http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf
http://en.wikipedia.org/wiki/Cloud_computing
http://www.rackspace.com/knowledge_center/whitepaper/understanding-the-cloud-computing-stack-saas-paas-iaas
Categories of cloud computing
Cloud computing covers a broad range of services, with such a wide array of networks, servers, storage methods, and applications, that in order to understand how it works, and how it can be of value to an organization, it should be broken down into components, which can be studied and analyzed one at a time. Therefore, cloud services is commonly divided into three distinct categories, depending on the type of service provided: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
Comparison of the SaaS cloud model with IaaS and PaaS
This article discusses several aspects of the SaaS cloud model, and the key management strategies that are commonly used for the security protection of data and data transfer operations. The main difference between the cryptographic operations needed for the SaaS model, and the other models (PaaS and IaaS) is that the cloud consumer loses visibility and the control within the various layers of the SaaS model and, and since the cloud provider also implements all security functions, consumers normally don't have any dealings with key management in the SaaS model.
Using a SaaS application service
When using applications with the Software as a service (SaaS) context, users are provided access to application software and databases in the cloud. No extra hardware or software is needed on the consumer end when running applications. The cloud providers have the application software installed and set up in the cloud, where users can access on demand (usually priced on a pay-per-use basis or using a subscription fee). Some services are free, such as Gmail. Cloud users do not manage the cloud infrastructure and platform where the application runs, as this is all taken care of by the provider. The provider can meet the needs of several users at once by distributing tasks onto multiple virtual machines by using load balancers. These operations are transparent the consumer, who sees only a single access point.
Advantages of using SaaS services
Since SaaS service providers supply all the maintenance, support, and functionality for applications on demand anytime and anywhere, such that it can be set up and running by a consumer in a matter of minutes, SaaS is probably the best known and most commonly used aspect of cloud computing. In addition to cost savings on maintenance, support, hardware and software costs, etc., another major advantage of using SaaS services is that updates are automatically installed without any need to download and install software.
Types of security capabilities needed
However, the main problem with the SaaS cloud service model is the greater possibility of unauthorized access to data which is stored on the cloud provider's server. As a result, many users are employing third-party key management systems to help secure their data. When running an application within the SaaS services, the consumer basically needs two types of security capabilities: