To employ new technologies effectively, such as cloud computing, organizations must understand what exactly they're getting. With this in mind, the National Institute of Standards and Technology has issued its 16th and final version of The NIST Definition of Cloud Computing.
"When agencies or companies use this definition, they have a tool to determine the extent to which the information technology implementations they are considering meet the cloud characteristics and models," says Peter Mell, a NIST computer scientist who coauthored the report, also known as Special Publication 800-145.
"This is important because by adopting an authentic cloud, they are more likely to reap the promised benefits of cloud: cost savings, energy savings, rapid deployment and customer empowerment," Mell says. "And, matching an implementation to the cloud definition can assist in evaluating the security properties of the cloud."
The special publication includes the five essential characteristics of cloud computing:
On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops and workstations).
Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state or datacenter). Examples of resources include storage, processing, memory and network bandwidth.
Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled and reported, providing transparency for the provider and consumer.
SP 800-145 also defines four deployment models - private, community, public and hybrid - that together categorize ways to deliver cloud services.
NIST says the definitions are intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing.