Are you offering a cloud-based product?
Explanation
This is a foundational scoping question about whether your product is hosted in the cloud and delivered over the internet, often in a Software as a Service (SaaS) model.
In the context of a security assessment, this question helps the assessor understand the deployment model of your offering, which significantly impacts the security considerations. Cloud-based products introduce specific security concerns such as:
- Data storage location and sovereignty
- Shared responsibility model between the vendor and the cloud provider
- Multi-tenancy risks
- Network security in cloud environments
- Access controls and authentication mechanisms
If you offer a cloud-based product, subsequent questions in the assessment will likely delve deeper into how you secure your cloud infrastructure, manage access controls, handle data in the cloud, and implement security monitoring.
To best answer this question:
- Be clear about your deployment model
- If you have multiple offerings, specify which ones are cloud-based
- If you use the term 'SaaS' (Software as a Service), 'PaaS' (Platform as a Service), or 'IaaS' (Infrastructure as a Service), these are all considered cloud-based products
- If your product is installed on customer premises or if you only provide professional services without a technology product, answer 'No'
Guidance
If you are only offering a service, or are offering a product that is not cloud-based, answer "no".
Example Responses
Example Response 1
Yes Our primary offering, SecureAnalytics Platform, is a cloud-based SaaS solution hosted in AWS data centers Customers access the platform through a web browser, and all data processing and storage occurs within our cloud infrastructure We do not offer an on-premises deployment option for this product.
Example Response 2
No While we do leverage cloud technologies internally, our product DataGuard is delivered as an on-premises software solution that customers install in their own data centers or private clouds We provide installation files and documentation, but the customer is responsible for hosting and running the software within their environment.
Example Response 3
Partially Our company offers both cloud-based and on-premises solutions Our flagship product, ComplianceTracker, is available as a SaaS offering hosted in Microsoft Azure (cloud-based), but we also offer a version that can be deployed in a customer's private data center (on-premises) Since we do offer a cloud-based product option, we should answer 'Yes' to this question and can provide details about both deployment models in subsequent questions.
Context
- Tab
- Infrastructure
- Category
- Required Questions

