Scroll Top

Cloud Computing and Security and Privacy

– By The Trigent Team


In a recent edition of The New York Times, an article was published with the title of Lost in the Cloud which was primarily about the “real dangers” of cloud computing and the lack of security and privacy. Although the article has some merit relative to the lack of maturity of security and cloud computing broadly, it did not set the context of cloud computing and how to incorporate appropriate security and mitigate against the lack of generic security of cloud computing.

There are three distinct cloud service delivery models: 1. Software-as-a-Service (SaaS), 2. Platform-as-a Service (PaaS) and 3. Infrastructure-as-a-Service (IaaS). These three models are distinct, at different stages
in their maturity lifecycle and have different security ramifications. For example, SaaS is the oldest, most
mature, secure and stable model and has been around since 1999. is the founder of and
leader of the SaaS model. PaaS is the next most mature and stable delivery model. One of the “pure play”
PaaS providers is OpSource which has been in business since 2002. Many of the PaaS provides such as
Rackspace have been around for quite some time and were previously known as ASPs or MSPs. The IaaS
delivery model is much more recent and major entrants include Amazon, Microsoft, IBM and Google.
Amazon is the most established cloud entrant, however, their Elastic Compute Cloud (EC2) service has only
been generally available in the market since 2008.

There are also four cloud service deployment and consumption modes which include: 1. Public,2. Managed, 3. Private and 4.Hybrid (i.e., a combination of public and private deployments). The four cloud service deployment and consumption modes should also be considered relative to assessing the “real dangers” of cloud computing and security and mitigation methods
It is important to understand the advantages, disadvantages, maturity levels and risks of the different cloud service delivery and deployment models in order to leverage best practice solutions for companies and to ensure a stable computing environment with appropriate security. For example, for our clients in general and one of our specific clients, SentryBlue, Trigent and SentryBlue have developed the first comprehensive Critical Incident Management (CIM) SaaS-based solution and deployed it on Northstar Technology Group’s public, PaaS platform. SentryBlue adopted best practices of developing a SaaS solution in order to manage customer ease of uses, responsiveness and support, as well as to achieve speed to market, software quality and cost effectiveness. SentryBlue also adopted best practices by running its SaaS solution on a proven, stable and secure third-party PaaS platform (Northstar) and leveraging an independent offshore software development and support partner (Trigent).
Representative security considerations, best practices and layers for the SentryBlue solution are broken down, focused and implemented as follows:

SentryBlue SaaS Service

Northstar PaaS Service

Northstar Facility and Monitoring

Regulatory and Compliance


Segments of cloud computing (i.e., SaaS, PaaS and the physical facility) are being secured and protected today. Moreover, the security best practices are typically superior than those provided by most small and mid-size organizations because of their limited technical resources and budget constraints. The cost, return and extensiveness of the aforementioned security best practices are spread across multiple customers and would be a challenge to be afforded or deployed by an individual small and mid-size organization on a stand-alone basis