Excursus on Deployment and Service Models
Knowing the Service and Deployment Models is important to achieve an appropriate level of IT security and compliance:
- The Deployment Model defines for whom and how the cloud service it provided. Why does this matter for IT security and compliance? E.g., the location of data storage and processing may result in compliance issues. The way the cloud service is constructed and how users are connected to the actual cloud service may require different ways of integrating the cloud service into the user’s business environment. Inappropriate solutions may result in security vulnerabilities.
- The Service Model defines which party is responsible for what component and IT service management activity. If the exact assignment of responsibilities is not known and explicitly agreed upon, none of the parties may feel responsible for a certain activity leading to a gap. Overlapping responsibilities which are not detailed in terms of interfaces und interaction of the parties may lead to frictions, loss of time, or contradictions or even conflicts.
But there is more. This chapter provides on overview and some detail on Deployment and Service Models. The latter is extended since the limitation to IaaS, PaaS and SaaS is not sufficient. The description below will also show that the Service Model may affect the construction of the cloud.