Platform As A Service(PAAS)Platform as a Service is a category of cloud computingservice model that provides the developers a platform to buildand use applications and services by using a communicationnetwork. PAAS services are available in the cloud andaccessed by users by using web browsers. In the PAAS model,cloud providers provides a platform which includes operatingsystem, programming language execution environment,database, and web server. The users can use these facilities todevelop their applications. The well known PAAS providersare AWS Elastic Beanstalk, Cloud Foundry, Heroku,Force.com, OrangeScape. The services are constantly updatedby the service providers, with existing features upgraded andadditional features added. In PAAS services the user has topay for a subscription basis and charged just for what they use.PAAS includes Operating system, Server-side scriptingenvironment, Database management system, Server Software,Network access tools for design and development and webhosting.Advantages of PAAS1. The user doesn’t have to invest for physical infrastructure asit will be provided by IAAS on demand. So this gives fullymobility to focus on the development of applications.2. With PAAS services application development is simple. Soanyone can develop an application with less technicalknowledge by using web browser.3. User can have control over the applications that are installedwithin their platforms and can create a platform that suits theirspecific requirements. They can „pick and choose? thefeatures they feel as necessary.4. In PAAS the applications can be changed or modified ifrequired.5. The services are not isolated, application specific orlocation dependent. So users in various locations can worktogether provided they are connected through acommunication medium. 6. Security of user?s data and theapplication is the responsibility of the cloud provider. Datasecurity, backup and recovery are the major security issues.Headings, or heads, are organizational devices that guide thereader through your paper. There are two types: componentheads and text heads.C. Software As A Service(SAAS)The third model is Software as a Service which provides aplatform in which the users access the software from thecloud. The users of SAAS will not have to worried aboutmanaging the cloud infrastructure and platform on which theapplication is running. The software installation and operationis the responsibility of the service providers and alreadyavailable by using IAAS and PAAS. This is typically end userapplications delivered on demand over a network on a pay peruse basis. The examples of SAAS include: Google apps,MicrosoftOffice365, On live, GT Nexus, Marketo, and TradeCard. These applications are hosted in “the cloud” and can beused for a wide range of tasks for both individuals andorganizations.Advantages of SAAS1. No additional infrastructure or platform required to runthe applications, as it provided by the service provider (IaaSand PAAS).2. Software Applications are ready to use once the usersubscribes. The user only have to pay for software not forinfrastructure or platform setup.3. With SAAS services application development is simple.So anyone can develop an application with less technicalknowledge any time by using web browser.4. Software updating is automatic i.e if any updates areavailable online to existing user, offered free of charges.5. SAAS provides mobility to the user where applicationscan be accessed via any internet enabled device, which makesit ideal for those who use a number of different devices, suchas internet enabled phones and tablets, and those who don’talways use the same computer.V. SECURITY ISSUESThe greatest challenge in the Cloud Computing which cancause havoc is the security issue of the information system.Understanding the various risks involvement in the securityand privacy in the cloud computing and creating an effectiveand efficient solutions is also a difficult task. There are varioussecurity issues factors like confidentiality, integrity,availability and reliability are widely used terminologies. Andin cloud computing environment the user’s data and all otherdata should always remain protected and confidential fromany type of un-authorized access. Some of the security issueswhich came are listed as follows:A. Data Integrity and ReliabilityIn cloud computing , any user can access the resources fromany of the location all across the globe. Cloud cannot be ableto differentiate between the sensitive and insensitive data . Soan important aspects of the cloud computing environment isthat the user’s data should be made available with reliability.The main duty for providing the data with reliability lies in thehand of cloud service provider. They should ensure that bymaking their whole system capable to check whether theaccess of data is made from an authorized source orunauthorized source.B. Cloud SecurityThis includes various Technical and organizational issueswhich are related to the fact that cloud services should beprovided to its authentic user by providing an acceptableamount of security and not to an un-authentic user. This riskscan be overcome by using various security checks, securityhardware, encrypted file system.C. Privace in CloudPrivacy is the process of making sure that the user’s dataremains private, confidential and restricted from unauthorizedusers. Due to data virtualization the users data may be storedin various virtual data centers rather than in the localcomputers. So the unauthorized users may access the privateinformation of the authorized users. Data authentication is oneof the most popular options of security before putting thesensitive data into cloud.VI. SECURITY THREATSA threat is define as an external force by which the nodesexisting in one state transfers into other. A node in the cloudenvironment stores the data and information and gives the usera platform to use the application in the form of services. Thereare significant numbers of attacks or intrusions occurs in thecloud based applications. Some well known attacks are listedbelow.1. SQL Injection Attack: An SQL injection is a computerattack mostly affects to SAAS model, in which malicious codeis embedded with a poorly-designed application, executesunauthorized SQL commands by taking advantage of insecureinterface connected through Internet. SQL injection attacks areused to access information from databases, which is protectedfrom public access. SQL injection attacks are avoided byensuring systems having strong input validation.2. Abuse And Nefarious Use Of Cloud Computing: In thisthreat the hackers take the advantages of shortcomings in theauthentic registration process associated with cloud. After thesuccessful registration, the cloud service providers offerSAAS, IAAS and PAAS services to the users. But hackersmay be able to conduct susceptible activities like Spammingand Phishing. This threat exists in all the three layers of theservice models.3. Net Sniffers: Net sniffer is a type SAAS service modelthreat in which the attackers use to gain access throughapplications, which can capture packets flowing in a networkand if the data that is being transferred through these packetsis not encrypted. Then data can be publicly available and readby any one.4. Man In The Middle Attack: Another type of sessionhijacking is known as a man-in-the-middle attack. Where theattacker uses a sniffer to observe the communication betweendevices and collect the data that is transmitted. In this theattackers make independent connections with the victim?scomputer and making them believe that they are connecteddirectly to each other over a private connection. But in fact theentire session is controlled by the attackers. This is a threat toSAAS.5. Privacy Breach: Since data from various users and businessorganizations available together in a cloud environment, sobreaching in cloud environment will attack the data of theauthorized users. Hence the unauthorized users can access theprivate data of the cloud users and do some susceptibleactivities with the data.