Friday, September 17, 2021

What is a cloud service: NIST 5 criteria

Imagen de datacenter
Cloud computing is often thought of as a set of products, but it is actually a way of providing IT infrastructure and services to customers.

With the proliferation of cloud technologies, the use of new terms and specific jargon can be confusing, but fortunately the Computer Security Division of NIST provided a formal definition and characteristics of Cloud computing.

According to NIST (SP 800-145), these are the 5 essential characteristics that a cloud service must meet to be properly named a 'cloud service', whether public or private:

  • On demand self-service : Self-provisioning is one of the many features that customers can take advantage of, but they must also be able to start or stop their own services without requiring interaction with the cloud provider.
  • Broad Network Access: Service must be available to any device using any network. 
  • Resource Pooling: Provider create a pool of resources and dynamically allocate it to customers. 
  • Rapid Elasticity: The services provided by provider must be easily expandable and quick. 
  • Measured Services: Provider must measure the usage of service and charge it accordingly.

ISO 17788 names one additional feature in addition to the previous five features from NIST:

  • Multi-tenancy: In a private cloud, the customers, also called tenants, can have different business divisions inside the same company. In a public cloud, the customers are often entirely different organizations. Most public cloud providers use the multi-tenancy model. Multi-tenancy allows customers to run one server instance, which is less expensive and makes it easier to deploy updates to a large number of customers.

There are additional features that are highly desirable or even essential such as security, which although often seen in cloud environments, are secondary in nature or derived from essential features, such as resiliency, cost-effectiveness or automation.