Someone tossed a Security+ study question my way this week. This is an example of Security+ trying to be CISSP Lite, but it’s still a valid question–probably for either test, and for SSCP and CISM too.

A small not-for-profit organization needs to invest in a new expensive database. There is no budget for additional servers or personnel. Which of the following solutions would allow it to save money by avoiding hiring additional personnel and minimize the footprint in their current datacenter?

A. Linux
B. Software as a Service (SaaS)
C. Infrastructure as a Service (IaaS)
D. Platform as a Service (PaaS)

Let’s take it one at a time.

A. Linux. Linux will save licensing costs, but it doesn’t completely solve their problem. They still have to buy server hardware, hire staff to administer the box and the database–unless they run Linux in the cloud, that is. Linux alone doesn’t solve the problem.

B. Software as a Service (SaaS). This is the right answer. Subscribe to SaaS, and for a low monthly rate (of course!) you get server space, complete with operating system and all the applications you want in the cloud, saving on licensing costs, power, hardware, and sysadmin tasks. Actually they just roll it all up and pass it on to you, but hopefully the provider’s volume saves you money. That’s the idea. At the very least, in the short term, SaaS is cheaper than buying a server, all the software, and hiring a couple of professionals to keep it humming along.

C. Infrastructure as a Service (IaaS). This is a couple of steps down from SaaS. For an even lower monthly rate, IaaS sells you some server space in the cloud, and then you load an operating system and applications on it. It’s not the right answer for these purposes because the organization still needs to hire a systems administrator and a database administrator to keep the box up and running, in addition to purchasing the operating system, supporting utilities (if any), and database application. Sometimes this is a good answer, but not in this case, where there’s no budget for additional personnel.

D. Platform as a Service (PaaS). This is a mid-tier solution. PaaS gives you server space in the cloud with an operating system loaded on it, and they’ll maintain the operating system. Then you load the database and your staff administers the database software. This isn’t a bad answer, except we don’t know that the organization has a qualified DBA already on staff to administer the new database application. Since the question specifically says there’s no budget for additional personnel, we have to read between the lines, and assume they don’t have the necessary personnel already. For that reason, this is the second-best answer of the bunch. If the question had stated they had a qualified DBA on staff, and that the database they need to run isn’t available via SaaS, then this would be the best answer.