Platform-as-a-service (PaaS) is a type of cloud computing offering in which a service provider delivers a platform to clients, enabling them to develop, run, and manage business applications without the need to build and maintain the infrastructure such software development processes typically require.
As with other cloud services such as infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS), PaaS is offered via a cloud service provider's hosted infrastructure. Users typically access PaaS offerings via a web browser.
PaaS can be delivered through public, private, or hybrid clouds. With a public cloud PaaS, the customer controls software deployment while the cloud provider delivers all the major IT components needed to host the applications, including servers, storage systems, networks, operating systems, and databases.
With a private cloud offering, PaaS is delivered as software or an appliance within a customer's firewall, typically in its on-premises datacenter. Hybrid cloud PaaS offers a mix of the two types of cloud service.
Rather than replace an organization's entire IT infrastructure for software development, PaaS provides key services such as application hosting or Java development. Some PaaS offerings include application design, development, testing, and deployment. PaaS services can also include web service integration, development team collaboration, database integration, and information security.
As with other types of cloud services, customers pay for PaaS on a per-use basis, with some providers charging a flat monthly fee for access to the platform and applications hosted on the platform.
PaaS's business benefits and drivers
One of the biggest advantages of PaaS is that enterprises can gain an environment in which to create and deploy new applications without the need to spend time and money building and maintaining an infrastructure that includes servers and databases.
This can lead to faster development and delivery of applications, a huge plus for businesses looking to gain a competitive edge or that need to get products to market quickly.
PaaS also lets them test the use of new languages, operating systems, databases, and other development technologies quickly, because they do not have to stand up the supporting infrastructure for them. PaaS also makes it easier and faster to upgrade their tools.
And the use of PaaS forces enterprise software developers to use cloud techniques in their applications, helping then adopt modern principles and take better advantage of cloud infrastructure (IaaS) platforms.
Because organizations using PaaS can manage their applications and data, loss of control is not a major issue as it often is when using cloud infrastructure or applications.
Typical applications for PaaS
Providing a hosted environment for application development and testing is one of the most common uses for PaaS. But it is hardly the only reason why enterprises use PaaS.
Research firm Gartner cites a variety of use cases for PaaS, including:
- API development and management. Companies can use PaaS to develop, run, manage, and secure application programming interfaces and microservices. This includes the creation of new APIs and new interfaces for existing APIs, as well as end-to-end API management.
- Business analytics/intelligence. Tools provided via PaaS let enterprises analyze their data to find business insights and patterns of behavior so they can make better decisions and more accurately predict future events such as market demand for products,
- Business process management (BPM). Organizations can use PaaS to access a BPM platform delivered as a service as with other cloud offerings. BPM suites integrate IT components needed for process management, including data, business rules, and service-level agreements.
- Communications. PaaS can also serve as a delivery mechanisms for communications platforms. This allows developers to add communications features such as voice, video, and messaging to applications.
- Databases. A PaaS provider can deliver services such as setting up and maintaining an organization's database. Research firm Forrester Research defines database PaaS as "an on-demand, secure, and scalable self-service database platform that automates provisioning and administration of databases and can be used by developers and non-technical personnel."
- Internet of things. IoT is expected to be a big part of PaaS usage in the coming years, supporting the wide range of application environments and programming languages and tools that various IoT deployments will use.
- Master data management (MDM). This covers the processes, governance, policies, standards, and tools that manage the critical business data an enterprise owns, providing a single point of reference for data. Such data might include reference data such as information about customer transactions, and analytical data to support decision making.
PaaS technologies and providers
PaaS includes multiple underlying cloud infrastructure components, including servers, networking equipment, operating systems, storage, middleware, and databases. All of these are owned and operated by the service provider.
PaaS also includes resources such as development tools, programming languages, libraries, database management systems. and other tools from the provider.
Among the leading PaaS vendors are Amazon Web Services, Microsoft, Google, IBM, Salesforce.com, Red Hat, Mendix, and Heroku. Most widely used languages, libraries, containers, and related tools are available on all the major PaaS providers' clouds.
It's no accident that several of these are also leading providers of software development tools. Gartner estimates there are about 200 PaaS providers today.
Given that PaaS is a cloud-based service, it comes with many of the same inherent risks that other cloud offerings have, such as information security threats. PaaS is based on the concept of using shared resources such as networks and servers, so the security risks include placing critical data into this environment and having they data stolen due to unauthorized access or attacks by hackers or other bad actors.
On the other hand, the major cloud providers have been more effective at warding off such breaches than the typical enterprise datacenter, so the information security risk has not proven to be what many in IT initially feared.
With PaaS, enterprises are beholden to service providers building appropriate access controls and other security provisions and policies into their infrastructures and operations. Enterprises are also responsible for providing their own security protections for their applications.
Also, because organizations are relying on a particular service provider's infrastructure and software, there is a potential problem of vendor lockin with PaaS environments. A legitimate question for IT to ask is will the PaaS it chooses interoperate with its current and future IaaS and SaaS deployments?
Another risk with PaaS is when the service provider's infrastructure experiences downtime for whatever reason, and the impact that might have on services. Also, what if the provider makes changes in its development strategy, programming languages, or in other areas?
Don't expect these possible hurdles to keep you from taking the plunge into PaaS. It provides more flexibility precisely because the vendor handles the platforms while you handle the programming.