For many of the same reasons that Software-as-a-Service is catching on with enterprise buyers, delivering web services on top of Infrastructure-as-a-Service architectures is appealing to the SaaS developers. Operational agility, lower CapEx, and a broad array of tools and services are on tap that make both public and private IaaS clouds a great platform to build on. But how do you do this securely, especially in the public cloud where you have no access to the network or hypervisor your servers are running in?
Furthermore, for many SaaS providers, the person charged with security considerations isn’t a CSO or IT specialist, but rather, a “DevOps” guru – someone with their hands in both development and operations. While the traditional security professional is focused on compliance and security rules, this new crop is more concerned with continuous development and high availability.