PaaS includes services such as Force.com for development and runtime of cloud-based applications. Regardless of how an application is developed, the runtime security is much the same once it is deployed in the cloud. So in terms of network, application and data security, PaaS is very similar to IaaS.
On the other hand, PaaS is unique in that integration of security, data, process or management functionality requires infrastructure services that connect PaaS applications to on-premise systems. For example, applications developed in the cloud should not have their own identity silos in the cloud. Instead, they should be able to access identity, policy and entitlement data from on-premise identity management systems. (In other words, developers need an account service in the PaaS that can provide identity data from the corporate directory.)
Leading PaaS providers offer a library of standard infrastructure services, but the back-end integrations that connect these services to on-premise systems remain the responsibility of the enterprise. To securely integrate on-premise infrastructure services with PaaS, you will need to:
- Create cloud-ready REST-style APIs out of existing SOAP-based web services (or JavaAPI, JMS, MQ, PL/SQL or other legacy interfaces). Use technology like an API gateway to create, manage, deliver and secure these APIs so they can be safely exposed to the PaaS.
- Deploy an API gateway as a broker at the edge of the PaaS cloud to mediate the security and protocol requirements from on-premise API sources.
Learn more here.