Infrastructure as a Service – Global Providers
The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment. This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.
The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment. This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence.
IaaS provides a form of IT hosting service which requires no up-front capital expenditure. IaaS provides basic computing resources that the customer can use over a network to run software and to store data. There are two distinct uses of IaaS services. In the first - organizations, start-ups especially, use the cloud for agile development without the need to acquire hardware. In the second – it allows a customer to transfer all or part of some existing workloads to the cloud; and this to the so called “Hybrid Cloud” where both cloud and on-premise services are in use. Each of this use cases have differing priorities of needs.
This leadership compass focusses on those IaaS services that cover both needs and that are delivered on a global scale. In this context, global scale means that the service is provided from and is available in multiple geopolitical regions. It has a specific focus on security and compliance aspects from a European perspective.
1.1 Market Segment
The market segments for IaaS services are defined by the scale of operation and the richness of the service provided. There are several well-known global IaaS service providers. In the past, these global providers have been mostly based in the USA. However, there are now new entrants in this field based in other parts of the world. The services provided by the global CSPs are now being complemented by CSPs that provide more specialized offerings. These may be based on geographic locality, regulatory compliance or the level of professional services and service management that are included.
This leadership compass focusses on those IaaS services that cover both needs described above and that are delivered on a global scale. In this context, global scale means that the service is provided from and is available in multiple geopolitical regions including the EU/EEA.
Infrastructure as a Service (IaaS) provides basic computing resources that the customer can use to run software (both operating systems and applications) and to store data. IaaS allows the customer to transfer an existing workload to the Cloud with minimal if any change needed. The customer does not manage or control the underlying Cloud infrastructure but remains responsible for managing the OS and applications.
Increasingly IaaS providers offer extensions beyond this basic functionality to support the development of new applications (DevOps) and to facilitate migrating existing workloads into their cloud service. To facilitate this service offerings may include pre-packaged middleware, databases and development tools.
The responsibility for security and compliance in the use of cloud services is shared between the customer and the cloud service provider (CSP). The customer does not manage or control the underlying cloud infrastructure but is responsible for managing the OS and applications. The customer also remains responsible for compliance with laws and regulations governing the processing of data. The CSP is responsible for the management, security and compliance of the infrastructure providing the service.
1.2 Required Capabilities
The core features and functionalities that we are looking for include but are not limited to:
- Basic service functionality – the basic IaaS services provided such as compute, storage, deployment models etc.
- Hybrid cloud support - functionality provided for organizations to migrate and run all or part of existing workloads in the cloud service while integrating with on-premise IT services.
- Support for DevOps - support the development of new application functionality together with rapid transition of these into operational use.
- Availability - how the service ensures the continuity of the customers service. This includes the resilience of the service infrastructure plus the capabilities provided for the customer to maintain their service in the face of point failures.
- Compliance – how the service enables organizations using it to comply with laws and regulations.
- Data protection – how access to the service and the applications and data it contains are controlled through features such as identity and access management and encryption.
- Cyber-security - how the service is protected against cyber-security risks and the help provided to its customers to protect against these risks when using the service.
- Consulting services – to support customers in their migration to and use of the service.
1.2.1 Basic Service Functionality
Here we consider the basic functionality provided by the Cloud Service. This must include compute and storage and support for Public / Private / Hybrid delivery models. We also look at the range of OS types for which there are predefined images and middleware and application stacks with out-of-the-box support (e.g. Databases and Web). Also considered is the support provided for high performance features such as bare-metal servers, GPU and parallel processors such as Hadoop.
1.2.2 Enterprise and Hybrid Workload Support
Here we consider the functionality provided for organizations to migrate and run enterprise workloads in the cloud service. This includes the availability of consulting services to advise and assist with the migration of existing workloads and flexibility in service contract to support specific customer needs. Technical measures we look for include support for customer specific technical requirements such as IP address ranges and secured connections between the enterprise and the cloud. Also considered is the ability to specify that specific workloads can be physical co-located or separated from those of other tenants. To assist in migration, we also look for support for workloads based on hypervisors widely used on premise such as VMWare. We also look for support for rapid “cloud bursting” from on-premise equipment based on demand and hot and cold standby functionality.
1.2.3 Support for DevOps
Here we consider the functionality provided by the cloud service to support the development of new application functionality together with rapid transition to operational use. This includes the range of development tools and methodologies supported by predefined library of ready to use functionality. For example: Java™ code, Spring, Ruby, Node.js, and custom frameworks. The range of predefined application components available in a ready to use form. For example: MySQL, MongoDB, PostgreSQL, Redis, RabbitMQ, and custom services. Support for containerization (e.g. Docker) and functionality to deploy, monitor, manage and roll back workloads. Also considered is the provision of tools to support the development of secure applications including code scanning, dynamic testing as well as web application firewalls.
1.2.4 Cloud Service Availability
Loss of access to the service or data can occur for a variety of reasons some of which are technical and some due to other causes such as takeover or financial failure of the CSP. This area covers the extent to which the availability of the IaaS is assured and the options for the customer. Factors considered include the SLA offered by the CSP and how well the historical level of service delivered in practice matches the SLA together with the measures taken by the CSP to ensure service resilience of the service to the range of natural disasters and failures.
Also considered are the options offered to the customer to maintain their service in the face of point failures by in the service or in their applications. These include backup and recovery functionality offered and for hot and cold standby functionality. Finally, we consider the non-technical risks to the service availability including the financial strength of the CSP and the extent to which the CSP is dependent on third parties to deliver the service.
In this area, we consider how the service enables organizations using it to comply with laws and regulations. Specifically, we are looking at the kinds of functionality provided by the service to support compliance and the independent certifications and attestations provided. Also considered are apects around privacy and other legal issues such as the guarantees around the geographic location and processing of customers’ data and the policies regarding disclosure to customers of legal access requests to their data as well as disclosure to customers of suspected and actual data breaches.
1.2.6 Data Protection
This area covers how access to the service and the applications and data it contains are controlled through features such as identity and access management and encryption. Specifically, we consider the Identity and Access controls for the customer’s service administrators and for the customer’s service users. We expect to see support for standards such as SAML, XACML, OAuth etc., as well as integration with directory services such as Microsoft Active Directory. Finally, we consider what support is provided for encryption of the customer’s data held in the cloud service and how the keys to encrypt the data are managed.
1.2.7 Cyber Security
This area covers how the service is protected against cyber-security risks and the help provided to its customers to protect against these risks when using the service. Specifically, we are looking for a clear definition of how responsibility for cyber-security is shared between the CSP and the customer and the cyber-security controls that are designed and implemented in the service infrastructure. We consider the physical security aspects including controls over access by CSP employees to the infrastructure and to customer data held in the service. We look at the network defences provided against external threats and the service controls that ensure separation between customers workloads and data, how the service is monitored to detect and respond to incidents. Finally, we consider the tools integrated with the service for the customer to meet their responsibilities for security such as vulnerability scanners, firewalls, intrusion detection, SIEM integration.
1.2.8 Consulting Services
This area covers the availability of consulting services provided to support customers in their migration to and use of the cloud service. We look at the range of consulting services are provided directly by the CSP as well as those provided by partners.