samurai6
At first glance, it would seem that the 3 tiers of the SSM lines up nicely with the traditional models of IaaS/PaaS/SaaS, but it doesn’t seem to be quite as clean cut as that.
Per the Security Best Practices paper in regards to Container Services, "sometimes you don’t manage the operating system or the platform layer". I find it difficult to build a schema to differentiate the tiers when you have the word "sometimes" in it.
Has anyone found a useful litmus test for ascertaining whether services fall within Infra vs Container other than an educated guess? At least Abstracted Services seem to line up pretty nicely with SaaS…