Infrastructure as a Service
Run operating systems and applications by accessing, over the internet, providers’ computing resources using Infrastructure as a Service (IaaS).
Definition — IaaS
Government organisations can access, over the internet, the provider’s:
- hardware
- networking
- storage
- other infrastructure and computing resources.
IaaS allows government organisations to deploy and run their own operating systems and applications.
Government organisations can specify, depending on the contract, the amounts of processing, memory storage and networks needed.
Infrastructure as a Service (IaaS) — National Institute of Standards and Technology
Required All-of-Government agreement for IaaS
Government organisations must use the AoG agreement for IaaS.
Shared responsibility for security in IaaS
In IaaS, government organisations and service providers share responsibility for security. Each is responsible for managing different areas of IaaS.
Government organisations
Government organisations are responsible for the security controls for the:
- guest operating system
- application services
- data — including the applications they deploy in the IaaS and managing user permissions.
Service providers
Service providers are responsible for the implementation, management and maintenance of the security controls for the:
- data centre
- hardware
- virtualisation hypervisor.
A hypervisor is a specialised operating system that allows server hardware to run multiple guest operating systems at the same time.
Ownership of the information’s risk
Government organisations always own the risk of their information in a public cloud service, even though the management of certain security responsibilities are shared.
How to manage security ownership
Find out how government organisations handle their security ownership — making sure that risks are within their risk tolerance.
Security ownership in all service models
More information
New Zealand’s National Cyber Security Centre (NCSC) lists and explains how each service model operates and the differing levels of responsibility for managing security.
Cloud computing: shared responsibility security models — NCSC
Utility links and page information
Last updated