I hate that question...

So I've found another question that irritates me. It's this one: "What's the most secure; SaaS, PaaS or IaaS?". There are lots of things wrong with this question - firstly, define what is meant by secure. Secondly, define your perspective - are you a provider or a consumer. Thirdly, assuming you're a consumer, define what you're doing in the cloud - it's a big concept, there's lots you can do and lots of ways of doing it! And so on and so on...

I think it's a naive question to ask and that it's even sillier to come out with an answer (unless you've spent the time to understand a very specific situation). There are lots of different perspectives and lots of different classes of organisation with different needs and capabilities. For example, if you're a small business with little experience with an application then it's likely that a SaaS provider will provide a more secure (albeit multi-tenant) solution than you could build yourself. However, if you're a large enterprise then I think a fair argument could be made that you could build a more secure, single tenant application on your own platform on a shared IaaS cloud infrastructure than the multi-tenant equivalant offered by a SaaS provider. Of course, the observant amongst you may have noticed that I said "more secure" without actually defining secure - look at the name of the blog, I'm musing :0)

Upshot, as with most things, know your requirements and choose the solution that's the best fit. This cloud stuff really is not rocket science. (Unless of course you're NASA: http://nebula.nasa.gov :-)