Platform as a Service (PaaS)
What is Platform as a Service (PaaS)?
Platform as a Service (PaaS)A cloud model in which the provider manages the runtime, middleware, OS, and infrastructure while the customer focuses on application code and data.
PaaS offerings such as Azure App Service, AWS Elastic Beanstalk, Google Cloud Run, and Heroku abstract away servers and let teams deploy applications directly. The provider patches the underlying stack, but the customer remains responsible for application security, data handling, IAM and key management, and the security of integrations and CI/CD pipelines. Typical PaaS risks include vulnerable application dependencies, leaked secrets in environment variables, weak authentication on managed databases, overly permissive networking rules, and misconfigured platform features (e.g., public app endpoints, debug consoles enabled in production).
● Examples
- 01
An Azure App Service exposing a debugging endpoint that leaks environment variables.
- 02
Heroku Postgres instance publicly accessible with weak authentication.
● Frequently asked questions
What is Platform as a Service (PaaS)?
A cloud model in which the provider manages the runtime, middleware, OS, and infrastructure while the customer focuses on application code and data. It belongs to the Cloud Security category of cybersecurity.
What does Platform as a Service (PaaS) mean?
A cloud model in which the provider manages the runtime, middleware, OS, and infrastructure while the customer focuses on application code and data.
How do you defend against Platform as a Service (PaaS)?
Defences for Platform as a Service (PaaS) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Platform as a Service (PaaS)?
Common alternative names include: Cloud platform service.