Get Steve's Book on Amazon
  • Eliminating
    Eliminating "Us And Them": Making IT and the Business One
    by Steven Romero

What is Cloud Computing?

What is cloud computing? It may seem odd for me to be asking that question today given “the cloud” has been around for years and it absolutely dominates the information technology landscape. I actually addressed this question in a blog post I wrote two years ago. At the time, many people I encountered were struggling with the term and the litany of differing and disparate ‘expert’ views didn’t help this situation. My article focused on the definition developed by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST), “The NIST Definition of Cloud Computing”, NIST Special Publication 800-145.

In the two years since I wrote my post, cloud adoption has continued to grow and there is no end in sight. Though the potential benefits of cloud computing are off-the-chart, this incredible information technology advance poses new threats in my quest to help eliminate the “us and them” divide between IT organizations and the businesses they serve. In my last post, I talked about the onset of “Shadow IT” - IT systems and IT solutions built and used inside organizations without organizational approval. Cloud-based applications and services represent one of the primary Shadow-IT conventions.  Many business units are in danger of undermining their enterprise goals by making unilateral and potentially harmful information technology decisions. This is tragic because sound cloud computing decisions could realize phenomenal potential for almost every organization. I also find it ironic because one of the themes of my latest presentation and workshop, “Ensuring Cloud Computing Success,” is how IT and the business can use cloud computing as a catalyst to act as “one.”

As I mentioned in my Shadow IT post, IT organizations can leverage business leader interest in cloud computing and their resulting willingness to make information technology decisions to foster a stronger relationship and a share in IT governance accountability. The first step in getting IT and the business to take the cloud journey together is to establish a common understanding of cloud computing. This is easier said than done as I continue encounter many folks that do not have a solid grasp on the cloud. Either they still find the concept of cloud computing to be complex, confusing, and difficult to understand, or they greatly oversimplify it. More and more people I talk to believe all software-as-a-service (SaaS) is cloud computing, when in fact SaaS has been around a lot longer than cloud computing.

Understanding cloud computing is not just a challenge for information technology novices. I recently partnered with a few IT-experts to deliver a day-long ‘cloud transformation’ preconference workshop. We developed the workshop without ever arriving to a consensus on the definition of cloud computing. We “settled” on the NIST view because when push-came-to-shove, some folks in the group didn’t think it was necessary for us all to be in lock-step on a definition. This suited our purpose and the workshop was a success, but I think the lack of a common understanding of cloud computing could hamper the ability of the business and IT to make sound shared cloud decisions.

So once again, I present the NIST definition of cloud computing. I hitched my cloud-wagon to the NIST-star because I felt NIST provided the most straightforward and simple description. I’m not alone in my advocacy of the NST definition. Many vendors, pundits and experts refer to NIST and both the International Standards Organization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE) back the NIST definition. Here it is:

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

In addition to this concise definition of Cloud Computing, I especially like how NIST describes the elements of cloud computing.  You need only remember this: 5-3-4. (Yes, I know that 3-4-5 or 5-4-3 would be easier to recall, but I did not want to change the sequence established at NIST.)

  • 5 Essential Characteristics
  • 3 Service Models
  • 4 Deployment Models

Cloud Computing has 5 essential characteristics. (Note the word, essential. Peter and Tim aren’t as iron-fisted, but I insist that if any of these characteristics is missing, it isn’t Cloud Computing.)

On-demand self-service – A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.

Broad network access – Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

Rapid elasticity – Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

Measured Service – Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

Cloud Computing is composed of 3 Service Models:

Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

Cloud Computing is composed of 4 Deployment Models:

Private cloud – The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Community cloud – The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

Public cloud – The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Hybrid cloud – The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

There it is – simple, straightforward, and easy to understand. This brings me to a question, “Why isn’t everyone using the NIST definition?” Frankly, I don’t know. Again, the most common misuse or misunderstanding I encounter is when people apply the cloud computing term to all instances of software-as-a-service (SaaS) and many folks are now characterizing all off-premise computing as cloud computing. If it is not in their datacenter (on-premise), then it is running in “the cloud.”

I believe a solid and mutual understanding of the cloud is essential when making collaborative cloud computing decisions but more and more I come across folks who don’t think a precise definition is that important. So I’ll close with this question:

“Should the absence of one, or even two, of the ‘essential characteristics’ of the NIST cloud computing view disqualify the use of the cloud term?”

I’d love to hear your thoughts. In the meantime, there have been a number of good posts attempting to dispel the notion that this relatively new information technology cumulus is nebulous. One of the best out there is by @PeterKretzman. The post is titled, “Cloud computing: misunderstood, but really not that complicated a concept.” It is well worth the look as you decide, “What is cloud computing?”

~ Steve ~

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (50)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments (3)

Great recap of the definition of cloud computing. You'd think that by now, the term cloud computing started to be used in 2008, we'd all know what it's characteristic are and how it's consumed and delivered. But I agree with you that this is not the case, as goes for many other paradigms before cloud. Think of SOA for instance, never really understood by the larger public.

It is my opinion that this has to do with the fact that some of the large IT companies 'define their own standards' and interpretations. This all has to do with marketing I think, using alternate terms and abriviations. This makes it more dificult to compare solutions on facts and capabilities, confusing customers. Also make technology have a 'new' feeling, while it's just the naming that has undergone most of the change.

Not to point any fingers, but Oracle for instance did not recognize cloud computing until early this year but now seems to cloudwash (rebrand a traditional solution to a cloud solution, though it does not contain any or all of the characteristics NIST states) many of their products. Another example on using standards is for instance the W3 standard for HTML coding, most browser vendors used the standards defined by the standards body, however Microsoft did only partial to maintain some competitive edge.

I don't think this will change on the short run unfortunately, though I think the consumerization trend might force large IT companies to adhere more to common terminology and standards. I hope so, because one of the great values of cloud computing I think is the ability to compose cloud services to build a wide variety of applications. This can only be possible if there is some sort of common ground and interface between multiple cloud services and vendors.

June 20, 2012 | Unregistered CommenterEdwin Schouten

Very happy to see your article, I very much to like.

The Vintage Wholesale Company The Vintage Wholesale Company We offer more than ninety different categories of vintage clothing for you to choose from. minyak bulus

August 9, 2015 | Unregistered Commentermiynak bulus

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
« Taming the Change-Resistance Beast | Main | Shadow IT: Cutting off the IT-Nose to Spite the Business-Face »