The National Institute of Standards and Technology (NIST) created a cloud definition that has been well-accepted across the IT industry. NIST was mandated to assist government agencies to adopt cloud computing for their IT operations. As part of their mandate, NIST created multiple working groups to define cloud computing, its architecture, and requirements. In this paper we explore the center core of NIST's cloud definition.
The National Institute of Standards and Technology (NIST) has created a robust, comprehensive cloud definition that has been well-accepted across the IT industry. It covers five essential cloud characteristics, three service models, and four deployment models. Spanning two pages of text, it initially seems overwhelming. Yet this cloud definition is very effective in establishing clear boundaries and scope for cloud computing. It can be used to filter the overly hyped cloud marketing literature to better understand the business value of true cloud services. This white paper examines NIST's cloud definition in detail with real world case study examples to illustrate how it is applicable to today's cloud market landscape.
At the request of the federal CIO Vivek Kundra, NIST was mandated to assist government agencies to adopt cloud computing for their IT operations. As part of their mandate, NIST created multiple working groups to define cloud computing, its architecture, and requirements. In this paper we explore the center core of NIST's cloud definition (document Special Publication 800-145), which has been well accepted throughout the IT industry across vendors, service suppliers, IT organizations, and customers.
Overview of Cloud Definition
The NIST cloud definition is a comprehensive description of the essential defining quality of cloud computing. They define it as:
"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models."
This paper will elaborate and further illustrate how this is applicable in the current environment of the cloud computing industry. In the next several sections, we will state the NIST definition, elaborate on the key principles, and provide some case study examples.
There are five key attributes of a true cloud service. While there may be some variations in certain cases or environments, a cloud service should adhere to these traits.
NIST's five essential characteristics are:
1. On-demand self-service
NIST defines this as:
"A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider."
This is a key attribute of a true cloud service. A customer must be able to request the usage of a cloud service through an automated interface (such as a web portal, kiosk, mobile app, etc.) without the need to speak with a middleman or sales person. The consumer can request this at any time. This feature should also enable the consumer to cancel the usage of a cloud service at any time. From the consumer's perspective, engaging a cloud service and releasing a cloud service should be as convenient and hassle free as possible. For example, there should be no need to speak with a call center representative or request/release a cloud service only during working hours.
2. Broad network access:
NIST defines this as:
"Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations)."
A true cloud service must be accessible and usable through a broadly available communication network. Generally speaking, it means that as long as a consumer has Wi-Fi, broadband, or landline network connectivity, then he/she can utilize the cloud service. There should be no location dependency for the cloud service. Furthermore, a cloud service should be accessible with minimal dependency on the device used for accessing the cloud service.