Cloud Computing is general term and for all intent and purposes a marketing buzzword. This term is being used holistically to describe a service or system which uses the Internet to provide shared computer processing resources and data to computers and other devices on demand.
The broad marketing definition above is flawed if we align the definition to the NIST special publication, ‘The NIST Definition of Cloud Computing’. This paper published by Peter Mell and Timothy Grace in September 2011 was created to ‘…serve as a means for broad comparison of cloud services and deployment strategies…’. In this paper, the authors define the Essential Characteristics, Service Models and Deployment Models of Cloud Computing. Using these three definitive areas as described by the authors one can appreciate not all Internet services are cloud services and cloud services are also not limited to being deployed on the Internet exclusively. Let’s take a detailed look at the Essential Characteristics, Service Models and Deployment Models of Cloud Computing.
The 5 Essential Characteristics of a Cloud Service
The 5 essential characteristics of a cloud service help us define what is a cloud service and what is not a cloud service. Just because a service is on the Internet or hosted in an off-site data center does not make it a cloud service. A cloud service must contain the following 5 characteristics:
- On-demand self-service – if you are not able to subscribe and configure the service without the aid of a systems administrator or outside party it is not a cloud service.
- Broad network access – if you do not access the service over a network using multiple platforms i.e. desktop, mobile etc., it is not a cloud service.
- Resource pooling – If the service is dedicated in some way i.e. you have exclusive use of the underlying hardware or software resources, it is not a cloud service.
- Rapid Elasticity – If the service is not able to scale as demand increases it is not a cloud service.
- Measured service – If the service is not measured in any way, i.e. there is no direct relationship between use and cost, it is not a cloud service. To clarify, not all cloud services are subscriptions where you pay for what you use but all cloud services are metered in some way e.g. amount of storage, bandwidth, active user accounts etc.
Cloud Computing Service Models
Cloud computing services are offered through 3 broad service models:
Infrastructure as a Service (IaaS) – The service provider provides the infrastructure (Network, Storage, Servers & Virtualization). The subscriber is responsible for the Operating System, Middleware, Runtime, Data and Application).
Platform as a Service (PaaS) – The service provider provides the platforms (Network, Storage, Servers, Virtualization, Operating System, Middleware and Runtime). The subscriber is responsible for the, Data and Application.
Software as a Service (SaaS) – The service provider provides the full stack. The subscriber merely consumes the cloud service.
When it comes to cloud security and responsibility, these 3 service models are a spectrum of diminishing control. IaaS allows the most control to the subscriber, Software as a Service allows the least control to the subscriber and Platform as a Service lies between the two. The image below illustrates this concept.
As you can see from the image above the subscriber’s control or responsibility diminishes as you move from On-Premises to SaaS. From a security standpoint, this separation of responsibilities is significant as the subscriber’s accountability differs significantly depending on which service model is chosen.
Cloud Computing Deployment Models
Cloud computing services can be deployed with different forms of user access i.e. the services do not necessarily have to reside on the Internet and be open for all to use. The 4 different cloud computing deployment models are
Public cloud – The cloud infrastructure is provisioned for open use by the public.
Community cloud – The cloud infrastructure is provisioned for exclusive use by a specific community of subscribers.
Private cloud – The cloud infrastructure is provisioned for exclusive use by a single organization of subscribers.
Hybrid cloud – The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, public)
So when it comes to navigating the jargon around the cloud remember that the cloud someone is trying to sell you must conform to the 5 characteristics. The service can be consumed through one of the 3 service models and can be deployed via 4 different deployment models.