On the other hand, the major cloud providers have been more effective at warding off such breaches than the typical enterprise datacenter, so the information security risk has not proven to be what many in IT initially feared.
With PaaS, enterprises are beholden to service providers building appropriate access controls and other security provisions and policies into their infrastructures and operations. Enterprises are also responsible for providing their own security protections for their applications.
Also, because organizations are relying on a particular service provider's infrastructure and software, there is a potential problem of vendor lockin with PaaS environments. A legitimate question for IT to ask is will the PaaS it chooses interoperate with its current and future IaaS and SaaS deployments?
Another risk with PaaS is when the service provider’s infrastructure experiences downtime for whatever reason, and the impact that might have on services. Also, what if the provider makes changes in its development strategy, programming languages, or in other areas?
Don’t expect these possible hurdles to keep you from taking the plunge into PaaS. It provides more flexibility precisely because the vendor handles the platforms while you handle the programming.
Sign up for CIO Asia eNewsletters.