CompTIA Buying Guide for Infrastructure as a Service

Getting Started

If you are like most executives, buying technology can be exciting, hopeful, uncertain, frustrating and everything in between. You must identify requirements, weigh competing needs, evaluate capabilities, assess ROI and consider a host of other factors – all of which can be overwhelming, especially when they involve migrating your computing infrastructure to the cloud.

The CompTIA Buying Guide for IT Security is designed to provide you with a starting point.

Cloud computing is one of the most disruptive solutions on the market. It has not only impacted the technology deployed by IT departments, but how business is done. It’s changed the way organizations innovate and compete, adding ever-greater productivity, speed and agility.

IaaS, one of three classes of cloud computing along with software-as-a-service (SaaS) and platform-as-a-service (PaaS), promises your organization access to computing resources – servers, storage and networking – on-demand in the same way as other utilities like power and water. As advertised, IaaS is game changing. But is it right for you?

The Computing Technology Industry Association (CompTIA) designed this guide to assist you in navigating the decision-making process for an IaaS engagement. This guide is not intended to be a Consumer Reports-style product review, but rather a framework for “asking the right questions” to ensure that you are making an informed decision.

What you will find in the CompTIA Buying Guide for Infrastructure-as-a-Service (IaaS):

  1. Overview
    • What is IaaS?
    • What isn’t IaaS?
    • What are the options for deploying IaaS?
    • How are organizations migrating to cloud?
    • What challenges do organizations fnd when migrating to cloud?
    • What deployments are most suitable for IaaS?
  2. Considerations
    • What are the potential benefts of IaaS to your organization?
    • What are the potential challenges of IaaS to your organization?
    • Which IaaS deployment model is right for your organization?
    • How does IaaS align with your organization’s capabilities and priorities?
  3. Questions
    • What are the capabilities and performance of the IaaS deployment?
    • How is your data stored and protected as part of the IaaS deployment?
    • What level of support is provided for your organization’s IaaS deployment?
    • What expertise does the IaaS provider have?
    • What are the cost and contract terms for the IaaS deployment?
    • What IT security processes should your organization develop?
    • How should your organization enact IT security policies?


IaaS, as defined by the National Institute of Standards and Technology (NIST), is the capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer can deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure, but has control over operating systems, storage and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

The NIST defnition – albeit accurate – is a clunky description for what is an elegantly simple way of accessing computing resources on demand.

What isn't IaaS?

Of course, it’s important to understand what IaaS is, but it’s also helpful to understand what it isn’t. That’s because many service providers have engaged in “cloud washing” – attaching the word “cloud” to solutions that aren’t technically cloud-based – to market their services and capitalize on the growing demand for cloud solutions.

That doesn’t mean these are not good solutions – or even the right solutions – for your organization; it just means they are not IaaS. Indeed, there is a difference between solutions built for cloud (i.e., cloud native) and those that are simply hosted in the cloud. True IaaS solutions have certain attributes defned by NIST as follows:


What are the Options for Deploying IaaS?

You can deploy IaaS in one of four different deployment models defined by NIST as follows:

  • PRIVATE CLOUD – cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
  • PUBLIC CLOUD – cloud infrastructure is provisioned for open use by the public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
  • COMMUNITY CLOUD – cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
  • HYBRID CLOUD – cloud infrastructure is a composition of two or more distinct cloud infrastructures (i.e., private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Editor’s Note: “Hybrid cloud” is not the same as “hybrid IT,” which describes using on-premises and cloud-based solutions in tandem.

How are Orgainizations Migrating to Cloud?

Unless your company is a startup needing to deploy a greenfield computing environment, you are unlikely to go 100 percent cloud from day one. Indeed, CompTIA analysts have identified four stages of IaaS adoption (see graphic: How Organizations Adopt Cloud Solutions).

  • EXPERIMENTATION STAGE – Companies typically begin testing IaaS by building virtual instances, typically on public cloud systems, as proofs of concept.
  • NON-CRITICAL USE STAGE – Next, they will migrate some computing functions to the cloud, but not their most important systems.
  • PRODUCTION STAGE – Once comfortable with IaaS and assured of its security and reliability, companies will add mission-critical systems.
  • TRANSFORMATION STAGE – Companies are not simply moving their systems into the cloud; they are changing the way they work to reap the full benefit.

What Deployments are Most Suitable for IaaS?

IaaS makes sense in many circumstances that are closely tied to the general benefits that cloud computing offers (as discussed in greater detail in Section 3). The 2014 book, “Essentials of Cloud Computing,” shares some examples, which are updated here. These include situations wherein an organization:

  • experiences unpredictable peaks and valleys in demand for computing resources
  • lacks capital to invest in hardware as is often the case with startups but also with companies that have competing demands on their budgets
  • is under pressure to limit capital expenditures and/or move to operating expenditures
  • is growing rapidly and, therefore, unable to scale computing resources to keep pace
  • has computing infrastructure needs that are temporary, such as testing and development
  • needs to access computing infrastructure quickly and cannot wait to purchase and turn up new servers

While IaaS is advantageous in scenarios where scalability and quick provisioning are key, it may be ill advised in situations wherein an organization:

  • must comply with regulations that prohibit outsourcing data storage and/or processing
  • has minimal usage requirements that are easily met by available on-premises infrastructure
  • requires a high level of performance that may be hampered by Internet access although direct connections to cloud infrastructure providers can mitigate this concern
  • needs control of the underlying physical infrastructure (as opposed to virtual machines)


Any business investment decision requires that you weigh a range of factors: the needs of your company’s stakeholders, alignment with your corporate objectives, functional requirements, and the pros/cons and total cost of ownership (TCO) for each individual solution.

