Will 2010 be the year that platform-as-a-service (PaaS) comes of age? Amazon's Web Services (AWS) keep cropping up in conversations Quocirca has with independent software vendors (ISV); Salesforce.com's force.com platform is attracting more and more ISVs (last week at Cloudforce2 in London it proudly presented one of the latest applications to be ported BMC Service Desk Express), Microsoft's Azure platform is due to go live in early 2010 and Google's App Engine should come out of beta some time in 2010. Add to this PaaS offerings from various managed hosting providers (free report from Quocirca here), for example Rackspace's CLOUD Servers/Sites/Files, and one thing is for sure, for those that are up for it there is no shortage of PaaS choice.

All these services differ in the amount of infrastructure they include. The most complete stack is force.com, where applications are built using a proprietary set of tools on a highly proprietary multi-tenancy platform. At the other extreme is Amazon's Elastic Compute Cloud (EC2), which is basically a hypervisor on which its customers provision their own virtual machines. Either way, one of the overriding concerns of those planning to use these platforms is security. Roughly speaking, the thicker the stack the more onus there is on the PaaS provider to guarantee security levels in their SLA. So, for those considering Amazon's thin stack, two announcements this week will be of interest.

First, Trend Micro spent much of its EMEA analyst conference this week talking about cloud security. One initiative is a version of its Indentum encryption product (acquired in 2008) that allows storage volumes created on Amazon's EC2 to be encrypted. As Trend Micro pointed out, this is not just about the privacy of stored data, but ensuring that even when a virtual machine is de-provisioned from EC2, any data left behind remains unreadable. This is a more likely scenario than you might expect, as common use cases for EC2 are for providing peak load resources and application testing.

An alternative approach is available thanks to an announcement made by Symantec this week. It is making available through agreement with Amazon its End Point Protection and Storage Foundation products for securing EC2 deployments. The former ensures limits are applied to the use of VMs whilst the latter provides management tools for data volumes created; one feature of Storage Foundation is data shredding, ensuring all data is destroyed when VMs are de-provisioned.

The availability of these security tools should help overcome the doubts some harbour with regard to PaaS and encourage more uptake. The various providers will have high hopes for 2010 as the world continues to struggle with its economic woes; they will present PaaS as the cheap, flexible choice. By the end of the year it should be clear if their potential customers agree and the investments made in PaaS have all been worthwhile.