NIST: Definitions Of Cloud Computing

The National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce and in September 2011 NIST published a definition of Cloud Computing. The full definition / document (SP 800-145) can be read via the NIST webpage: https://csrc.nist.gov/publications/detail/sp/800-145/final , however I am going to summarise parts of the document.

Five Essential Characteristics Of Cloud Computing

• On-demand self-service – The customer (consumer) can provision resources such as compute, network, storage when needed without the need to interact with a human representative of the supplier. For example, in AWS creating a new EC2 instance via the web console without the need to ring AWS customer service to ask for a processor, storage disk etc.. to be assigned.

• Broad network access – The customer (consumer) can access the cloud resources over a network through a standard mechanism. For example, accessing the Azure web console from any internet connected device to create a new blob storage container or using an Application Programming Interface (API) call to achieve the same outcome.

• Resource pooling – The providers resources are pooled so that multiple customers (consumers) in a multi-tenant environment can use the resources dynamically. For example, clustering together storage so that customers can allocate what is required without impacting on other customers.

• Rapid elasticity – The ability to scale out / in quickly, sometimes automatically, depending on the customers (consumers) needs. For example, when web traffic increases to a web server and the server starts to struggle, rapid elasticity allows for another web server to be created alongside the first reducing stress in the first web server. When (if) the traffic decreases then the second web server can be removed.

• Measured service – Resource usage is tracked, monitored and can be reported on to provide transparency for the customer (consumer) and the cloud provider.

Service Models

SP 800-145 lists three service models for cloud computing.

• Software as a Service (SaaS)

Applications running within the providers cloud infrastructure. The customer (consumer) does not manage or access the underlaying cloud infrastructure (network, servers, operating system) and generally accesses the application through a web browser or a thin client device. Examples include Office 365 web apps, GMail.

• Platform as a Service (Paas)

The customer (consumer) has the capability to deploy applications onto the cloud providers infrastructure. The customer (consumer) does not have access to the underlaying cloud infrastructure (network, servers, operating systems) but can alter application settings / configuration.

• Infrastructure as a Service (Iaas)

The customer (consumer) has the ability to deploy / provision processing (e.g. virtual computers, EC2), storage (e.g. blob storage, S3), networks (e.g. virtual network, VPC) and can have access to operating systems, deployed applications and host firewalls. However, the customer (consumer) does not manage or control the underlaying cloud infrastructure.

Not mentioned in SP 800-145 are models which may have been defined after September 2011, or may just be extensions of the service models listed above. These “unmentioned” service models include:

• Function as a Service (FaaS)
• Desktop as a Service
• Data as a Service (DaaS)
• Security as a Service (SECaaS or SaaS)

AWS discusses shared responsibility at https://aws.amazon.com/compliance/shared-responsibility-model/ and Azure discusses shared responsibility at https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility.

Deployment Models

When most end users think of the cloud it’s generally of a public cloud such as AWS or Azure. However, there are several different deployment models for cloud.

• Public Cloud

Can be used by practically anyone (general public, business, government, academic) and the cloud could be owned, managed and operated by a business, government or academic organisation. Examples include Microsoft Azure and AWS.

• Private Cloud

Provisioned and used exclusively by a single organisation. May be on or off premises (e.g. in local or remote server farm).

• Community Cloud

Provisioned for exclusive use by a specific community that have shared interests / concerns. It may be owned. managed and operated by one or more of the organisations involved and may be on or off premises.

• Hybrid Cloud

A mixture of one or more of the above (e.g. private and public, public and community) where the clouds have been bound together to enable data / application portability.