt. To what degree is this acceptable for your business? What has been agreed on backup and recovery? In case some bug comes up, what action will be taken, and how quickly? Do we have a SLA?

When you depend on a cloud provider for operating some of your business applications, SLA and the quality of their support organization becomes more important than ever.

When choosing a cloud provider, what do we know? Is their infrastructure up to par with our own on premise datacenter? What type of datacenter are they using? Do they use redundant power supplies, multiple zones, backups, low latency, data protection, fast servers etc.? Rather not have your VM running in some student’s garage.

Vendor Lock In vs Mobility
Once you’re in one cloud, how to move to another one? How to get back on premise? Using a particular product from a vendor nearly always implies some sort of vendor lock in. Using a cloud product can be even more risky. A good cloud solution must provide mobility. The ability to import/export data. The ability to easily go back on premise, or to another cloud provider.

Although risk on vendor lock in is higher for PaaS and SaaS solutions. It can also be found in IaaS tools from Amazon, Azure or Google which help in monitoring and administrating your cloud instances. Once companies start using these tools to monitor and provision their cloud instances, it becomes harder to move back out.

"The key to avoiding this pitfall is to ensure 100% software defined, version-controlled, auditable, and reproducible infrastructure, whether it is on AWS, Google Cloud, OpenStack or Stratoscale." [4]

Management & Control
Line of Business (LOB) managers can buy cloud services without IT knowing. This is called shadow IT. Because a LOB might not be fully IT minded, it might fail in configuring security properly. Potentially putting sensitive company data at risk. Uncoordinated purchasing of cloud applications can also create chaos in organizations.

With SaaS, companies lose some control on the application life cycle and configuration. Patching and upgrades are performed by the cloud provider.

How to manage an entire fleet of virtual machines? Managing an IaaS cloud provides new challenges as well.

Various other concerns

  • IaaS/PaaS: runaway process hogging resources, incurring high cloud costs (pay per use)
  • Issues with IaaS: Some areas are opaque. Like network performance
  • Use of many SaaS applications can cause data silos
  • Cloud does not always work for some use cases. Take for instance an Office365 PowerPoint presentation of 20+ MB. Modifying this online can be hellish
  • SaaS and on premise integration is hard
  • SaaS solutions are harder to customize. A huge gap for customers used to ERP customizations

The Ugly

Cloud provider outage is bad, especially when hosting business critical applications and platforms. In SaaS business users are impacted immediately, potentially crippling the organization. Things turn really bad if these outages are very frequent or lengthy. It gets even worse when a cloud provider stops offering a particular service, or one goes bankrupt altogether!

"There are a few examples of -as-a-Service going horribly wrong. These include service providers shutting down their operations, like cloud storage companies such as Nirvanix and Cyphertite, and even Cisco’s Intercloud and HP’s Helion Public Cloud." [4]

The most recent example, Cisco’s Intercloud was announced end of 2016 to go offline end of May 2017. Because Intercloud was only operational for just 2 years, the impact on the entire market might not have been huge. Existing customers were offered a way to migrate their solution elsewhere and presumably received some financial compensation as well [4, 5].

Another thing that can turn ugly is when a cloud provider just screws up. Think of data breaches or  accidentally cleaning up your data.

“A good example of this is 123reg, whose customers’ virtual servers vanished after the hosting firm ran a script containing a catastrophic error as part of its clean-up process on the 123-reg VPS platform. More recently, GitHub deleted the wrong directory and then failed to restore data from backups. And last August, it was revealed that a data breach at Sage had exposed the details of 280 UK companies, although it’s not clear whether the information was just viewed or stolen.” [4]


When combining the views of all these different experts I noticed a lot of emphasis on the bad and the ugly. Does that imply using the cloud is full of risk? Are the few benefits worth all of this? Or is it just our nature to focus on what can be done better?

Maybe some of ‘the bad’ mentioned by the experts are not really cloud related?

  • “SaaS and on premise integration is hard”:
    Integration is always hard, why would SaaS make this any harder?
  • “Use of many SaaS applications can cause data silos”:
    The use of many on premise applications will give you exactly the same issues.

I agree, with SaaS it becomes easier to start using new applications. So cloud just enables us to make a mess of it more easily.

Also cloud specific concerns about vendor lock-in are in my opinion exaggerated. Whenever you choose for a particular application or platform, you are locked in. Changing ERP applications or migrating to another platform is always hard. Whether you’re working on premise or in the cloud. So don’t be tricked by arguments stating that this is much worse in the cloud.

I do agree on the issue when it comes to cloud providers limiting your ability to export data. Being able to migrate should be a top consideration when one considers cloud.

Making your cloud pick

Based on the concerns from the other experts we can draw up a list on what to look out for in the cloud.

  1. Portability: Ability to move back on premise, or to another cloud provider. For Salesforce this would imply the ability to host your Salesforce solution on premise, or AWS as well.
  2. Elasticity: Automatically scale up/down services. Instead of working with fixed size instances, the cloud should be allocating more virtual CPUs or memory when needed. Either that, or the cloud solution (PaaS, SaaS) should be engineered to be clustered in such a way that spawning additional instances will provide similar scalability.
  3. Reliability: Clustering and redundancy built in to provide near 100% uptime. If for instance a SaaS application is build cloud first properly, it should be able to withstand some nodes going down.
  4. Patching with 0% downtime: Especially for frequent and unexpected security or other minor updates. No more maintenance windows, in which your application won’t be available. The pre-patched version will stay operational, and seamless switch to an updated version.
  5. Ability to stay at older versions: Especially for SaaS we see issues with large updates being forced by cloud vendors. For customers it would be good to have a SaaS cloud supporting multiple versions simultaneously. Customers choose when to upgrade.  
  6. Clarity: Provide clarity for customers beforehand. For instance a clear SLA, or information about datacenter maturity.


*  www.stratoscale.com/iaas-paas-saas-the-good-bad-ugly   

 [1] IaaS, PaaS, SaaS – a pictorial representation

[2] True Cloud Story About: IaaS, PaaS & SaaS

[3] Cloud computing

[4] IaaS, PaaS, and SaaS: The Good, the Bad and the Ugly

[5] Cisco moves on from Intercloud, will focus on cloud management instead

Richard Velden
About the author Richard Velden

Oracle Fusion Middleware Developer at Qualogy. Specializes in integration and cloud development using Oracle technologies such as: SOA Suite, Service Bus, Integration and Process Cloud.

More posts by Richard Velden