Share on social networks!

Five types of cloud computing that every technology lawyer should know

In it previous article We explained the concept of cloud computing and explained the main reasons that lead companies to opt for this work model. Today we will talk about the five modalities cloud more common.

On-premise: local data center

The software is managed with its own hardware infrastructure. For cloud computing, the company manages and maintains all the components of the applications it uses: data, runtime, middleware, operating system, virtualization, servers, storage, networks. It would be the equivalent of “I stew it and I eat it”.

Cloud Computing Hardware Servers

This model requires you to buy the machines and deploy the necessary infrastructure, that is, to carry out a capital investment (CAPEX) appropriate to the estimates of computing resources that the company will need to achieve its business objectives. The lack of agility in scaling this model makes it advisable to oversize the computing and storage capacity of the data center, with the disadvantage of incurring untapped investments.

  • IaaS: infrastructure as a service

This model is much more agile and scalable than the previous one. The term IaaS comes from the English expression Infrastructure as a Service and refers to the cloud computing service that offers essential processing, storage and networking resources at the customer's request. Usually under a pay-as-you-go license.

It allows the company to arrange the servers and infrastructure that it needs to use for its business objectives, being able to scale or reduce resources both vertically (improving them) and horizontally (adding more). The main advantages are the agility in assembling and disassembling the system and the possibility of avoiding extra costs.

With cloud computing, the company directly manages and maintains: applications, data, runtime, middleware and operating system.

  • PaaS: platform as a service

In PaaS or Platform as a Service The provider makes available to the client a platform that has all the necessary resources to develop, implement and consume all types of solutions. These resources are installed on the provider's infrastructure (servers, storage and networks).

In addition to the infrastructure, the provider includes in its offer all the middleware necessary for the development and use of applications by the client (development tools, database management, and business intelligence tools).

In this modality, the company can develop solutions with the resources made available to it, paying only for those it has used.

  • SaaS: software as a service

The SaaS model or Software as a Service It is the one that delegates the least workload to the client. Under this term we refer to the acquisition of a license to use an application ready to use over the Internet.

The provider is responsible for maintaining and patching the application and all the infrastructure necessary for its correct functioning. The client company does not manage or maintain any of the software components it consumes.

  • FaaS: functions as a service

Another modality, much less common, but tremendously useful for development teams is FaaS or Function as a Service either serverless functions (serverless functions). In this operation, the provider cloud automatically provisions, scales, and manages the infrastructure necessary for the client to run code. This modality only serves to execute computing functions, however, for storage it will be necessary to contract a separate storage service.

FaaS is intended to execute processing functions that run from time to time, but without a specific guideline for when they are executed or how much system resources they require. The main advantage is that in this modality the company only pays for the provider's resources during the time in which the function is being executed. 

Capabilities as a service

The four previous modalities (IaaS, PaaS, SaaS and FaaS) have in common the provision of a capacity as a service, isolating the end user to a greater or lesser extent from infrastructure and configuration management, security and component maintenance. .

Cloud Computing Security Protection Lawyers

The main risk: Supplier intervention

Faced with the advantages of outsourcing capabilities as a service, cloud computing for companies must face the risks inherent to such outsourcing, such as not knowing the precise location of their data and the lack of direct control over it.

These risks have relevant legal implications, especially when the information processed by cloud service providers contains personal data, subject to compliance with the principles and obligations of Regulation (EU) 2016/679, of April 27, 2016, General Data Protection.

In the next blog articles we will delve into the legal aspects of cloud computing environments. But if you are interested in learning more, we invite you to read the Guide for clients who contract cloud computing services from the AEPD.

Do you want to learn more about cloud computing? Don't miss our Master in Compliance and Data Protection, where you will find a place among the best companies in the sector.

Lawyer specialized in IT/IP at Grupo SIA

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment