The primary cloud-based service models come in three types: SaaS (Software as a Service), IaaS

(Infrastructure as a Service) and PaaS (Platform as a Service). Each of these has their own set of benefits
that could serve the needs of various businesses.

SaaS or Software as a Service model gives quick access to cloud-based web applications. The SaaS
provider controls the entire computing stack, which can be accessed using a web browser. SaaS does not
require any installations or downloads in the existing computing infrastructure. This eliminates the need
for installing applications on each of computer devices with the maintenance and support taken over by
the vendor. Some known example of SaaS includes Google G Suite, Microsoft Office 365, Dropbox etc.

IaaS or Infrastructure as a Service provides a virtual provision of computing resources over the cloud. An
IaaS cloud provider controls the entire range of computing infrastructures such as storage, servers,
networking hardware alongside maintenance and support. Businesses can opt for computing resources
of their requirement without the need to install hardware on their premises. Amazon Web Services,
Microsoft Azure, and Google Compute Engine are some of the leading IaaS cloud service providers.

Platform as a Service or PaaS is essentially a cloud base where vendor can develop, test and organize the
different applications for the business solutions. Implementing PaaS simplifies the process of enterprise
software development. The virtual runtime environment provided by PaaS gives a favorable space for
developing and testing applications.

For service level agreement with vendor, areas of coverage should also include performance, security,
privacy, location, portability and accessibility of the data. I have selected IaaS, as it needs system
infrastructure details and security standards to be managed by the service provider.

To protect your assets from a legal perspective, the SLA should include measurable metrics:

• Service volume
• Service quality
• Peak and average loads of work
• The volume of demand at different times of day
• Scalability and performance
• Audit logs for each operation

When cloud service solution is needed on the premises, there are risks associated with it which
needs to be analyzed before selecting the service provider. The risks include the storing sensitive
business information with a third-party provider. Also, need to consider any legal and regulatory
requirements that the business may be required. User credentials and data should be protected.

I wouldn’t farm out above security examples because

• Securing user data or sensitive information is business responsibility and make trust with
the clients
• Company have no right to disclose user information without specific authorization from the
customer, except as provided for by applicable laws, regulations, and contractual obligations