As a foundation for evaluating your potential investment in IaaS, this buying guide reviews some of the considerations that should be factors in your decision. These include reasons to consider investing in IaaS as well as likely challenges. It also covers the degree to which moving to IaaS aligns with your company’s current environment and capabilities as well as your future preferences and expectations.

What are the Potential Benefits of IaaS to Your Organization?

Ultimately, what will drive your move to cloud infrastructure will be the benefits your organization perceives pre-deployment and realizes post-deployment. CompTIA’s most recent research finds cost-cutting to be a top benefit of cloud solutions in general (see chart, “Benefits of Cloud). Savings are not guaranteed but possible with IaaS, particularly when you consider its usage-based pricing model. That said some of the other perks such as speeding time to market, improving uptime and enabling innovation may offer more lasting value to your organization.



What Are the Potential Challenges of IaaS to Your Organization?

Clearly there are many benefits to using IaaS in your organization. But there are also challenges, which range from technical to market-based. Some are overcome with advanced preparation, but others are persistent risks that your organization must weigh in your decision.


Which IaaS Deployment Model Is Right for Your Organization?

Based on the benefits and risks that a cloud model poses, you can plot your organization’s best IaaS deployment options in a high-low matrix like the one below developed by Gartner. In this matrix, cloud benefits, range from uncertain to clear and the challenges range from unmanageable to manageable. According to Gartner, if your deployment lands in the:

  • Upper-right quadrant, that’s where public cloud services make most sense
  • Lower left, it’s unsuitable for the cloud computing model
  • Upper left, it may be a good candidate for a private cloud service approach
  • Lower right, it’s worth experimenting with the cloud model


While this is an individual decision for every organization, Gartner noted in a June 2016 study that the trend is toward more outsourcing. The research firm said that by 2020 more computing power will have been sold by IaaS and PaaS cloud providers than sold and deployed into enterprise data centers. The IaaS market has been growing more than 40 percent in revenue per year since 2011, and it is projected to continue to grow more than 25 percent per year through 2019. By 2019, the majority of virtual machines (VMs) will be delivered by IaaS providers. With most computing power moving to IaaS providers, Gartner recommends businesses build the capability to manage multiple cloud providers and capacities.

How Does IaaS Align with Your Organization’s Capabilities and Priorities?

Before you go car shopping, you typically spend some time beforehand evaluating your transportation needs (e.g., number of passengers, price range, gas mileage, style, etc.). Similarly, it’s premature to begin cloud shopping without a needs assessment. This guide includes two self-assessments:

  • The first will help you prioritize the benefits you hope to achieve by using IaaS
  • The second seeks to highlight your organization’s IT capabilities and preferences for an initial IaaS deployment.

Use these tools as starting point. You are bound to encounter areas of uncertainty just as you would when considering optional features on a new vehicle. Refinements can be made along the way as business objectives and needs are clarified.

This exercise can serve to jumpstart internal conversations with your business and technical decision-makers about their comfort level and expectations for moving to IaaS. Once all stakeholders have weighed in, the final ranking can be a framework for internal teams (and/or their trusted IT providers) to specify a private cloud solution or source an IaaS provider.



The following questions may apply to a cloud infrastructure service provider, an IT solution provider supporting your organization, or internal staff pursuing a cloud initiative.

IaaS Performance & Capabilities

  • What metrics are used to assess speed, reliability and overall performance?
  • How does the SLA handle performance requirements?
  • Are there “good, better, best” tiers of features and capabilities?
  • What tradeoffs exist between capabilities and ease-of-use?
  • What is the mechanism for determining how this cloud solution integrates with our other IT systems, applications or processes?
  • If customization is required, how is that handled?
  • What are the mobile or remote capabilities of this cloud solution?

IaaS Data Storage & Protection

  • What methods are used to protect my data?
  • Are there any guarantees to protect my data against security breaches or data leaks?
  • Who can access my data? This may include insiders, other firms, government agencies...
  • How is data backup and disaster recovery handled? What redundancy is built into the system?

IaaS Support

  • How is support provided (phone, email, IM)?
  • Is emergency support available 24/7?
  • What can I expect from your customer help desk?
  • How are complex questions escalated?
  • Is there a user forum or other self-serve repository of FAQs?
  • What type of training is provided to ensure my staff get the most out of this investment?

IaaS Provider Expertise

  • How does your team stay current with new cloud technology developments and trends?
  • What members of your team will be working on my project? Will this change over time?
  • What relevant industry credentials or certifications, if any, does your firm or team have?
  • What is your level of expertise with the regulatory compliance requirements for my industry?
  • If I am required to provide an audit trail to demonstrate compliance, how will this be handled?
  • Do you have any customers that are in a similar line of business as mine?

IaaS Costs & Contracts

  • What is the fee structure? Are there any extra or hidden fees?
  • Do you offer contract flexibility, such as the option of annual or monthly payments?
  • Is there a cap on how much rates can be increased by?
  • What happens if I want to terminate my contract? How do I get my data back?
  • Do you have any case studies or ROI assessments to help me understand the cost/ benefits of this proposed solution?
  • Do you have any comparisons showing the cost of on-premises vs. cloud solutions over time?
  • Will I need to purchase any additional infrastructure, software, etc. to use this solution?

Explore More Resources