Platform as a Service
Over the internet, access providers’ operating systems and applications using Platform as a Service (PaaS).
Definition — PaaS
Government organisations can develop their own applications using the provider’s:
- operating systems
- development tools
- application services — for example, web servers or database platforms.
PaaS allows government organisations to deploy and run their own applications, which need to be developed using programming languages the service provider supports.
Marketplace contracts available for PaaS
Shared responsibility for security in PaaS
In PaaS, government organisations and service providers share responsibility for security. Each is responsible for managing different areas of PaaS.
Government organisations are responsible for the security controls for the:
- development and testing.
Service providers are responsible for the implementation, management and maintenance of the security controls for the:
- data centre
- virtualisation hypervisor
- operating system
- development tools and libraries.
A hypervisor is a specialised operating system that allows server hardware to run multiple guest operating systems at the same time.
Ownership of the information’s risk
Government organisations always own the risk of their information in a public cloud service, even though the management of certain security responsibilities are shared.
How to manage security ownership
Find out how government organisations handle their security ownership — making sure that risks are within their risk tolerance.
New Zealand’s National Cyber Security Centre (NCSC) lists and explains how each service model operates and the differing levels of responsibility for managing security.