NIST puts a sharper point on cloud computing

National Institute of Standards & Technology issues 10 key recommendations for successful cloud initiatives.
Written by Joe McKendrick, Contributing Writer

The National Institute of Standards and Technology's (NIST) definition of cloud computing is considered by many to be the final word on cloud.

Building Metropolitan Museum of Art 2 NY photo by Joe McKendrick
Photo: Joe McKendrick

The definition embraced by so many reads as follows:

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Now, the agency has published the final version of the US Government Cloud Computing Technology Roadmap, which describes the thinking that should go into designing and managing clouds within the US government and beyond. The guidelines may help guide commercial organzations' efforts as well.

Here are the requirements that need to be part of a cloud computing initiative, outlined by NIST:

Requirement 1: Interoperability, performance, portability, and security standards: "Standards-based products, processes, and services are essential for agencies to ensure that: a) public investments do not become prematurely technologically obsolete, b) agencies are able to easily change cloud service providers to flexibly and cost-effectively support their mission, c) agencies can economically acquire commercial and develop private clouds using standards-based products, processes, and services, and d) the US government supports a level economic playing field for service providers."

Requirement 2: Solutions for high-priority security requirements, technically de-coupled from organizational policy decisions (security standards and technology): "Traditionally, IT security has relied on logical and physical system boundaries. The inherent characteristics of cloud computing make these boundaries more complex and render traditional security mechanisms less effective. Mechanisms must be developed to allow differing policies to co-exist and be implemented with a high degree of confidence, irrespective of geographical location and sovereignty."

Requirement 3: Technical specifications to enable development of consistent, high-quality Service-Level Agreements (interoperability, performance, portability, and security standards and guidance):  Negotiated service contracts "must be met to: a) ensure that key cloud service elements (warranties, guarantees, reliability and performance) are defined and enforceable, b) develop common SLA terms and definitions and avoid misunderstandings between parties, and c) create an environment which allows consumers to objectively compare services."

Requirement 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology): "This requirement must be met to ensure that: a) customers will understand the intricacies of different types of cloud services and will be better able to select cloud services suitable to meet their business objectives, b) customers will be able to objectively evaluate, compare, and select between products from cloud vendors, and c) providers will have clear guidance where interoperability and portability must exist within similar categories of cloud services."

Requirement 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology): "There is a need to clearly define and implement mechanisms to support the governance and processes which enable federation and interoperability between different cloud service provider environments to form a general or mission-specific federated community cloud."

Requirement 6: Updated organization policy that reflects the cloud computing business and technology model (security guidance): "In the absence of defined policy, organizations seek to informally achieve policy objectives through technical standard and product definitions. A possible end result is one where service providers are driven to artificially differentiate technological products and standards, resulting in technology stagnation as opposed to innovation."

Requirement 7: Defined unique government regulatory requirements and solutions (accessibility, interoperability, performance, portability, and security technology): "Government agencies must ensure that cloud services and products meet these policy and compliance requirements as well satisfy mission functionality requirements. Failure to recognize and address government constraints may slow the adoption of cloud services."

Requirement 8: Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology): "Development of a demonstrable and practical technology knowledge base focused on state-of-the-art, nation-size clouds which are scalable and capable, and development of accessible standards and technologies, is needed to solve nation-scale challenges. A focused set of cloud services and research would more rapidly lead to world-class cloud advancements to support critical national priorities and citizen services."

Requirement 9: Defined and implemented reliability design goals (interoperability, performance, portability, and security technology): "As agencies increase their use of cloud computing to provide essential public services, it is essential that industry be able to ensure that design flaws do not result in catastrophic failures or significant outages over large regions or for extended periods of time."

Requirement 10: Defined and implemented cloud service metrics (interoperability, performance, and portability standards): "In cloud computing service delivery, which uses a utility model, IT resources are supplied as abstracted services, often characterized as Infrastructure as a Service or Platform as a Service.  Service consumers pay for a quantity and a quality of the service, which is metered by a cloud computing system. Consumers need to be able to precisely specify and receive services."

In this two-volume set, the first part describes the roadmap’s purpose and scope. The draft focused on three priorities: security, interoperability (the ability for systems to work together) and portability (enabling data to be moved from one cloud system to another). The final version adds two priorities: performance and accessibility.

The second volume outlines a conceptual model, the NIST Cloud Computing Reference Architecture and Taxonomy, and presents use cases.

Editorial standards