The term Cloud Computing appears in Google search nearly 54 million times. But The Cloud remains to be this elusive entity to the general population. Those who fit into this category either see cloud-based computing as this near-magical technology that whisks your data into another dimension for you to summon at a moments notice at your beck and call (which sounds pretty wizard-like). For those who work with the technology daily and understand its capabilities, the technology is much more simplistic than others would make it seem, even though it does have some technical nuances.
These nuances can sometimes create confusion as to which category of cloud infrastructure an individual or organization should utilize to fit their data storage or migration needs. Thankfully, the National Institute of Standards and Technology (NIST) has comprehensively outlined the definition of Cloud Computing in their September 2011 publication for IT professionals to get a better understanding of each category of cloud platform. This highly technical topic that goes along with NISTs definition of cloud computing is enough to turn any mortals brain to mush, so were going to break it all down for you in an easy-to-digest format using language that even your non-technical parents can appreciate.
What is Cloud Computing?
In a nutshell, cloud computing is the virtual management of central data center resources that are stored in software-defined pools. This description just scratches the surface of the capabilities of cloud-based services though. From applications to storage and processing power, cloud solutions can deliver on-demand computing services to entities over the internet usually on a pay-as-you-go basis.
Professor Ramnath Chellapa of Emory University defined Cloud Computing more than 20 years ago in 1997 as the new computing paradigm, where the boundaries of computing will be determined by economic rationale, rather than technical limits alone. For many years following the emergence of cloud computing, technology companies were extremely apprehensive about cloud adoption. Many executives considered that cloud storage was nothing more than marketing ploy and that it didn’t allow them the IT infrastructure security and flexibility that they desired in a third-party data storage service.
After several large tech companies such as Apple, Netflix, Xerox moved over to cloud-based applications, other companies followed suit following hearing about their triumphs. Case in point that since 2008, global spending on cloud services has grown from just over $46 billion in 2008 to a whopping $260 billion in 2018 (that’s a 465% increase in 10 years)! Analysts are expecting this number to jump even further in 2018 and beyond at a rate that they originally would have not thought to be possible for the service. Currently, half of global enterprises are using some form of cloud computing service. With this rapid and widespread adoption, analysts are projecting that those same enterprises will go all-in on cloud computing.
So why all the fuss about cloud computing? What makes it so special?
Were so glad you asked.
Cloud computing allows firms to avoid the upfront cost and complexity that comes with internally owning and maintaining their own IT infrastructure and data centers. Its much more efficient and cost-effective for the firm to simply pay for what they use when they want to use it. They can do this easily via summoning the data source from their public or private cloud. Cloud computing services also allow companies to move faster on projects and effortlessly test out concepts without lengthy processes for procurement. They can just summon it from the cloud.
With many companies opting to run their software development in an agile environment where many new applications are being continuously developed and tested to various audiences, cloud computing can be a great solution. The elastic nature of the cloud means it is easier to scale it up fast if a new application turns out to be wildly popular. The organization no longer needs to scramble to acquire more internal server space to accommodate the added traffic. They can simply pay for more space from their cloud service providers and go about their day.
Many companies primarily use cloud computing services to backup their data in case of a disaster or emergency. If, somehow, ransomware feeds into the internal servers of a company with a private cloud, that company doesn’t need to pay the ransom; they can effectively mitigate the attack and immediately pull their data from their private cloud. In the end, cloud computing makes data backup, disaster recovery, and business continuity easier and more cost-effective due to its ability to mirror data at multiple redundant sites on the cloud providers network. This gives a firm more control over their data which can give everyone from employees to board members the peace of mind they need to work more productivity in their day-to-day.
NIST Cloud Computing
Although, NIST is credited with having the most succinct and accurate definition of Cloud Computing, the term itself was first coined nearly 15 years prior when Netscapes Web browser was big news. In 2011, NIST defined cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This short description is intended to serve as a means for broad comparisons of cloud services and deployment strategies while providing a baseline for discussion on the overall best uses for cloud computing.
NISTs definition identified self-service, accessibility from desktops, laptops, and mobile phones, resources that are pooled among multiple users and applications, elastic resources that can be rapidly reapportioned as needed, and measured service as the five essential characteristics of cloud computing. When these characteristics are combined, they create cloud computing infrastructure that contains both a physical layer and an abstraction layer. The physical layer consists of hardware resources that support the cloud services (i.e. servers, storage and network components). The abstraction layer consists of the software deployed across the physical layer, thereby expressing the essential characteristics of the cloud per NISTs definition.
Deployment Models
A cloud deployment models represent a specific type of cloud environment that are distinguished by ownership, size, and access. NIST offers guidance via their definitions of each of the four deployment cloud models (Private, Community, Public, and Hybrid). Although a one-size-fits all cloud solution does not exist, each model offers to fill a specific niche for a client based on its inherent features and abilities. In the following prompts, well aim to make sense of NISTs technical definitions of these deployment models to help you better understand which solutions fits the needs of your firm best.
Private Cloud
Private cloud computing is a deployment model that is purchased and dedicated to a single client or company in a single-tenant environment where the hardware, storage and network assume the highest levels of security. Data that is stored in the private clouds data center cannot be accessed by anyone other than the client that owns it. This is a great solution for organizations that feel as though their data is too sensitive or valuable to put on a public, community or hybrid cloud.
