Infrastructure as a Service (IaaS)
What is Infrastructure as a Service (IaaS)?
Infrastructure as a Service (IaaS)A cloud service model in which the provider delivers virtualized compute, storage, and networking, while the customer manages the OS, middleware, and applications on top.
IaaS — exemplified by AWS EC2, Azure Virtual Machines, and Google Compute Engine — gives organizations elastic infrastructure billed per use, without owning physical hardware. From a security standpoint, the provider is responsible for the data centre, hypervisor, and storage hardware, while the customer secures everything above the hypervisor: guest OS patching, IAM, network ACLs and security groups, encryption, logging, and application security. Common IaaS-era risks include exposed management ports, missing OS patches, over-permissive VPC routes, public storage volumes, and stale credentials. Hardening usually leverages provider-native services (KMS, IAM, GuardDuty, Defender for Cloud) plus third-party CSPM/CWPP.
● Examples
- 01
An EC2 instance running an outdated Linux kernel with port 22 open to 0.0.0.0/0.
- 02
Azure Bastion replacing public RDP access to virtual machines.
● Frequently asked questions
What is Infrastructure as a Service (IaaS)?
A cloud service model in which the provider delivers virtualized compute, storage, and networking, while the customer manages the OS, middleware, and applications on top. It belongs to the Cloud Security category of cybersecurity.
What does Infrastructure as a Service (IaaS) mean?
A cloud service model in which the provider delivers virtualized compute, storage, and networking, while the customer manages the OS, middleware, and applications on top.
How do you defend against Infrastructure as a Service (IaaS)?
Defences for Infrastructure as a Service (IaaS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Infrastructure as a Service (IaaS)?
Common alternative names include: Infrastructure cloud.