The private cloud also gives administrators the ability to automate their data center thereby minimizing manual provisioning and management which is incredibly important for safe and secure day-to-day operations to flourish. Better yet, the private cloud is a great solution for firms wishing to stay PCI and HIPAA compliant as this model allows sensitive data to be delivered through a fully private cloud deployment within the network configurations that only they own.
Community Cloud
NIST defines a community cloud deployment model as one that is used exclusively by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. This multi-tenant platform allows several companies work on the same platform if they share similar needs and concerns. Community clouds allows companies to collaborate on joint projects, applications, or research in a secure setting. This is deployment model is great for organizations that need to test-drive their high-end security products that are driven by compliance and regulatory measures.
Public Cloud
A public cloud is a deployment model that is owned by cloud service providers and made available to the public. Customers can gain new capabilities on demand without investing in new hardware or software by tapping into the public cloud. Customers simply pay their cloud provider a subscription fee or pay for only for the resources they wish to use. The vendor is then responsible for all the administration, maintenance, capacity planning, backups, and troubleshooting. Each public cloud can simultaneously handle massive amounts of storage that allows businesses the ability to handle multiple projects and become more available to their users at a moments notice.
Many companies from Facebook to Google and mobile app developers use public clouds to effectively manage the flow of user data. With more users signing up for these services, companies have been pooling more of their resources into public clouds as of late. Analysts are projecting massive growth in worldwide public cloud spending as is evident by the below forecast:
| Table 1. Worldwide Public Cloud Spending Forecast (Millions of Dollars) | ||||||
| Type of Public Cloud | 2016 | 2017 | 2018 | 2019 | 2020 | 5-year Growth Trend % |
| Cloud Business Process Services (BPaaS) | 40,812 | 43,772 | 47,556 | 51,652 | 56,176 | 37.65% |
| Cloud Application Infrastructure Services (PaaS) | 7,169 | 8,851 | 10,616 | 12,580 | 14,798 | 106.42% |
| Cloud Application Services (SaaS) | 38,567 | 46,331 | 55,143 | 64,870 | 75,734 | 96.37% |
| Cloud Management and Security Services | 7,150 | 8,768 | 10,427 | 12,159 | 14,004 | 95.86% |
| Cloud System Infrastructure Services (IaaS) | 25,290 | 34,603 | 45,559 | 57,897 | 71,552 | 182.93% |
| Cloud Advertising | 90,257 | 104,516 | 118,520 | 133,566 | 151,091 | 67.40% |
| Total Market | 209,245 | 246,841 | 287,821 | 332,724 | 383,355 | 83.21% |
Source: Gartner (February 2017)
Hybrid Cloud
Hybrid cloud deployment models are a collaboration of private and public cloud models in a single environment. Hybrid clouds are comprised of parallel environments where applications can easily move between private and public clouds. Hybrid clouds are bound together by proprietary technology that enables data and application portability. Hybrid clouds offers more IT teams more flexibility, portability, and scalability than other deployment models which is the main reason why 58% of global enterprises have integrated a hybrid cloud architecture in their IT infrastructure. Companies that are constantly transitioning between managing public cloud projects and building applications of a sensitive nature on their private cloud is likely to seek out a hybrid cloud solution.
Service Models
The many paradigms of cloud computing can be broken down into three unique service model classifications: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). NIST defines each of these three service models in a highly technical sense that we will deconstruct into layman’s terms for you to easily digest in the below subheadings.
Software As A Service (SaaS)
NIST defines SaaS as a service model where a consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. SaaS applications offer extensive configuration options and development environments that enable customers to code their own modifications and additions. Users access the service via a web browser or app buying the service on a per-seat or per-user basis. The beauty of SaaS is in its simplicity as local installation of SaaS software is unnecessary. It is for this reason that most consumers gravitate towards using this service model over other service models.
Platform As A Service (PaaS)
NIST defines PaaS as a service model that allows consumers to deploy onto the consumer-created cloud infrastructure or acquired applications created using shared programming tools, processes, and APIs to accelerate the development, test, and deployment of applications. This service model provides users with application platforms and databases that is similar in function to middleware services. PaaS can automatically configure infrastructure resources across consumer-created environments, making them a platform for hybrid cloud. Due to its complexity and need for consumers to be technically proficient in software development technologies, such as Ruby on Rails, .NET, Python, or Java, it is the smallest part of the Cloud Computing market to date. Once the consumers final code is complete, the cloud service provider will begin to host the application, thus making it available to other internet users.
Infrastructure As A Service (IaaS)
NIST tells us that IaaS gives the consumer [the ability to] provision processing, storage, networks, and other fundamental computing resources where the consumer deploys and runs arbitrary software which can include operating systems and applications. IaaS provides consumers with rented physical or virtual servers and networking along with storage in a cloud environment on a pay per usage basis. In essence, IaaS is the most basic service model tech companies use to access raw computing power without the responsibilities of installation or maintenance.
Closing Thoughts
Competition is fierce when it comes to high-performance computing. IT professionals are always on the prowl for the next best solution to keep their data secure and elastic and limit the amount of manual data provisioning that is needed to complete projects in a timely manner. Analysts found that 77% of IT professionals are planning to deploy to multiple clouds in the next year which could be a signal for what the future holds for companies. The NIST definitions and guidelines give IT professionals an easy reference point to ascertain what cloud computing solution is best suited for their organization.
To learn about what NIST compliant cloud computing solution is best for your organization, contact RSI Security, your go to experts for cybersecurity solutions.
Download Our Comprehensive Guide to NIST Implementation
 |
